Modify

Opened 6 years ago

Closed 6 years ago

Last modified 3 years ago

#3229 closed defect (fixed)

Cannot create posts without BLOG_ADMIN permission

Reported by: inki Owned by: osimons
Priority: high Component: FullBlogPlugin
Severity: critical Keywords:
Cc: athomas Trac Release: 0.11

Description

If a user has all BLOG_* permissions except BLOG_ADMIN, an exception is raised while creating a post:

  File "/usr/lib/python2.4/site-packages/Trac-0.11dev_r7219-py2.4.egg/trac/web/main.py", line 423, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/lib/python2.4/site-packages/Trac-0.11dev_r7219-py2.4.egg/trac/web/main.py", line 197, in dispatch
    resp = chosen_handler.process_request(req)
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/web_ui.py", line 236, in process_request
    warnings.extend(blog_core.create_post(
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/core.py", line 206, in create_post
    warnings.extend(manipulator.validate_blog_post(
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/spamfilter.py", line 41, in validate_blog_post
    changes = [(to_unicode(last_post_fields.get(k, '')),
NameError: global name 'k' is not defined

Severity is set to critical / priority to high since normal operation is impossible.

Attachments (0)

Change History (4)

comment:1 Changed 6 years ago by osimons

  • Cc athomas added; anonymous removed

Oh. That code does not look right. I made the spamfilter plugin for the future usage of the blog plugin here at Trac-Hacks, but don't actually use it myself so I can't test it.

Anyway, it does look wrong. Not quite knowing what the spamfilter expects, I would anyway hope this patch makes it work better for you:

  • 0.11/tracfullblog/spamfilter.py

     
    3838            last_post_fields = {}
    3939
    4040        field_names = set(fields).union(last_post_fields)
    41         changes = [(to_unicode(last_post_fields.get(k, '')),
    42                     to_unicode(fields.get(k, '')))]
     41        changes = [(to_unicode(last_post_fields.get(f, '')),
     42                    to_unicode(fields.get(f, ''))) for f in field_names]
    4343        author = fields.get('author', '')
    4444        FilterSystem(self.env).test(req, author, changes)
    4545        return []

Could you apply the changes and report back?

comment:2 Changed 6 years ago by osimons

I suppose the spamfilter plugin should only receive actual changes between versions (again, I've never used it). Same code with 'if' test and somewhat easier to read source:

  • 0.11/tracfullblog/spamfilter.py

     
    3838            last_post_fields = {}
    3939
    4040        field_names = set(fields).union(last_post_fields)
    41         changes = [(to_unicode(last_post_fields.get(k, '')),
    42                     to_unicode(fields.get(k, '')))]
     41        changes = []
     42        for field in field_names:
     43            old = to_unicode(last_post_fields.get(field, ''))
     44            new = to_unicode(fields.get(field, ''))
     45            if old != new:
     46                changes.append((old, new))
    4347        author = fields.get('author', '')
    4448        FilterSystem(self.env).test(req, author, changes)
    4549        return []

Does it work better?

comment:3 Changed 6 years ago by athomas

This isn't necessary AFAIK.

comment:4 Changed 6 years ago by osimons

  • Resolution set to fixed
  • Status changed from new to closed

I got no feedback on this so I went ahead and committed this last change anyway ([3907]). It is still untested, but can't possibly be more wrong than the code it replaces.

Please reopen if the problem persists.

Add Comment

Modify Ticket

Action
as closed The owner will remain osimons.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.