From: richard Date: Sat, 20 Mar 2010 04:29:45 +0000 (+0000) Subject: Handle multiple @action values from broken trackers X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=a930ce24adb91c2635a8ae3d3afddbffae5a2126;p=roundup.git Handle multiple @action values from broken trackers git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4473 57a73879-2fb5-44c3-a270-3262357dd7e2 --- diff --git a/CHANGES.txt b/CHANGES.txt index 335d689..2bf2c33 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,6 +1,12 @@ This file contains the changes to the Roundup system over time. The entries are given with the most recent entry first. +2010-??0?? 1.5.1 + +Fixed: +- Handle multiple @action values from broken trackers. + + 2010-02-23 1.5.0 Fixed: diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py index 793a0d8..13e0bfd 100644 --- a/roundup/cgi/client.py +++ b/roundup/cgi/client.py @@ -733,12 +733,17 @@ class Client: """ # allow Anonymous to use the "login" and "register" actions (noting # that "register" has its own "Register" permission check) + if ':action' in self.form: - action = self.form[':action'].value.lower() + action = self.form[':action'] elif '@action' in self.form: - action = self.form['@action'].value.lower() + action = self.form['@action'] + else: + action = '' + if isinstance(action, list): + raise SeriousError('broken form: multiple @action values submitted') else: - action = None + action = action.value.lower() if action in ('login', 'register'): return @@ -1115,12 +1120,17 @@ class Client: present their messages to the user. """ if ':action' in self.form: - action = self.form[':action'].value.lower() + action = self.form[':action'] elif '@action' in self.form: - action = self.form['@action'].value.lower() + action = self.form['@action'] else: return None + if isinstance(action, list): + raise SeriousError('broken form: multiple @action values submitted') + else: + action = action.value.lower() + try: action_klass = self.get_action_class(action)