##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
security: fixed self-xss inside file views.
ergo -
r1810:a79ddada default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -124,9 +124,8 b' class FilesController(BaseRepoController'
124 124 if file_node.is_dir():
125 125 raise RepositoryError('The given path is a directory')
126 126 except CommitDoesNotExistError:
127 msg = _('No such commit exists for this repository')
128 log.exception(msg)
129 h.flash(msg, category='error')
127 log.exception('No such commit exists for this repository')
128 h.flash(_('No such commit exists for this repository'), category='error')
130 129 raise HTTPNotFound()
131 130 except RepositoryError as e:
132 131 h.flash(safe_str(e), category='error')
@@ -450,7 +449,7 b' class FilesController(BaseRepoController'
450 449 c.file = self.__get_filenode_or_redirect(repo_name, c.commit, f_path)
451 450
452 451 c.default_message = _(
453 'Deleted file %s via RhodeCode Enterprise') % (f_path)
452 'Deleted file {} via RhodeCode Enterprise').format(f_path)
454 453 c.f_path = f_path
455 454 node_path = f_path
456 455 author = c.rhodecode_user.full_contact
@@ -469,8 +468,9 b' class FilesController(BaseRepoController'
469 468 author=author,
470 469 )
471 470
472 h.flash(_('Successfully deleted file %s') % f_path,
473 category='success')
471 h.flash(
472 _('Successfully deleted file `{}`').format(
473 h.escape(f_path)), category='success')
474 474 except Exception:
475 475 msg = _('Error occurred during commit')
476 476 log.exception(msg)
@@ -503,7 +503,7 b' class FilesController(BaseRepoController'
503 503 c.file = self.__get_filenode_or_redirect(repo_name, c.commit, f_path)
504 504
505 505 c.default_message = _(
506 'Deleted file %s via RhodeCode Enterprise') % (f_path)
506 'Deleted file {} via RhodeCode Enterprise').format(f_path)
507 507 c.f_path = f_path
508 508
509 509 return render('files/files_delete.mako')
@@ -537,7 +537,7 b' class FilesController(BaseRepoController'
537 537 return redirect(url('files_home', repo_name=c.repo_name,
538 538 revision=c.commit.raw_id, f_path=f_path))
539 539 c.default_message = _(
540 'Edited file %s via RhodeCode Enterprise') % (f_path)
540 'Edited file {} via RhodeCode Enterprise').format(f_path)
541 541 c.f_path = f_path
542 542 old_content = c.file.content
543 543 sl = old_content.splitlines(1)
@@ -575,12 +575,12 b' class FilesController(BaseRepoController'
575 575 parent_commit=c.commit,
576 576 )
577 577
578 h.flash(_('Successfully committed to %s') % f_path,
579 category='success')
578 h.flash(
579 _('Successfully committed changes to file `{}`').format(
580 h.escape(f_path)), category='success')
580 581 except Exception:
581 msg = _('Error occurred during commit')
582 log.exception(msg)
583 h.flash(msg, category='error')
582 log.exception('Error occurred during commit')
583 h.flash(_('Error occurred during commit'), category='error')
584 584 return redirect(url('changeset_home',
585 585 repo_name=c.repo_name, revision='tip'))
586 586
@@ -612,7 +612,7 b' class FilesController(BaseRepoController'
612 612 return redirect(url('files_home', repo_name=c.repo_name,
613 613 revision=c.commit.raw_id, f_path=f_path))
614 614 c.default_message = _(
615 'Edited file %s via RhodeCode Enterprise') % (f_path)
615 'Edited file {} via RhodeCode Enterprise').format(f_path)
616 616 c.f_path = f_path
617 617
618 618 return render('files/files_edit.mako')
@@ -704,8 +704,9 b' class FilesController(BaseRepoController'
704 704 author=author,
705 705 )
706 706
707 h.flash(_('Successfully committed to %s') % node_path,
708 category='success')
707 h.flash(
708 _('Successfully committed new file `{}`').format(
709 h.escape(node_path)), category='success')
709 710 except NonRelativePathError as e:
710 711 h.flash(_(
711 712 'The location specified must be a relative path and must not '
@@ -713,11 +714,10 b' class FilesController(BaseRepoController'
713 714 return redirect(url('changeset_home', repo_name=c.repo_name,
714 715 revision='tip'))
715 716 except (NodeError, NodeAlreadyExistsError) as e:
716 h.flash(_(e), category='error')
717 h.flash(_(h.escape(e)), category='error')
717 718 except Exception:
718 msg = _('Error occurred during commit')
719 log.exception(msg)
720 h.flash(msg, category='error')
719 log.exception('Error occurred during commit')
720 h.flash(_('Error occurred during commit'), category='error')
721 721 return redirect(url('changeset_home',
722 722 repo_name=c.repo_name, revision='tip'))
723 723
@@ -801,7 +801,7 b' class FilesController(BaseRepoController'
801 801 if not use_cached_archive:
802 802 # generate new archive
803 803 fd, archive = tempfile.mkstemp()
804 log.debug('Creating new temp archive in %s' % (archive,))
804 log.debug('Creating new temp archive in %s', archive)
805 805 try:
806 806 commit.archive_repo(archive, kind=fileformat, subrepos=subrepos)
807 807 except ImproperArchiveTypeError:
@@ -809,7 +809,7 b' class FilesController(BaseRepoController'
809 809 if archive_cache_enabled:
810 810 # if we generated the archive and we have cache enabled
811 811 # let's use this for future
812 log.debug('Storing new archive in %s' % (cached_archive_path,))
812 log.debug('Storing new archive in %s', cached_archive_path)
813 813 shutil.move(archive, cached_archive_path)
814 814 archive = cached_archive_path
815 815
Show file before | Show file after | Hide comments
@@ -758,9 +758,8 b' class TestChangingFiles:'
758 758 'csrf_token': csrf_token,
759 759 },
760 760 status=302)
761 assert_session_flash(
762 response, 'Successfully committed to %s'
763 % os.path.join(filename))
761 assert_session_flash(response,
762 'Successfully committed new file `{}`'.format(os.path.join(filename)))
764 763
765 764 def test_add_file_into_repo_missing_filename(self, backend, csrf_token):
766 765 response = self.app.post(
@@ -848,9 +847,9 b' class TestChangingFiles:'
848 847 'csrf_token': csrf_token,
849 848 },
850 849 status=302)
851 assert_session_flash(
852 response, 'Successfully committed to %s'
853 % os.path.join(location, filename))
850 assert_session_flash(response,
851 'Successfully committed new file `{}`'.format(
852 os.path.join(location, filename)))
854 853
855 854 def test_edit_file_view(self, backend):
856 855 response = self.app.get(
@@ -894,7 +893,7 b' class TestChangingFiles:'
894 893 },
895 894 status=302)
896 895 assert_session_flash(
897 response, 'Successfully committed to vcs/nodes.py')
896 response, 'Successfully committed changes to file `vcs/nodes.py`')
898 897 tip = repo.get_commit(commit_idx=-1)
899 898 assert tip.message == 'I committed'
900 899
@@ -921,7 +920,7 b' class TestChangingFiles:'
921 920 },
922 921 status=302)
923 922 assert_session_flash(
924 response, 'Successfully committed to vcs/nodes.py')
923 response, 'Successfully committed changes to file `vcs/nodes.py`')
925 924 tip = repo.get_commit(commit_idx=-1)
926 925 assert tip.message == 'Edited file vcs/nodes.py via RhodeCode Enterprise'
927 926
@@ -961,7 +960,7 b' class TestChangingFiles:'
961 960 },
962 961 status=302)
963 962 assert_session_flash(
964 response, 'Successfully deleted file vcs/nodes.py')
963 response, 'Successfully deleted file `vcs/nodes.py`')
965 964
966 965
967 966 def assert_files_in_response(response, files, params):
General Comments 0
You need to be logged in to leave comments. Login now