Mercurial > p > roundup > code
changeset 8282:78b1e283afcd
merging fix for missing id's on all inputs
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 16 Jan 2025 02:35:03 -0500 |
| parents | 669dfccca898 (current diff) f5007c91ba18 (diff) |
| children | 0d451fd19f1b |
| files | |
| diffstat | 4 files changed, 22 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/upgrading.txt Thu Jan 16 02:32:58 2025 -0500 +++ b/doc/upgrading.txt Thu Jan 16 02:35:03 2025 -0500 @@ -528,7 +528,7 @@ self.form_wins = True self.add_error_message(' '.join(msg.args)) -This escapes the Referer value an prevents it from being +This escapes the Referer value and prevents it from being executed. .. _CVE-2024-39126:
--- a/roundup/cgi/client.py Thu Jan 16 02:32:58 2025 -0500 +++ b/roundup/cgi/client.py Thu Jan 16 02:35:03 2025 -0500 @@ -1677,8 +1677,8 @@ if 'HTTP_X_REQUESTED_WITH' not in self.env: logger.error(self._( ''"csrf X-REQUESTED-WITH xmlrpc required header " - ''"check failed for user%s."), - current_user) + ''"check failed for user%(userid)s."), + {"userid": current_user}) raise UsageError(self._("Required Header Missing")) # Expire old csrf tokens now so we don't use them. These will @@ -1717,14 +1717,16 @@ if key is None: # we do not have an @csrf token if enforce == 'required': logger.error(self._( - "Required csrf field missing for user%s"), current_user) + "Required csrf field missing for user%(userid)s"), + {"userid": current_user}) raise UsageError(self._( ''"We can't validate your session (csrf failure). " ''"Re-enter any unsaved data and try again.")) if enforce == 'logfailure': # FIXME include url - logger.warning(self._("csrf field not supplied by user%s"), - current_user) + logger.warning(self._( + "csrf field not supplied by user%(userid)s"), + {"userid": current_user}) else: # enforce is either yes or no. Both permit change if token is # missing
--- a/website/README.txt Thu Jan 16 02:32:58 2025 -0500 +++ b/website/README.txt Thu Jan 16 02:35:03 2025 -0500 @@ -57,6 +57,17 @@ updating www.roundup-tracker.org --------------------------------- +Note that sourceforge still only has python2 available on it's +systems. Doc updates probably need to be done by building on local +machine using modern Sphinx (7.x or greater) and the generated files +pushed to the website. + +Also the files htdocs/ahref* and htdocs/google* have to be copied from +the current production tree to the new directory so we keep some level +of analytics. + +----- + Site update requires rebuilding HTML files. For that `sphinx` is required/ Hopefully, it is already installed into virtualenv, so
--- a/website/www/Makefile Thu Jan 16 02:32:58 2025 -0500 +++ b/website/www/Makefile Thu Jan 16 02:35:03 2025 -0500 @@ -13,7 +13,8 @@ # fix that in postprocess # also sed index.html to properly format meta og:... entries. html: doc_links ## make standalone HTML files - rm -rf html + if [ -z "${KEEP_HTML}" ]; then rm -rf html; fi + rm -f html/robots.txt # otherwise sphinx errors mkdir -p $(TMP)/doctrees $(HTML) sphinx-build -n -W -b html -d $(TMP)/doctrees . $(HTML) # install searchtools.js into search page. @@ -23,7 +24,7 @@ sed -i -e '/<meta/s/og\\:/og:/' \ -e '/<meta/s/name="og:/property="og:/' html/index.html cp robots.txt html/robots.txt - mkdir html/signatures && cp signatures/*.asc html/signatures + mkdir -p html/signatures && cp signatures/*.asc html/signatures cp --no-clobber -r docs/html_extra/. html/docs/. cp htaccess html/.htaccess @echo; \