Roundup Tracker - Issues

Message6655

Author rouilj
Recipients matt109, rouilj, tekberg
Date 2019-09-20.22:27:16
Message-id <20190920222712.8D1034C0739@itserver6.cs.umb.edu>
In-reply-to <1568970663.14.0.808392598651.issue2551060@roundup.psfhosted.org> 
Hi Matt:

In message <1568970663.14.0.808392598651.issue2551060@roundup.psfhosted.org>,
Matt writes:
>It was when I did the diff between my HTML and the 1.6.1 HTML that i
>noticed the missing csrf fields in my HTML and presumed they needed
>adding...

There are places where you do need the @csrf token in your templates.
E.G. the original classic templates had forms that did actions where
the default submit button was not suitable (e.g. removing messages
from an issue).

>If the new CSRF fields in the 1.6.1 HTML were added in error, and
>have been removed with that checkin (sorry I couldn't workout how to
>view checkins)

Wow this is not as easy as I expected. To see checkins you can go to:
https://sourceforge.net/p/roundup/code/ (linked from the roundup
website at: http://roundup-tracker.org/code.html)

Click on the code tab and that will take you to something like:

    https://sourceforge.net/p/roundup/code/ci/08b241c9fea4e9a349bb80c6964da5c15dfcafb9/

To see checkin  4d32fa88c5d2 edit the URL so it looks like

 https://sourceforge.net/p/roundup/code/ci/4d32fa88c5d2/

and load that url. Yeah I am amazed at how difficult this is.

>I will now remove these hidden CSRF fileds I added in error.

I would suggest you don't do that. If you merged the changes in from
the classic tracker templates, I claim that they are needed. I would
use your tracker with the additional @csrf elements. If you see the
dreaded:

  File "/home/roundup/lib/python2.6/site-packages/roundup/cgi/client.py",
  line 1154, in handle_csrf
  key=self.form['@csrf'].value
  AttributeError: 'list' object has no attribute 'value'

issue in your logs, look for the @csrf hidden input along with /submit
in the same form. If you find that then remove the @csrf input.

It looks like there were 9 @csrf fields added to the classic
templates in revision c8bf4e9912ed

    https://sourceforge.net/p/roundup/code/ci/c8bf4e9912ed/

It's a little difficult to advise you on this as I don't know if you
have added extra forms to the default templates.

>Thanks for all your help and advise.  And I would like to say we have
>been using Roundup Issue tracker since 2009, it is a great bit of
>software and I would like to say a big thanks for all the effort you
>and your team put into developing it. Thank you.

I am glad you have found it useful. A lot of people have made roundup
what it is including Richard, the original author.

Have a great weekend.
History
Date User Action Args
2019-09-20 22:27:16rouiljsetrecipients: + rouilj, tekberg, matt109
2019-09-20 22:27:16rouiljlinkissue2551060 messages
2019-09-20 22:27:16rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020