Modify

Opened 3 years ago

Closed 3 years ago

#9091 closed defect (fixed)

<b> tags in user registration notification

Reported by: willg@… Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: HTML escape i18n
Cc: Trac Release: 0.11

Description

I'm using Trac 0.11.7 packaged in Debian testing with AccountManagerPlugin from svn r10593.

When a user registers a new account, they're greeted with a notification with this text:

You may login as user <b>USERNAME</b> now.

The <b> </b> tags come from using tag.b in the value of the formatting dict, but that's wrong since the < and > get encoded.

Also, "login" is a noun. You really want to say "log in" here.

http://en.wikipedia.org/wiki/Login

The below takes out the tag.b and fixes login -> log in:

Index: web_ui.py
===================================================================
--- web_ui.py (revision 10593)
+++ web_ui.py (working copy)
@@ -460,8 +460,8 @@

else:

chrome.add_notice(req, Markup(tag.span(tag(_(

"""Registration has been finished successfully.

  • You may login as user %(user)s now.""",
  • user=tag.b(req.args.get('username')))))))

+ You may log in as user %(user)s now.""",
+ user=req.args.get('username'))))))

req.redirect(req.href.login())

datareset_password_enabled? = AccountModule(self.env

).reset_password_enabled

Attachments (0)

Change History (7)

comment:1 in reply to: ↑ description Changed 3 years ago by hasienda

  • Keywords HTML escape i18n added
  • Status changed from new to assigned

Replying to willg@bluesock.org:

I'm using Trac 0.11.7 packaged in Debian testing with AccountManagerPlugin from svn r10593.

Well, we should really have Trac 0.12.2 in testing instead, but that is another issue.

![...] The <b> </b> tags come from using tag.b in the value of the formatting dict, but that's wrong since the < and > get encoded.

Confirm, I've seen that lately on my own, but was busy fixing other things. However the real solution will prevent the escaping, since the highlighting of the username is intentionally there.

Also, "login" is a noun. You really want to say "log in" here.

Ok, looks reasonably, and as a non-native English speaker I'll certainly follow such advice - for the next major release, because it creates a new msgid (producing another i18n issue).

comment:2 Changed 3 years ago by hasienda

(In [10594]) AccountManagerPlugin: Prevent wrong HTML escapes for registration success message, refs #9091.

comment:3 Changed 3 years ago by hasienda

Report to fix in less than one hour. "Paid premium support" couldn't be faster, right? ;-)

comment:4 Changed 3 years ago by willg@…

You rock! Thank you!

comment:5 Changed 3 years ago by willg@…

Bah... I thought I was using Debian testing--but that's a different server. This server is Debian stable. Debian stable has Trac 0.11.7.

comment:6 Changed 3 years ago by hasienda

Changeset [10601] include this and some more msgid changes for next release.

In this special case translators most probably will just have to update their translations just by removing the fuzzy markers for existing message strings.

comment:7 Changed 3 years ago by hasienda

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [10618]) AccountManagerPlugin: Publish maintenance release 0.3.2, closes #9051, #9082, #9088, #9091, #9092, #9093, #9095, #9099, #9107, #9108 and #9109.

This is an update for current stable at 0.3.1 with a number of fixes
for issues reported within the last weeks.

While they will go into acct_mgr-0.4 too, current code isn't ready for release
yet and will introduce a number of backwards-incompatible changes. So don't
hurry for acct_mgr-0.4 right now.

Just noticed what I'd call a bug in signatures.py and removed unreasonable
dependency on identical absolute path for successful check.
Looks like nobody else tried this by now, right? Hey folks!

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.