Modify

Opened 5 months ago

Closed 5 months ago

Last modified 4 months ago

#11827 closed task (fixed)

License

Reported by: rjollos Owned by: glen
Priority: normal Component: VcsReleaseInfoMacro
Severity: normal Keywords: license
Cc: hasienda, jun66j5 Trac Release:

Description

I noticed that your macro doesn't have a license. It would be simple to add a license header:

# -*- coding: utf-8 -*-
#
# Copyright (C) 2010-2014 "author name" <author-email>
# All rights reserved.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution.
#

If you choose to use the same license as Trac, you can copy a file with the text of the 3-Clause BSD license from: tracjenkinsplugin/trunk/COPYING@13976.

You can also add metadata to the single-file plugin, using the keywords: t:browser:/trunk/trac/loader.py@12785:157-158#L153. An example use can be seen in browser:/lastmodifiedmacro/trunk/LastModified.py@13555:18-24.

Attachments (2)

latin1.png (35.8 KB) - added by glen 5 months ago.
this is how it looks
utf8.png (11.5 KB) - added by glen 5 months ago.
this is how it should look

Download all attachments as: .zip

Change History (16)

comment:1 Changed 5 months ago by rjollos

  • Cc hasienda added
  • Keywords license added

comment:2 Changed 5 months ago by glen

  • Resolution set to fixed
  • Status changed from new to closed

In 13980:

Added 3-Clause BSD license. Fixes #11827

comment:3 Changed 5 months ago by rjollos

In 13981:

Corrected author in COPYING file. Refs #11827.

comment:4 Changed 5 months ago by rjollos

In 13982:

Correct copyright year in COPYING file. Refs #11827.

comment:5 Changed 5 months ago by rjollos

Thanks for the quick fix. Sorry about having two follow-on changes. I only noticed the second issue after committing the first change.

comment:6 follow-up: Changed 5 months ago by glen

Thanks for reviewing it, i didn't even think COPYING has any names in it. i.e i thought it's generic as GPL licenses are.

also, the trac ui seems to render utf8 wrong, any chance to make this trac default encoding to be utf8 instead of latin1 so these render correctly?

comment:7 in reply to: ↑ 6 Changed 5 months ago by rjollos

Replying to glen:

also, the trac ui seems to render utf8 wrong, any chance to make this trac default encoding to be utf8 instead of latin1 so these render correctly?

The encoding issues can be tricky. Could you describe in more detail the issue you are experiencing?

Changed 5 months ago by glen

this is how it looks

Changed 5 months ago by glen

this is how it should look

comment:8 Changed 5 months ago by glen

added screenshots. the bad encoding can be seen any commits in this ticket that has my name in the text.

as i understood you only need to change conf/trac.ini:

[trac] 
default_charset = utf-8 

however trac http header already is Content-Type: text/html;charset=utf-8 so not really sure where it goes wrong.

as for accessing svn directly http://trac-hacks.org/svn/vcsreleaseinfomacro/COPYING, then that has no charset specified: Content-Type: text/plain. i propose you to change that with AddDefaultCharset directive in your <Location /svn/>

comment:9 follow-up: Changed 4 months ago by rjollos

  • Cc jun66j5 added

Okay, I had misunderstood the earlier comment. I didn't realize you were commenting on the site rather than a plugin development issue.

I set [trac] default_charset = utf-8, which seems to have fixed vcsreleaseinfomacro/COPYING.

Adding AddDefaultCharset utf-8 to the <Location /svn/> section seems to have fixed the rendering when accessing svn/vcsreleaseinfomacro/COPYING.

Thanks for the tips!

Last edited 4 months ago by rjollos (previous) (diff)

comment:10 Changed 4 months ago by rjollos

It looks like t.e.o has the same content-type issue with files served from SVN over HTTPS. For example, see wikisyntax.py. However I wonder if it's really worth suggesting any server configuration change since it's unlikely many people will be looking at the source code served directly from SVN.

comment:11 in reply to: ↑ 9 Changed 4 months ago by jun66j5

Replying to rjollos:

Adding AddDefaultCharset utf-8 to the <Location /svn/> section seems to have fixed the rendering when accessing svn/vcsreleaseinfomacro/COPYING.

Sounds good for trac-hacks and t.e.o..

However, I think another issue in Content-Type in trac-hacks.

All committers can add any contents and set any Content-Type to the files via svn:mime-type in repository of trac-hacks. Any one can register to trac-hacks. Therefore, a attacker can add html files with attack javascript vectors in the same origin of trac-hacks.org.

Workaround is adding Content-Disposition: attachment header for force a file to download if GET request for a file.

Header set Content-Disposition attachment env=x-disposition-attachment
RewriteEngine On
RewriteCond %{REQUEST_METHOD} =GET
RewriteCond %{REQUEST_URI} !/$
RewriteRule ^/svn/ - [E=x-disposition-attachment]
Last edited 4 months ago by rjollos (previous) (diff)

comment:12 Changed 4 months ago by rjollos

I've created tickets in the Edgewall administrative Trac instance so that we can continue discussion: lynx:#11, lynx:#12.

Last edited 4 months ago by rjollos (previous) (diff)

comment:13 follow-up: Changed 4 months ago by glen

Feels awesome that I pointed you accidentally to (possible) security problem(s), which was originally just aesthetic issue :)

ps: the lynx-links don't work:

  Can't view #11. Resource doesn't exist or you don't have the required permission.
Last edited 4 months ago by glen (previous) (diff)

comment:14 in reply to: ↑ 13 Changed 4 months ago by rjollos

Replying to glen:

ps: the lynx-links don't work:

Lynx is not a public site. We keep it private so that we can discuss security and sensitive configuration issues.

Add Comment

Modify Ticket

Action
as closed The owner will remain glen.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.