Mercurial > kallithea
changeset 5014:0ab0c3980b5d
Merge with stable
author | Andrew Shadura <andrew@shadura.me> |
---|---|
date | Tue, 14 Apr 2015 23:03:30 +0200 |
parents | caef25781d8c (current diff) 49e0b5a72ba2 (diff) |
children | 2481c0a1ed31 |
files | |
diffstat | 8 files changed, 13 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Mon Apr 13 20:25:01 2015 +0200 +++ b/.hgtags Tue Apr 14 23:03:30 2015 +0200 @@ -58,3 +58,4 @@ 1f71ef689d2a3c9978cea6591a1f4e9107a5ca83 rhodecode-0.0.1.7.1 d17e88a1a88a29f6fac948c94498129e405a40d3 0.1 ad0ce803b40cb17fc3988373052943e041030b02 0.2 +c6e32714336345403adf76abb6ebf9b8116fcdc7 0.2.1
--- a/CONTRIBUTORS Mon Apr 13 20:25:01 2015 +0200 +++ b/CONTRIBUTORS Tue Apr 14 23:03:30 2015 +0200 @@ -67,6 +67,7 @@ Michal Čihař <michal@cihar.com> Morten Skaaning <mortens@unity3d.com> Na'Tosha Bard <natosha@unity3d.com> + Nick High <nick@silverchip.org> Niemand Jedermann <predatorix@web.de> Peter Vitt <petervitt@web.de> Sam Jaques <sam.jaques@me.com>
--- a/kallithea/__init__.py Mon Apr 13 20:25:01 2015 +0200 +++ b/kallithea/__init__.py Tue Apr 14 23:03:30 2015 +0200 @@ -29,7 +29,7 @@ import sys import platform -VERSION = (0, 2) +VERSION = (0, 2, 1) BACKENDS = { 'hg': 'Mercurial repository', 'git': 'Git repository',
--- a/kallithea/controllers/admin/repo_groups.py Mon Apr 13 20:25:01 2015 +0200 +++ b/kallithea/controllers/admin/repo_groups.py Tue Apr 14 23:03:30 2015 +0200 @@ -144,7 +144,7 @@ repo_groups_data.append({ "raw_name": repo_gr.group_name, "group_name": repo_group_name(repo_gr.group_name, children_groups), - "desc": repo_gr.group_description, + "desc": h.escape(repo_gr.group_description), "repos": repo_count, "owner": h.person(repo_gr.user), "action": repo_group_actions(repo_gr.group_id, repo_gr.group_name,
--- a/kallithea/controllers/admin/user_groups.py Mon Apr 13 20:25:01 2015 +0200 +++ b/kallithea/controllers/admin/user_groups.py Tue Apr 14 23:03:30 2015 +0200 @@ -113,7 +113,7 @@ "raw_name": user_gr.users_group_name, "group_name": user_group_name(user_gr.users_group_id, user_gr.users_group_name), - "desc": user_gr.user_group_description, + "desc": h.escape(user_gr.user_group_description), "members": len(user_gr.members), "active": h.boolicon(user_gr.users_group_active), "owner": h.person(user_gr.user.username),
--- a/kallithea/controllers/admin/users.py Mon Apr 13 20:25:01 2015 +0200 +++ b/kallithea/controllers/admin/users.py Tue Apr 14 23:03:30 2015 +0200 @@ -96,8 +96,8 @@ "gravatar": grav_tmpl % h.gravatar(user.email, size=20), "raw_name": user.username, "username": username(user.user_id, user.username), - "firstname": user.name, - "lastname": user.lastname, + "firstname": h.escape(user.name), + "lastname": h.escape(user.lastname), "last_login": h.fmt_date(user.last_login), "last_login_raw": datetime_to_time(user.last_login), "active": h.boolicon(user.active),
--- a/kallithea/model/repo.py Mon Apr 13 20:25:01 2015 +0200 +++ b/kallithea/model/repo.py Tue Apr 14 23:03:30 2015 +0200 @@ -138,8 +138,8 @@ return json.dumps([ { 'id': u.user_id, - 'fname': u.name, - 'lname': u.lastname, + 'fname': h.escape(u.name), + 'lname': h.escape(u.lastname), 'nname': u.username, 'gravatar_lnk': h.gravatar_url(u.email, size=28), 'gravatar_size': 14, @@ -210,9 +210,9 @@ def desc(desc): if c.visual.stylify_metatags: - return h.urlify_text(h.desc_stylize(h.truncate(desc, 60))) + return h.urlify_text(h.desc_stylize(h.escape(h.truncate(desc, 60)))) else: - return h.urlify_text(h.truncate(desc, 60)) + return h.urlify_text(h.escape(h.truncate(desc, 60))) def state(repo_state): return _render("repo_state", repo_state)
--- a/kallithea/templates/summary/summary.html Mon Apr 13 20:25:01 2015 +0200 +++ b/kallithea/templates/summary/summary.html Tue Apr 14 23:03:30 2015 +0200 @@ -85,9 +85,9 @@ <label>${_('Description')}:</label> </div> %if c.visual.stylify_metatags: - <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(c.db_repo.description))}</div> + <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(h.escape(c.db_repo.description)))}</div> %else: - <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(c.db_repo.description)}</div> + <div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.escape(c.db_repo.description))}</div> %endif </div>