Modify

Opened 3 years ago

Closed 3 years ago

#9093 closed defect (fixed)

a href tags in verification notice

Reported by: willg@… Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: HTML escape
Cc: Trac Release: 0.11

Description

I'm using Trac 0.11.7 with AccountManagerPlugin r10594 with some fixes for issues detailed in #9091 and #9092. After a user registers, then logs in, he/she is greeted with a message to verify his/her email address.

The verification notification contains href html which I can't be more specific about because the anti-spam parts of this trac instance keep flagging it and ditching all the details I've written up forcing me to write up the bug again from scratch. Probably not your fault, but completely infuriating. Additionally c r e d i t s flags the system and that shows up in Python repl output.

Anyhow, the problem is around line 847 in web_ui.py in r10594.

Attachments (0)

Change History (8)

comment:1 Changed 3 years ago by willg@…

Bah... I thought I was using Debian testing--but that's a different server. This server is Debian stable. Debian stable has Trac 0.11.7.

comment:2 in reply to: ↑ description Changed 3 years ago by hasienda

Replying to willg@bluesock.org:

The verification notification contains href html which I can't be more specific about because the anti-spam parts of this trac instance keep flagging it and ditching all the details I've written up ![...]

How about attaching a small screenshot (PNG preferred) here? :-)

comment:3 Changed 3 years ago by willg@…

It looks like it's probably fixed in r10596. I can't test now, but I'll try testing it later.

comment:4 Changed 3 years ago by hasienda

Ok, take your time.

I'll not rush for the next release before the frequency of new reports has declined a bit. Just a statement, no complaint, because feedback is good and bug reports even more, since they tend to improve the plugin.

comment:5 Changed 3 years ago by willg@…

I managed to test it just now with r10598 and the problem is gone. So I'm all set with this issue, too. Thank you!

comment:6 Changed 3 years ago by hasienda

  • Keywords HTML escape added

You're welcome. Thank you for testing.

So I'll leave it open only as a reminder to reference it, and close it as fixed with next release.

comment:7 Changed 3 years ago by hasienda

(In [10603]) AccountManagerPlugin: Play safe - expire left-over session cookies too, refs #9095.

This has been led by another observation of janakj, thank you very much.
Added some code cleanup and seemingly missing code to restrict cookies.
And denote another recently fixed issue in changelog too, refs #9093.

comment:8 Changed 3 years ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [10618]) AccountManagerPlugin: Publish maintenance release 0.3.2, closes #9051, #9082, #9088, #9091, #9092, #9093, #9095, #9099, #9107, #9108 and #9109.

This is an update for current stable at 0.3.1 with a number of fixes
for issues reported within the last weeks.

While they will go into acct_mgr-0.4 too, current code isn't ready for release
yet and will introduce a number of backwards-incompatible changes. So don't
hurry for acct_mgr-0.4 right now.

Just noticed what I'd call a bug in signatures.py and removed unreasonable
dependency on identical absolute path for successful check.
Looks like nobody else tried this by now, right? Hey folks!

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from hasienda. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.