Roundup Tracker - Issues

Message4975

Author schlatterbeck
Recipients ber, iwontbecreative, schlatterbeck
Date 2013-12-20.17:31:26
Message-id <1387560687.6.0.170555643463.issue2550817@psf.upfronthosting.co.za>
In-reply-to 
Fixed in commit 24b8011cd2dc.

Note that the bug with sort/group parameters is not in roundup core
currently, that took me a while to find what you mean (roundup currently
doesn't issue an error message when you specify non-existing properties
in sort/group).
But having a 'structure' tag -- which indicates that the template will
not escape the text -- is asking for trouble. So I've reworked that part
and *all* messages (error and ok) are now escaped.

This *needs* a change to the template. So if you apply only the patch to
roundup core you're *more vulnerable than before*. Be sure to apply the
patch to the template, see doc/upgrading.txt.

I've already committed the necessary changes to roundups roundup tracker.
History
Date User Action Args
2013-12-20 17:31:27schlatterbecksetmessageid: <1387560687.6.0.170555643463.issue2550817@psf.upfronthosting.co.za>
2013-12-20 17:31:27schlatterbecksetrecipients: + schlatterbeck, ber, iwontbecreative
2013-12-20 17:31:27schlatterbecklinkissue2550817 messages
2013-12-20 17:31:26schlatterbeckcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020