#11827 closed task (fixed)
License
Reported by: | Ryan J Ollos | Owned by: | Elan Ruusamäe |
---|---|---|---|
Priority: | normal | Component: | VcsReleaseInfoMacro |
Severity: | normal | Keywords: | license |
Cc: | Steffen Hoffmann, Jun Omae | Trac Release: |
Description
I noticed that your macro doesn't have a license. It would be simple to add a license header:
# -*- coding: utf-8 -*- # # Copyright (C) 2010-2014 "author name" <author-email> # All rights reserved. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. #
If you choose to use the same license as Trac, you can copy a file with the text of the 3-Clause BSD license from: tracjenkinsplugin/trunk/COPYING@13976.
You can also add metadata to the single-file plugin, using the keywords: t:browser:/trunk/trac/loader.py@12785:157-158#L153. An example use can be seen in browser:/lastmodifiedmacro/trunk/LastModified.py@13555:18-24.
Attachments (2)
Change History (16)
comment:1 Changed 11 years ago by
Cc: | Steffen Hoffmann added; anonymous removed |
---|---|
Keywords: | license added |
comment:2 Changed 11 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:5 Changed 11 years ago by
Thanks for the quick fix. Sorry about having two follow-on changes. I only noticed the second issue after committing the first change.
comment:6 follow-up: 7 Changed 11 years ago by
Thanks for reviewing it, i didn't even think COPYING has any names in it. i.e i thought it's generic as GPL licenses are.
also, the trac ui seems to render utf8 wrong, any chance to make this trac default encoding to be utf8 instead of latin1 so these render correctly?
comment:7 Changed 11 years ago by
Replying to glen:
also, the trac ui seems to render utf8 wrong, any chance to make this trac default encoding to be utf8 instead of latin1 so these render correctly?
The encoding issues can be tricky. Could you describe in more detail the issue you are experiencing?
comment:8 Changed 11 years ago by
added screenshots. the bad encoding can be seen any commits in this ticket that has my name in the text.
as i understood you only need to change conf/trac.ini
:
[trac] default_charset = utf-8
however trac http header already is Content-Type: text/html;charset=utf-8
so not really sure where it goes wrong.
as for accessing svn directly http://trac-hacks.org/svn/vcsreleaseinfomacro/COPYING, then that has no charset specified: Content-Type: text/plain
. i propose you to change that with AddDefaultCharset directive in your <Location /svn/>
comment:9 follow-up: 11 Changed 11 years ago by
Cc: | Jun Omae added |
---|
Okay, I had misunderstood the earlier comment. I didn't realize you were commenting on the site rather than a plugin development issue.
I set [trac]
default_charset = utf-8
, which seems to have fixed vcsreleaseinfomacro/COPYING.
Adding AddDefaultCharset utf-8
to the <Location /svn/>
section seems to have fixed the rendering when accessing svn/vcsreleaseinfomacro/COPYING.
Thanks for the tips!
comment:10 Changed 11 years ago by
It looks like t.e.o has the same content-type issue with files served from SVN over HTTPS. For example, see wikisyntax.py. However I wonder if it's really worth suggesting any server configuration change since it's unlikely many people will be looking at the source code served directly from SVN.
comment:11 Changed 11 years ago by
Replying to rjollos:
Adding
AddDefaultCharset utf-8
to the<Location /svn/>
section seems to have fixed the rendering when accessing svn/vcsreleaseinfomacro/COPYING.
Sounds good for trac-hacks and t.e.o..
However, I think another issue in Content-Type in trac-hacks.
All committers can add any contents and set any Content-Type to the files via svn:mime-type
in repository of trac-hacks. Any one can register to trac-hacks. Therefore, a attacker can add html files with attack javascript vectors in the same origin of trac-hacks.org.
Workaround is adding Content-Disposition: attachment
header for force a file to download if GET
request for a file.
Header set Content-Disposition attachment env=x-disposition-attachment RewriteEngine On RewriteCond %{REQUEST_METHOD} =GET RewriteCond %{REQUEST_URI} !/$ RewriteRule ^/svn/ - [E=x-disposition-attachment]
comment:12 Changed 11 years ago by
comment:13 follow-up: 14 Changed 11 years ago by
Feels awesome that I pointed you accidentally to (possible) security problem(s), which was originally just aesthetic issue :)
ps: the lynx-links don't work:
Can't view #11. Resource doesn't exist or you don't have the required permission.
comment:14 Changed 11 years ago by
Replying to glen:
ps: the lynx-links don't work:
Lynx is not a public site. We keep it private so that we can discuss security and sensitive configuration issues.
In 13980: