# HG changeset patch # User John Rouillard # Date 1737012903 18000 # Node ID 78b1e283afcd8172096c3284074c865233e82830 # Parent 669dfccca89860ec425a3ece589811ef15696df8# Parent f5007c91ba18455af8d5669ea6ef476a5ec08f5c merging fix for missing id's on all inputs diff -r 669dfccca898 -r 78b1e283afcd doc/upgrading.txt --- a/doc/upgrading.txt Thu Jan 16 02:32:58 2025 -0500 +++ b/doc/upgrading.txt Thu Jan 16 02:35:03 2025 -0500 @@ -528,7 +528,7 @@ self.form_wins = True self.add_error_message(' '.join(msg.args)) -This escapes the Referer value an prevents it from being +This escapes the Referer value and prevents it from being executed. .. _CVE-2024-39126: diff -r 669dfccca898 -r 78b1e283afcd roundup/cgi/client.py --- a/roundup/cgi/client.py Thu Jan 16 02:32:58 2025 -0500 +++ b/roundup/cgi/client.py Thu Jan 16 02:35:03 2025 -0500 @@ -1677,8 +1677,8 @@ if 'HTTP_X_REQUESTED_WITH' not in self.env: logger.error(self._( ''"csrf X-REQUESTED-WITH xmlrpc required header " - ''"check failed for user%s."), - current_user) + ''"check failed for user%(userid)s."), + {"userid": current_user}) raise UsageError(self._("Required Header Missing")) # Expire old csrf tokens now so we don't use them. These will @@ -1717,14 +1717,16 @@ if key is None: # we do not have an @csrf token if enforce == 'required': logger.error(self._( - "Required csrf field missing for user%s"), current_user) + "Required csrf field missing for user%(userid)s"), + {"userid": current_user}) raise UsageError(self._( ''"We can't validate your session (csrf failure). " ''"Re-enter any unsaved data and try again.")) if enforce == 'logfailure': # FIXME include url - logger.warning(self._("csrf field not supplied by user%s"), - current_user) + logger.warning(self._( + "csrf field not supplied by user%(userid)s"), + {"userid": current_user}) else: # enforce is either yes or no. Both permit change if token is # missing diff -r 669dfccca898 -r 78b1e283afcd website/README.txt --- a/website/README.txt Thu Jan 16 02:32:58 2025 -0500 +++ b/website/README.txt Thu Jan 16 02:35:03 2025 -0500 @@ -57,6 +57,17 @@ updating www.roundup-tracker.org --------------------------------- +Note that sourceforge still only has python2 available on it's +systems. Doc updates probably need to be done by building on local +machine using modern Sphinx (7.x or greater) and the generated files +pushed to the website. + +Also the files htdocs/ahref* and htdocs/google* have to be copied from +the current production tree to the new directory so we keep some level +of analytics. + +----- + Site update requires rebuilding HTML files. For that `sphinx` is required/ Hopefully, it is already installed into virtualenv, so diff -r 669dfccca898 -r 78b1e283afcd website/www/Makefile --- a/website/www/Makefile Thu Jan 16 02:32:58 2025 -0500 +++ b/website/www/Makefile Thu Jan 16 02:35:03 2025 -0500 @@ -13,7 +13,8 @@ # fix that in postprocess # also sed index.html to properly format meta og:... entries. html: doc_links ## make standalone HTML files - rm -rf html + if [ -z "${KEEP_HTML}" ]; then rm -rf html; fi + rm -f html/robots.txt # otherwise sphinx errors mkdir -p $(TMP)/doctrees $(HTML) sphinx-build -n -W -b html -d $(TMP)/doctrees . $(HTML) # install searchtools.js into search page. @@ -23,7 +24,7 @@ sed -i -e '/