1 2009-11-19T00:58:02 *** fucheeno
2 2009-11-19T02:05:52 *** fucheeno
3 2009-11-19T02:54:36 *** grzywacz
4 2009-11-19T05:12:21 *** fucheeno
5 2009-11-19T07:18:28 *** brijith
6 2009-11-19T07:18:54 <brijith> moin moin wiki is coming with out formating ... Seems like style sheet is missing ..... I followed this tutorial https://help.ubuntu.com/7.04/server/C/moinmoin.html please help
7 2009-11-19T07:20:23 *** brijith
8 2009-11-19T08:36:38 <ThomasWaldmann> moin
9 2009-11-19T08:42:04 <dreimark> moin
10 2009-11-19T12:14:40 <waldi> hi
11 2009-11-19T12:17:05 *** JosefMeier
12 2009-11-19T12:17:15 <JosefMeier> Moin Moin
13 2009-11-19T12:36:38 *** eisi
14 2009-11-19T13:19:46 *** eisi
15 2009-11-19T15:32:53 <dreimark> heda
16 2009-11-19T16:58:48 <CIA-34> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 5295:93d19194d145 1.9/MoinMoin/parser/highlight.py: highlight parser: refer to HelpOnParsers, not HelpOnSyntaxHighlighting
17 2009-11-19T17:12:37 <ThomasWaldmann> I merged that to reduce page count. Content was partially duplicated, was still missing from i18n/strings.py.
18 2009-11-19T17:24:33 <dreimark> ThomasWaldmann: http://paste.pocoo.org/show/151227/ of course with the new name. Is that enough for getting it as a save link?
19 2009-11-19T17:25:28 <ThomasWaldmann> i already told you that this smells like XSS
20 2009-11-19T17:25:55 <ThomasWaldmann> thus "don't do that"
21 2009-11-19T17:26:25 <dreimark> yes that's why I didn't do it.
22 2009-11-19T17:26:35 <dreimark> but I ve not seen the message before
23 2009-11-19T17:26:54 <ThomasWaldmann> what message?
24 2009-11-19T17:27:13 <dreimark> 18:23 < ThomasWaldmann> that smell
25 2009-11-19T17:27:47 <ThomasWaldmann> if you like to help: get HilfeZuParsern in sync with HelpOnParsers
26 2009-11-19T17:29:42 <dreimark> i just want to understand first on which part the xss can happen. I haven't applied it because I thought the msg string must be carefully checked on any translated version (and i dislike this dependency)
27 2009-11-19T17:31:37 <ThomasWaldmann> the problem is that you are changing formatter api. a string that was escaped through formatter.text() before would not get escaped any more.
28 2009-11-19T17:31:57 <ThomasWaldmann> Thus someone relying on that until now would likely have xss in his code.
29 2009-11-19T17:32:05 <ThomasWaldmann> (after that change)
30 2009-11-19T17:33:15 <dreimark> this part of the code was added at http://hg.moinmo.in/moin/1.9/rev/a83a65fcbb69
31 2009-11-19T17:33:47 <dreimark> the msg output wasn't there before Sun Nov 15 21:54:56 2009
32 2009-11-19T17:38:54 <ThomasWaldmann> ok, then the api change itself is no problem, still fresh enough
33 2009-11-19T17:39:26 <ThomasWaldmann> the question is then whether you want to offer that unescaped functionality, risking xss
34 2009-11-19T17:40:17 <ThomasWaldmann> if the answer is yes, one would at least have to document that in the docstring that the msg string won't get escaped
35 2009-11-19T17:40:52 <dreimark> I' ll look later again how the msg is done in the msg bar
36 2009-11-19T17:44:50 <ThomasWaldmann> gtg/bbl
37 2009-11-19T17:48:32 <CIA-34> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 5296:5830f61d4718 1.9/MoinMoin/i18n/ (43 files): updated i18n
38 2009-11-19T18:19:42 * dreimark will look at the HilfeZuParsern page
39 2009-11-19T18:34:26 <dreimark> gtg bbl
40 2009-11-19T19:17:09 *** JosefMeier
41 2009-11-19T19:54:00 *** grzywacz
42 2009-11-19T20:41:39 *** JosefMeier
43 2009-11-19T20:44:24 <JosefMeier> dreimark: Is the "package multiple pages" button planned to be included in moin 1.9 ?
44 2009-11-19T21:57:24 *** dimazest
45 2009-11-19T21:59:08 *** dimazest
46 2009-11-19T22:00:15 *** dimazest
47 2009-11-19T22:26:50 *** JosefMeier
48 2009-11-19T22:27:08 *** JosefMeier
49 2009-11-19T23:05:42 <dreimark> JosefMeier: without a limitation rather not
50 2009-11-19T23:06:23 <dreimark> if one gives a regex of .* for example and that many times
51 2009-11-19T23:07:01 <dreimark> the server process or the server itselfs can be DOSed
MoinMoin: MoinMoinChat/Logs/moin-dev/2009-11-19 (last edited 2009-11-19 00:00:02 by IrcLogImporter)