changeset 4703:621c708ecddb

merged moin/1.8
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 20 Apr 2009 20:32:49 +0200
parents 00179a01f746 (current diff) 34f0fe3ff120 (diff)
children 621d9dcc6b00 6acb48a16e32
files MoinMoin/PageEditor.py MoinMoin/action/AttachFile.py docs/CHANGES
diffstat 5 files changed, 40 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/PageEditor.py	Mon Apr 20 02:41:19 2009 +0200
+++ b/MoinMoin/PageEditor.py	Mon Apr 20 20:32:49 2009 +0200
@@ -1083,6 +1083,7 @@
             raise self.EditConflict, msg
         elif newtext == self.get_raw_body():
             msg = _('You did not change the page content, not saved!')
+            self.lock.release()
             raise self.Unchanged, msg
         else:
             from MoinMoin.security import parseACL
--- a/MoinMoin/action/AttachFile.py	Mon Apr 20 02:41:19 2009 +0200
+++ b/MoinMoin/action/AttachFile.py	Mon Apr 20 20:32:49 2009 +0200
@@ -379,6 +379,7 @@
 
 
 def error_msg(pagename, request, msg):
+    msg = wikiutil.escape(msg)
     request.theme.add_msg(msg, "error")
     Page(request, pagename).send_page()
 
@@ -504,7 +505,7 @@
     if handler:
         msg = handler(pagename, request)
     else:
-        msg = _('Unsupported AttachFile sub-action: %s') % wikiutil.escape(do)
+        msg = _('Unsupported AttachFile sub-action: %s') % do
     if msg:
         error_msg(pagename, request, msg)
 
@@ -514,6 +515,8 @@
 
 
 def upload_form(pagename, request, msg=''):
+    if msg:
+        msg = wikiutil.escape(msg)
     _ = request.getText
 
     # Use user interface language for this generated page
@@ -770,8 +773,8 @@
          'url': request.href(pagename),
          'do': 'attachment_move',
          'ticket': wikiutil.createTicket(request),
-         'pagename': pagename,
-         'attachment_name': filename,
+         'pagename': wikiutil.escape(pagename, 1),
+         'attachment_name': wikiutil.escape(filename, 1),
          'move': _('Move'),
          'cancel': _('Cancel'),
          'newname_label': _("New page name"),
@@ -901,13 +904,13 @@
 
     if package.isPackage():
         if package.installPackage():
-            msg = _("Attachment '%(filename)s' installed.") % {'filename': wikiutil.escape(target)}
+            msg = _("Attachment '%(filename)s' installed.") % {'filename': target}
         else:
-            msg = _("Installation of '%(filename)s' failed.") % {'filename': wikiutil.escape(target)}
+            msg = _("Installation of '%(filename)s' failed.") % {'filename': target}
         if package.msg:
-            msg += "<br><pre>%s</pre>" % wikiutil.escape(package.msg)
+            msg += " " + package.msg
     else:
-        msg = _('The file %s is not a MoinMoin package file.') % wikiutil.escape(target)
+        msg = _('The file %s is not a MoinMoin package file.') % target
 
     upload_form(pagename, request, msg=msg)
 
@@ -1011,7 +1014,7 @@
         logging.exception("An exception within zip file attachment handling occurred:")
         msg = _("A severe error occurred:") + ' ' + str(err)
 
-    upload_form(pagename, request, msg=wikiutil.escape(msg))
+    upload_form(pagename, request, msg=msg)
 
 
 def send_viewfile(pagename, request):
--- a/docs/CHANGES	Mon Apr 20 02:41:19 2009 +0200
+++ b/docs/CHANGES	Mon Apr 20 20:32:49 2009 +0200
@@ -104,6 +104,17 @@
       See HelpOnAuthentication.
 
 
+Version 1.8.current:
+  Bug fixes:
+    * Fixed docs bug: see HINT about secrets configuration at version 1.8.0
+      (1.8.0 Other changes).
+
+  New features:
+    * ...
+
+  Other changes:
+    * ...
+
 Version 1.8.2:
   Bug fixes:
     * Fix AttachFile and antispam XSS issues.
@@ -268,6 +279,21 @@
       parameter is no longer supported.
 
   Other Changes: =============================================================
+    * HINT: new configuration for misc. secrets, please use either:
+          secrets = "MySecretLooongString!" # one secret for everything
+      or:
+          secrets = {
+              'xmlrpc/ProcessMail': 'yourmailsecret', # for mailimport
+              'xmlrpc/RemoteScript': 'yourremotescriptsecret',
+              'action/cache': 'yourcachesecret', # unguessable cache keys
+              'wikiutil/tickets': 'yourticketsecret', # edit tickets
+              'jabberbot': 'yourjabberbotsecret', # jabberbot communication
+          }
+      Secret strings must be at least 10 chars long.
+      Note: mail_import_secret setting is gone, use
+            secrets["xmlrpc/ProcessMail"] instead of it.
+      Note: jabberbot secret setting is gone, use
+            secrets["jabberbot"] instead of it.
     * HINT: user_autocreate setting was removed from wiki configuration and
       replaced by a autocreate=<boolean> parameter of the auth objects that
       support user profile auto creation.
--- a/wiki/config/more_samples/jabber_wikiconfig_snippet	Mon Apr 20 02:41:19 2009 +0200
+++ b/wiki/config/more_samples/jabber_wikiconfig_snippet	Mon Apr 20 20:32:49 2009 +0200
@@ -8,5 +8,5 @@
     # A secret shared with notification bot, must be the same in both configs
     # (the wiki config and the notification bot config) for communication to work.
     # CHANGE IT TO A LONG RANDOM STRING, OR YOU WILL HAVE A SECURITY ISSUE!
-    secret = u""
+    secrets = u""  # alternatively, use secrets["jabberbot"]
 
--- a/wiki/config/more_samples/mail_wikiconfig_snippet	Mon Apr 20 02:41:19 2009 +0200
+++ b/wiki/config/more_samples/mail_wikiconfig_snippet	Mon Apr 20 20:32:49 2009 +0200
@@ -24,11 +24,11 @@
     # within moin, you need some script called by your MDA (e.g. procmail)
     # to DO the xmlrpc calls for each mail arriving for your wiki!
     #actions_excluded = [] # it won't work if 'xmlrpc' is excluded!
-    #mail_import_secret = "foo" # a shared secret also known to the mail importer xmlrpc script
     #mail_import_subpage_template = u"$from-$date-$subject" # used for mail import
     #mail_import_pagename_search = ['subject', 'to', ] # where to look for target pagename (and in which order)
     #mail_import_pagename_envelope = u"%s" # use u"+ %s/" to add "+ " and "/" automatically
     #mail_import_pagename_regex = r'\[\[([^\]]*)\]\]' # how to find/extract the pagename from the subject
     #mail_import_wiki_addrs = [] # the e-mail addresses for e-mails that should go into the wiki
+    #secrets = ""  # or secrets["xmlrpc/ProcessMail"] - a shared secret also known to the mail importer xmlrpc script