![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fce71c7)
raw | patch | inline | side by side (parent: fce71c7)
| author | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Sat, 20 Mar 2010 04:29:45 +0000 (04:29 +0000) | ||
| committer | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Sat, 20 Mar 2010 04:29:45 +0000 (04:29 +0000) |
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4473 57a73879-2fb5-44c3-a270-3262357dd7e2
| CHANGES.txt | patch | blob | history | |
| roundup/cgi/client.py | patch | blob | history |
diff --git a/CHANGES.txt b/CHANGES.txt
index 335d6898209bdc14426105af86c169f3b1b7cf56..2bf2c33dfaba774d85251f9c708ad995ffe0b2f8 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
This file contains the changes to the Roundup system over time. The entries
are given with the most recent entry first.
+2010-??0?? 1.5.1
+
+Fixed:
+- Handle multiple @action values from broken trackers.
+
+
2010-02-23 1.5.0
Fixed:
diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 793a0d8472b32b4f183910948e953e83e2c005a4..13e0bfdaa2ebc3a5e79abfe95999dc7f801b2f30 100644 (file)
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
"""
# allow Anonymous to use the "login" and "register" actions (noting
# that "register" has its own "Register" permission check)
+
if ':action' in self.form:
- action = self.form[':action'].value.lower()
+ action = self.form[':action']
elif '@action' in self.form:
- action = self.form['@action'].value.lower()
+ action = self.form['@action']
+ else:
+ action = ''
+ if isinstance(action, list):
+ raise SeriousError('broken form: multiple @action values submitted')
else:
- action = None
+ action = action.value.lower()
if action in ('login', 'register'):
return
present their messages to the user.
"""
if ':action' in self.form:
- action = self.form[':action'].value.lower()
+ action = self.form[':action']
elif '@action' in self.form:
- action = self.form['@action'].value.lower()
+ action = self.form['@action']
else:
return None
+ if isinstance(action, list):
+ raise SeriousError('broken form: multiple @action values submitted')
+ else:
+ action = action.value.lower()
+
try:
action_klass = self.get_action_class(action)