Mercurial > p > roundup > code

view website/www/_templates/layout.html @ 5257:928512faf565

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- issue2550864: Potential information leakage via journal/history Original code didn't fully implement the security checks. Users with only Edit access on a property were not able to view the journal entry for the property. This patch fixes that. Also had additional info leakage: the target object of a link or multilink must be viewable or editable in order for the journal entry to be shown. Otherwise the existance of the target is exposed via the journal while it is blocked from searches, direct access etc.
author John Rouillard <rouilj@ieee.org>
date Sun, 27 Aug 2017 00:19:48 -0400
parents c84dbc205b57
children c2fd254c9257
line wrap: on
line source

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    {{ metatags }}
    {%- if builder != 'htmlhelp' %}
      {%- set titlesuffix = docstitle|e %}
      {%- set titlesuffix = " - " + titlesuffix %}
    {%- endif %}
    <title>{{ title|striptags }}{{ titlesuffix }}</title>
    {%- if builder == 'web' %}
    <link rel="stylesheet" href="{{ pathto('index') }}?do=stylesheet{%
      if in_admin_panel %}&admin=yes{% endif %}" type="text/css" />
    {%- for link, type, title in page_links %}
    <link rel="alternate" type="{{ type|e(true) }}" title="{{ title|e(true) }}" href="{{ link|e(true) }}" />
    {%- endfor %}
    {%- else %}
    <link rel="stylesheet" href="{{ pathto('_static/style.css', 1) }}" type="text/css" />
    <link rel="stylesheet" href="{{ pathto('_static/pygments.css', 1) }}" type="text/css" />

    {%- endif %}
    {%- if builder != 'htmlhelp' %}
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
          URL_ROOT:    '{{ pathto("", 1) }}',
          VERSION:     '{{ release|e }}',
          COLLAPSE_MODINDEX: false,
          FILE_SUFFIX: '{{ file_suffix }}'
      };
    </script>
    {%- for scriptfile in script_files %}
    <script type="text/javascript" src="{{ pathto(scriptfile, 1) }}"></script>
    {%- endfor %}
    {%- if use_opensearch %}
    <link rel="search" type="application/opensearchdescription+xml"
          title="{% trans docstitle=docstitle|e %}Search within {{ docstitle }}{% endtrans %}"
          href="{{ pathto('_static/opensearch.xml', 1) }}"/>
    {%- endif %}
    {%- if favicon %}
    <link rel="shortcut icon" href="{{ pathto('_static/' + favicon, 1) }}"/>
    {%- endif %}
    {%- endif %}
{%- block linktags %}
    {%- if hasdoc('about') %}
    <link rel="author" title="{{ _('About these documents') }}" href="{{ pathto('about') }}" />
    {%- endif %}
    <link rel="index" title="{{ _('Index') }}" href="{{ pathto('genindex') }}" />
    <link rel="search" title="{{ _('Search') }}" href="{{ pathto('search') }}" />
    {%- if hasdoc('copyright') %}
    <link rel="copyright" title="{{ _('Copyright') }}" href="{{ pathto('copyright') }}" />
    {%- endif %}
    <link rel="top" title="{{ docstitle|e }}" href="{{ pathto('index') }}" />
    {%- if parents %}
    <link rel="up" title="{{ parents[-1].title|striptags }}" href="{{ parents[-1].link|e }}" />
    {%- endif %}
    {%- if next %}
    <link rel="next" title="{{ next.title|striptags }}" href="{{ next.link|e }}" />
    {%- endif %}
    {%- if prev %}
    <link rel="prev" title="{{ prev.title|striptags }}" href="{{ prev.link|e }}" />
    {%- endif %}
{%- endblock %}
{%- block extrahead %} {% endblock %}
  </head>
  <body>
    <div class="header"><h1>Roundup</h1>
      {%- if pagename != "search" %}
        <div id="searchbox" style="display: none">
          <form class="search" action="{{ pathto('search') }}" method="get">
            <input type="text" name="q" size="18" />
            <input type="submit" value="{{ _('Search') }}" />
            <input type="hidden" name="check_keywords" value="yes" />
            <input type="hidden" name="area" value="default" />
          </form>
        </div>
        <script type="text/javascript">$('#searchbox').show(0);</script>
      {%- endif %}
    </div>
    <div class="navigation">
      <div class="menu">
       {{ toctree() }}
      </div>
      <script type="text/javascript" src="http://www.ohloh.net/p/488/widgets/project_users_logo.js"></script>
    </div>
    <div class="content">
       {% block body %} {% endblock %}
    </div>
{%- block footer %}
    <div class="footer">
      <div>
      {%- if show_source and has_source and sourcename %}
        <span class="source">[<a href="{{ pathto('_sources/' + sourcename, true)|e }}" rel="nofollow">{{ _('page source') }}</a>]</span>
      {%- endif %}
      {%- if hasdoc('copyright') %}
        {% trans path=pathto('copyright'), copyright=copyright|e %}&copy; <a href="{{ path }}">Copyright</a> {{ copyright }}.{% endtrans %}
      {%- else %}
        {% trans copyright=copyright|e %}&copy; Copyright {{ copyright }}.{% endtrans %}
      {%- endif %}
      </div>
      <div>
      {%- if last_updated %}
        {% trans last_updated=last_updated|e %}Last updated on {{ last_updated }}.{% endtrans %}
      {%- endif %}
      <span>Hosted by <a href="http://sourceforge.net"><img src="http://sflogo.sourceforge.net/sflogo.php?group_id=31577&amp;type=1" width="88" height="31" border="0" alt="SourceForge.net Logo" /></a></span>
      </div>
    </div>
{%- endblock %}
  </body>
</html>
Roundup Issue Tracker: http://roundup-tracker.org/