Mercurial > p > roundup > code

view website/issues/extensions/timezone.py @ 6375:c4371ec7d1c0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Call verifyPassword even if user does not exist. Address timing attack caused by not doing the password check if the user doesn't exist. Can expose valid usernames. Really only useful for a tracker that doesn't allow anonymous access to issues. Issues usually show usernames as part of the message display.
author John Rouillard <rouilj@ieee.org>
date Tue, 06 Apr 2021 22:51:55 -0400
parents 7d8e0dbb0852
children
line wrap: on
line source

# Utility for replacing the simple input field for the timezone with
# a select-field that lists the available values.

import cgi

try:
    import pytz
except ImportError:
    pytz = None


def tzfield(prop, name, default):
    if pytz:
        value = prop.plain()        
        if '' == value:
            value = default
        else:
            try:
                value = "Etc/GMT%+d" % int(value)
            except ValueError:
                pass

        l = ['<select name="%s">' % name]
        for zone in pytz.all_timezones:
            s = ' '
            if zone == value:
                s = 'selected=selected '
            z = cgi.escape(zone)
            l.append('<option %svalue="%s">%s</option>' % (s, z, z))
        l.append('</select>')
        return '\n'.join(l)
        
    else:
        return prop.field()

def init(instance):
    instance.registerUtil('tzfield', tzfield)
Roundup Issue Tracker: http://roundup-tracker.org/