Ticket #3229 (closed defect: fixed)

Opened 3 months ago

Last modified 2 months ago

Cannot create posts without BLOG_ADMIN permission

Reported by: inki Assigned to: osimons
Priority: high Component: FullBlogPlugin
Severity: critical Keywords:
Cc: athomas Trac Release: 0.11

Description

If a user has all BLOG_* permissions except BLOG_ADMIN, an exception is raised while creating a post: 

  File "/usr/lib/python2.4/site-packages/Trac-0.11dev_r7219-py2.4.egg/trac/web/main.py", line 423, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/lib/python2.4/site-packages/Trac-0.11dev_r7219-py2.4.egg/trac/web/main.py", line 197, in dispatch
    resp = chosen_handler.process_request(req)
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/web_ui.py", line 236, in process_request
    warnings.extend(blog_core.create_post(
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/core.py", line 206, in create_post
    warnings.extend(manipulator.validate_blog_post(
  File "/usr/lib/python2.4/site-packages/TracFullBlogPlugin-0.1-py2.4.egg/tracfullblog/spamfilter.py", line 41, in validate_blog_post
    changes = [(to_unicode(last_post_fields.get(k, '')),
NameError: global name 'k' is not defined

Severity is set to critical / priority to high since normal operation is impossible.

Attachments

Change History

06/22/08 14:52:46 changed by osimons

  • cc set to athomas.

Oh. That code does not look right. I made the spamfilter plugin for the future usage of the blog plugin here at Trac-Hacks, but don't actually use it myself so I can't test it.

Anyway, it does look wrong. Not quite knowing what the spamfilter expects, I would anyway hope this patch makes it work better for you: 

Index: 0.11/tracfullblog/spamfilter.py
===================================================================
--- 0.11/tracfullblog/spamfilter.py	(revision 3882)
+++ 0.11/tracfullblog/spamfilter.py	(working copy)
@@ -38,8 +38,8 @@
             last_post_fields = {}
 
         field_names = set(fields).union(last_post_fields)
-        changes = [(to_unicode(last_post_fields.get(k, '')),
-                    to_unicode(fields.get(k, '')))]
+        changes = [(to_unicode(last_post_fields.get(f, '')),
+                    to_unicode(fields.get(f, ''))) for f in field_names]
         author = fields.get('author', '')
         FilterSystem(self.env).test(req, author, changes)
         return []

Could you apply the changes and report back?

06/23/08 11:44:45 changed by osimons

I suppose the spamfilter plugin should only receive actual changes between versions (again, I've never used it). Same code with 'if' test and somewhat easier to read source: 

Index: 0.11/tracfullblog/spamfilter.py
===================================================================
--- 0.11/tracfullblog/spamfilter.py	(revision 3887)
+++ 0.11/tracfullblog/spamfilter.py	(working copy)
@@ -38,8 +38,12 @@
             last_post_fields = {}
 
         field_names = set(fields).union(last_post_fields)
-        changes = [(to_unicode(last_post_fields.get(k, '')),
-                    to_unicode(fields.get(k, '')))]
+        changes = []
+        for field in field_names:
+            old = to_unicode(last_post_fields.get(field, ''))
+            new = to_unicode(fields.get(field, ''))
+            if old != new:
+                changes.append((old, new))
         author = fields.get('author', '')
         FilterSystem(self.env).test(req, author, changes)
         return []

Does it work better?

06/23/08 12:38:11 changed by athomas

This isn't necessary AFAIK.

06/26/08 12:45:21 changed by osimons

  • status changed from new to closed.
  • resolution set to fixed.

I got no feedback on this so I went ahead and committed this last change anyway ([3907]). It is still untested, but can't possibly be more wrong than the code it replaces.

Please reopen if the problem persists.

Add/Change #3229 (Cannot create posts without BLOG_ADMIN permission)




Change Properties
Action