incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject git commit: [#5582] Fixed /auth/prefs allowing javascript: URLs
Date Fri, 11 Jan 2013 18:53:50 GMT
Updated Branches:
  refs/heads/cj/5582 97be7d945 -> db9be9df6


[#5582] Fixed /auth/prefs allowing javascript: URLs

Signed-off-by: Cory Johns <johnsca@geek.net>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/db9be9df
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/db9be9df
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/db9be9df

Branch: refs/heads/cj/5582
Commit: db9be9df66c0179743bbcdcf6e5c9cc302137b03
Parents: 97be7d9
Author: Cory Johns <johnsca@geek.net>
Authored: Fri Jan 11 18:53:36 2013 +0000
Committer: Cory Johns <johnsca@geek.net>
Committed: Fri Jan 11 18:53:36 2013 +0000

----------------------------------------------------------------------
 Allura/allura/lib/widgets/form_fields.py |    7 ++++++-
 Allura/allura/lib/widgets/forms.py       |    2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/db9be9df/Allura/allura/lib/widgets/form_fields.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/form_fields.py b/Allura/allura/lib/widgets/form_fields.py
index 9679517..6427143 100644
--- a/Allura/allura/lib/widgets/form_fields.py
+++ b/Allura/allura/lib/widgets/form_fields.py
@@ -434,8 +434,13 @@ class Lightbox(ew_core.Widget):
             });
         ''' % (self.name, self.trigger))
 
+
 class LabeledHiddenField(ew.HiddenField):
-    '''Jinja2 implementation of InputField seems to ignore show_label=True.'''
+    '''
+    Jinja2 implementation of InputField seems to ignore show_label=True.
+
+    FIXME: This should be fixed in EasyWidgets and this class removed.
+    '''
     template=ew.Snippet('''<label>{{ label|e }}<input {{widget.j2_attrs({
         'type':'hidden',
         'name':name,

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/db9be9df/Allura/allura/lib/widgets/forms.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/forms.py b/Allura/allura/lib/widgets/forms.py
index dfdf5e7..c2c6702 100644
--- a/Allura/allura/lib/widgets/forms.py
+++ b/Allura/allura/lib/widgets/forms.py
@@ -225,7 +225,7 @@ class AddWebsiteForm(ForgeForm):
         newwebsite = ew.TextField(
             label='New website url',
             attrs={'value':''},
-            validator=fev.UnicodeString(not_empty=True))
+            validator=fev.URL())
         
     def display(self, **kw):
         initial_value = kw.get('initial_value','')


Mime
View raw message