Mercurial > p > roundup > code
view doc/debugging.txt @ 4880:ca692423e401
Different approach to fix XSS in issue2550817
Encapsulate the error/ok message append method as add_ok_message and
add_error_message. The new approach escapes the messages when appending
-- at a point in the code where we still know where the message comes
from. Escaping is the default but can bei turned off. This also fixes
issue2550836 where certain messages may contain links.
Another advantage of the new fix is that users don't need to change
installed trackers and are secure by default.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 31 Mar 2014 18:19:23 +0200 |
| parents | b6f1aaba4827 |
| children | a635a60ffb84 |
line wrap: on
line source
Debugging Aids -------------- Try turning on logging of DEBUG level messages. This may be done a number of ways, depending on what it is you're testing: 1. If you're testing the database unit tests, then set the environment variable ``LOGGING_LEVEL=DEBUG``. This may be done like so: LOGGING_LEVEL=DEBUG python run_tests.py This variable replaces the older HYPERDBDEBUG environment var. 2. If you're testing a particular tracker, then set the logging level in your tracker's ``config.ini``. SENDMAILDEBUG ============= Set to a filename and roundup will write each email message that it sends to that file instead to the internet. This environment variable is independent of the python -O flag.