Custom Query (2152 matches)
Results (502 - 504 of 2152)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #1180 | fixed | Links in markdown can be badly formed | dread | dread |
| Description |
User can insert bad anchor tags into the User-About and Package-Notes fields and when you view them (web interface) it causes a 500 error. Need to improve filtering for anchors in markdown. <a href="http://xxxsex.com>nasty/website Also check this related exception: Module ckan.controllers.user:59 in read
<< c.is_myself = user.name == c.user
c.api_key = user.apikey
c.about_formatted = self._format_about(user.about)
revisions_q = model.Session.query(model.Revision
).filter_by(author=user.name)
>> c.about_formatted = self._format_about(user.about)
Module ckan.controllers.user:167 in _format_about
<< def _format_about(self, about):
about_formatted = ckan.misc.MarkdownFormat().to_html(about)
return genshi.HTML(about_formatted)
def _get_form_password(self):
>> return genshi.HTML(about_formatted)
WebApp Error: <class 'genshi.input.ParseError'>: junk characters in start tag: u'\u201dhttp://www.settingu': line 1, column 3
|
|||
| #1181 | fixed | Link spam vulnerability in Notes and User-About fields | dread | dread |
| Description |
When viewing a user and a package, the about/notes fields contain Markdown, which may have links. These should have rel="nofollow" to discourage link spam. |
|||
| #1186 | fixed | Password reset facility | dread | |
| Description |
You can register a user with password and (optional) email address. But if you forget the password you can't then log in again. We need a password reset facility that sends and email with a new password. |
|||
Note: See TracQuery
for help on using queries.
