Return-Path: 
 <allura-commits-return-4761-apmail-incubator-allura-commits-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-allura-commits-archive@minotaur.apache.org
Delivered-To: apmail-incubator-allura-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id BA4EF10133
	for <apmail-incubator-allura-commits-archive@minotaur.apache.org>;
 Wed,  3 Jul 2013 16:59:30 +0000 (UTC)
Received: (qmail 84625 invoked by uid 500); 3 Jul 2013 16:59:30 -0000
Delivered-To: apmail-incubator-allura-commits-archive@incubator.apache.org
Received: (qmail 84592 invoked by uid 500); 3 Jul 2013 16:59:30 -0000
Mailing-List: contact allura-commits-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:allura-commits-help@incubator.apache.org>
List-Unsubscribe: <mailto:allura-commits-unsubscribe@incubator.apache.org>
List-Post: <mailto:allura-commits@incubator.apache.org>
List-Id: <allura-commits.incubator.apache.org>
Reply-To: allura-dev@incubator.apache.org
Delivered-To: mailing list allura-commits@incubator.apache.org
Received: (qmail 84572 invoked by uid 99); 3 Jul 2013 16:59:29 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jul 2013 16:59:29 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 1457755CA3; Wed,  3 Jul 2013 16:59:29 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: johnsca@apache.org
To: allura-commits@incubator.apache.org
Date: Wed, 03 Jul 2013 16:59:29 -0000
Message-Id: <82545265a2d842dbb2b192bb3019c8f2@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [1/3] git commit: [#5693] ticket:397 Escape forum topic in
 notifications

Updated Branches:
  refs/heads/master ebc7e4310 -> ff44014a5


[#5693] ticket:397 Escape forum topic in notifications


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/ff44014a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/ff44014a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/ff44014a

Branch: refs/heads/master
Commit: ff44014a528b069e10cbfe51d2bc1981d924d455
Parents: a20153c
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Wed Jul 3 09:39:26 2013 +0000
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Wed Jul 3 16:46:33 2013 +0000

----------------------------------------------------------------------
 Allura/allura/templates/mail/Discussion.txt        |  2 +-
 .../forgediscussion/tests/functional/test_forum.py | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/ff44014a/Allura/allura/templates/mail/Discussion.txt
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/mail/Discussion.txt b/Allura/allura/templates/mail/Discussion.txt
index 4702f21..21bfb51 100644
--- a/Allura/allura/templates/mail/Discussion.txt
+++ b/Allura/allura/templates/mail/Discussion.txt
@@ -20,4 +20,4 @@
 
 ---
 
-[{{post.thread.subject}}]({{h.absurl(post.url_paginated())}})
+[{{post.thread.subject|e}}]({{h.absurl(post.url_paginated())}})

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/ff44014a/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py b/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py
index ffa0ca1..a9288c8 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py
@@ -26,7 +26,7 @@ from email.mime.multipart import MIMEMultipart
 
 import pkg_resources
 from pylons import tmpl_context as c, app_globals as g
-from nose.tools import assert_equal
+from nose.tools import assert_equal, assert_in
 
 from allura import model as M
 from allura.tasks import mail_tasks
@@ -408,6 +408,21 @@ class TestForum(TestController):
         assert 'noreply' not in n.reply_to_address, n
         assert 'testforum@discussion.test.p' in n.reply_to_address, n
 
+    def test_notifications_escaping(self):
+        r = self.app.get('/discussion/create_topic/')
+        f = r.html.find('form', {'action':'/p/test/discussion/save_new_topic'})
+        params = dict()
+        inputs = f.findAll('input')
+        for field in inputs:
+            if field.has_key('name'):
+                params[field['name']] = field.has_key('value') and field['value'] or ''
+        params[f.find('textarea')['name']] = 'Post text'
+        params[f.find('select')['name']] = 'testforum'
+        params[f.find('input', {'style':'width: 90%'})['name']] = "this is <h2> o'clock"
+        r = self.app.post('/discussion/save_new_topic', params=params)
+        n = M.Notification.query.find(dict(subject="[test:discussion] this is <h2> o'clock")).first()
+        assert_in('---\n\n[this is &lt;h2&gt; o&#39;clock]', n.text)
+
     @mock.patch('allura.model.discuss.g.spam_checker')
     def test_anonymous_post(self, spam_checker):
         spam_checker.check.return_value = True