ticket,summary,type,release,owner,status,created,modified,_description,_reporter
11626,Allow resources to be bookmarked from the timeline,enhancement,,yosiyuki,new,2014-03-16T22:42:41+01:00,2020-05-01T06:51:13+02:00,"The feature was discussed in trac:#11256. However, rather than setting a single bookmark in the timeline to limit the history (as requested in trac:#11256), it might be more useful to just allow items to be bookmarked on the timeline.

If it proves to be useful to limit the history, we can probably handle that in this plugin as well.",Ryan J Ollos
8952,Plugin not working due to table schema constraints,defect,0.12,yosiyuki,new,2011-07-06T10:46:02+02:00,2020-05-01T06:51:13+02:00,"Hi all,

I downloaded '''bookmarkplugin-!r10380.zip''', created the egg file and uploaded it to my Trac 0.12 instance (using postgresql 8.3, python 2.5 on linux debian lenny).

I then run ""trac-admin ''trac-env-path'' update"" as suggested by the plugin's post install message and added to my trac user the bookmark related privileges.

When I tried to add a bookmark, the ""*"" link was apparently inactive (when pressed it did nothing), so '''I wasn't able to add a bookmark'''.

After some investigation (i.e. open the ""*"" link target into a new page and see Postgresql complaining about the ""name"" column being not null but a null value is supplied) I finally found out that the table ""bookmarks"" has a pk made of 3 columns:

{{{
trac=# \d bookmarks
  Table ""public.bookmarks""
  Column  | Type | Modifiers 
----------+------+-----------
 resource | text | not null
 name     | text | not null
 username | text | not null
Indexes:
    ""bookmarks_pk"" PRIMARY KEY, btree (resource, name, username)
}}}

but the plugin's code on insert is as follows: 

{{{
#!python
    def set_bookmark(self, req, resource):
        """"""Bookmark a resource.""""""
#        resource = self.normalise_resource(resource)
        if self.get_bookmark(req, resource):
            return

        db = self.env.get_db_cnx()
        cursor = db.cursor()
        cursor.execute('INSERT INTO bookmarks (resource, username) '
                       'VALUES (%s, %s)',
                       (resource, get_reporter_id(req)))
        db.commit()
}}}

If I run the following SQL script, the plugin starts working as expected: 

{{{
#!sql
alter TABLE bookmarks drop constraint bookmarks_pk;
alter TABLE bookmarks add primary key (resource,username);
alter table bookmarks ALTER name DROP not null;
}}}

The plugin code doesn't seem to be up to date with the table design, or the table design seems too strongly constrained.

Cheers,
  Marco
",mrctrevisan
10227,Bookmark plugin should protect add and delete operations,defect,0.12,Ryan J Ollos,new,2012-08-04T14:37:54+02:00,2020-05-01T06:51:13+02:00,"The bookmark icon is simple link, not a form. The delete link in bookmark page is also.
Therefore, a attacker can force to add and delete the users' bookmarks.",Jun Omae