Mercurial > p > roundup > code

view website/issues/html/_generic.calendar.html @ 6375:c4371ec7d1c0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Call verifyPassword even if user does not exist. Address timing attack caused by not doing the password check if the user doesn't exist. Can expose valid usernames. Really only useful for a tracker that doesn't allow anonymous access to issues. Issues usually show usernames as part of the message display.
author John Rouillard <rouilj@ieee.org>
date Tue, 06 Apr 2021 22:51:55 -0400
parents 7146b68ac263
children 28aa76443f58
line wrap: on
line source

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
 <head>
  <link rel="stylesheet" type="text/css" href="@@file/style.css" />
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8;" />
  <meta name="robots" content="noindex, nofollow" />
  <title tal:content="string:Roundup Calendar"></title>
  <script language="Javascript"
          type="text/javascript"
	  tal:attributes="nonce request/client/client_nonce"
          tal:content="structure string:
          // this is the name of the field in the original form that we're working on
          form  = window.opener.document.${request/form/form/value};
          field = '${request/form/property/value}';" >
  </script>
 </head>
 <body class="body"
       tal:content="structure python:utils.html_calendar(request)">
 </body>
</html>
Roundup Issue Tracker: http://roundup-tracker.org/