Modify

Opened 6 years ago

Closed 6 years ago

Last modified 3 years ago

#3229 closed defect (fixed)

Cannot create posts without BLOG_ADMIN permission

Reported by: inki Owned by: osimons
Priority: high Component: FullBlogPlugin
Severity: critical Keywords:
Cc: athomas Trac Release: 0.11

Description

If a user has all BLOG_* permissions except BLOG_ADMIN, an exception is raised while creating a post:

  File "/usr/lib/python2.4/site-packages/Trac-0.11dev_r7219-py2.4.egg/trac/web/main.py", line 423, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/lib/python2.4/site-packages/Trac-0.11dev_r7219-py2.4.egg/trac/web/main.py", line 197, in dispatch
    resp = chosen_handler.process_request(req)
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/web_ui.py", line 236, in process_request
    warnings.extend(blog_core.create_post(
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/core.py", line 206, in create_post
    warnings.extend(manipulator.validate_blog_post(
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/spamfilter.py", line 41, in validate_blog_post
    changes = [(to_unicode(last_post_fields.get(k, '')),
NameError: global name 'k' is not defined

Severity is set to critical / priority to high since normal operation is impossible.

Attachments (0)

Change History (4)

comment:1 Changed 6 years ago by osimons

  • Cc athomas added

Oh. That code does not look right. I made the spamfilter plugin for the future usage of the blog plugin here at Trac-Hacks, but don't actually use it myself so I can't test it.

Anyway, it does look wrong. Not quite knowing what the spamfilter expects, I would anyway hope this patch makes it work better for you:

  • 0.11/tracfullblog/spamfilter.py

     
    3838            last_post_fields = {} 
    3939 
    4040        field_names = set(fields).union(last_post_fields) 
    41         changes = [(to_unicode(last_post_fields.get(k, '')), 
    42                     to_unicode(fields.get(k, '')))] 
     41        changes = [(to_unicode(last_post_fields.get(f, '')), 
     42                    to_unicode(fields.get(f, ''))) for f in field_names] 
    4343        author = fields.get('author', '') 
    4444        FilterSystem(self.env).test(req, author, changes) 
    4545        return [] 

Could you apply the changes and report back?

comment:2 Changed 6 years ago by osimons

I suppose the spamfilter plugin should only receive actual changes between versions (again, I've never used it). Same code with 'if' test and somewhat easier to read source:

  • 0.11/tracfullblog/spamfilter.py

     
    3838            last_post_fields = {} 
    3939 
    4040        field_names = set(fields).union(last_post_fields) 
    41         changes = [(to_unicode(last_post_fields.get(k, '')), 
    42                     to_unicode(fields.get(k, '')))] 
     41        changes = [] 
     42        for field in field_names: 
     43            old = to_unicode(last_post_fields.get(field, '')) 
     44            new = to_unicode(fields.get(field, '')) 
     45            if old != new: 
     46                changes.append((old, new)) 
    4347        author = fields.get('author', '') 
    4448        FilterSystem(self.env).test(req, author, changes) 
    4549        return [] 

Does it work better?

comment:3 Changed 6 years ago by athomas

This isn't necessary AFAIK.

comment:4 Changed 6 years ago by osimons

  • Resolution set to fixed
  • Status changed from new to closed

I got no feedback on this so I went ahead and committed this last change anyway ([3907]). It is still untested, but can't possibly be more wrong than the code it replaces.

Please reopen if the problem persists.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.