Re: [PATCH] models: Add commit_url_format to Project
On 22/8/19 11:55 am, Daniel Axtens wrote: It looks like you're going to do a v2 anyway to mesh with Andrew's changes - please could you pop in update to the fixtures that demonstrates/exercises this? I've had a look at the mark_safe bit. I don't love it - it allows someone with priv-esc to admin to XSS everyone who visits a patch page. Having said that I'm not entirely sure what the best way to handle it is. Andrew you did a few follow-up patches for our XSS adventures - do you have any thoughts? I think you probably want to wrap the patch.project.commit_url_format.format(commit=commit) in an escape. -- Andrew Donnellan OzLabs, ADL Canberra a...@linux.ibm.com IBM Australia Limited ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH] models: Add commit_url_format to Project
Michael Ellerman writes: > Andrew Donnellan writes: >> On 7/8/19 9:22 am, Andrew Donnellan wrote: >>> On 6/8/19 10:20 pm, Michael Ellerman wrote: Add a new field to Project, commit_url_format, which specifies a format string that can be used to generate a link to a particular commit for a project. This is used in the display of a patch, to render the patch's commit as a clickable link back to the commit on the SCM website. Signed-off-by: Michael Ellerman >>> >>> Argh, I've actually got a series of my own pending to do exactly this, >>> just had to tidy up the documentation before sending it :) >>> >>> I'll take a look at this and compare later today. >> >> I correct myself, I have patches to add mailing list archive links, >> which is slightly different! > > Phew! > >> My series includes a minor bump to the API versioning, which per >> docs/development/releasing.rst is our policy when adding new fields. >> I'll tidy that up and send it and perhaps you can rebase your API >> changes on top of that? > > Sure, just let me know. It looks like you're going to do a v2 anyway to mesh with Andrew's changes - please could you pop in update to the fixtures that demonstrates/exercises this? I've had a look at the mark_safe bit. I don't love it - it allows someone with priv-esc to admin to XSS everyone who visits a patch page. Having said that I'm not entirely sure what the best way to handle it is. Andrew you did a few follow-up patches for our XSS adventures - do you have any thoughts? Regards, Daniel > > cheers > ___ > Patchwork mailing list > Patchwork@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/patchwork ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH] models: Add commit_url_format to Project
Andrew Donnellan writes: > On 7/8/19 9:22 am, Andrew Donnellan wrote: >> On 6/8/19 10:20 pm, Michael Ellerman wrote: >>> Add a new field to Project, commit_url_format, which specifies a >>> format string that can be used to generate a link to a particular >>> commit for a project. >>> >>> This is used in the display of a patch, to render the patch's commit >>> as a clickable link back to the commit on the SCM website. >>> >>> Signed-off-by: Michael Ellerman >> >> Argh, I've actually got a series of my own pending to do exactly this, >> just had to tidy up the documentation before sending it :) >> >> I'll take a look at this and compare later today. > > I correct myself, I have patches to add mailing list archive links, > which is slightly different! Phew! > My series includes a minor bump to the API versioning, which per > docs/development/releasing.rst is our policy when adding new fields. > I'll tidy that up and send it and perhaps you can rebase your API > changes on top of that? Sure, just let me know. cheers ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH] models: Add commit_url_format to Project
On 7/8/19 9:22 am, Andrew Donnellan wrote: On 6/8/19 10:20 pm, Michael Ellerman wrote: Add a new field to Project, commit_url_format, which specifies a format string that can be used to generate a link to a particular commit for a project. This is used in the display of a patch, to render the patch's commit as a clickable link back to the commit on the SCM website. Signed-off-by: Michael Ellerman Argh, I've actually got a series of my own pending to do exactly this, just had to tidy up the documentation before sending it :) I'll take a look at this and compare later today. I correct myself, I have patches to add mailing list archive links, which is slightly different! My series includes a minor bump to the API versioning, which per docs/development/releasing.rst is our policy when adding new fields. I'll tidy that up and send it and perhaps you can rebase your API changes on top of that? --- Passes tox tests. Not entirely sure about the schema changes, I just cribbed from the existing fields. I think the use of mark_safe() is correct, but would appreciate some review on that. --- docs/api/schemas/latest/patchwork.yaml | 11 ++ docs/api/schemas/patchwork.j2 | 11 ++ docs/api/schemas/v1.0/patchwork.yaml | 11 ++ docs/api/schemas/v1.1/patchwork.yaml | 11 ++ patchwork/api/embedded.py | 3 ++- patchwork/api/project.py | 4 ++-- .../0034_project_commit_url_format.py | 20 +++ patchwork/models.py | 9 + patchwork/templates/patchwork/submission.html | 2 +- patchwork/templatetags/patch.py | 12 +++ 10 files changed, 90 insertions(+), 4 deletions(-) create mode 100644 patchwork/migrations/0034_project_commit_url_format.py diff --git a/docs/api/schemas/latest/patchwork.yaml b/docs/api/schemas/latest/patchwork.yaml index 724b05e..c9e6c4f 100644 --- a/docs/api/schemas/latest/patchwork.yaml +++ b/docs/api/schemas/latest/patchwork.yaml @@ -1846,6 +1846,9 @@ openapi: '3.0.0' type: string format: uri maxLength: 2000 + commit_url_format: + title: Web SCM URL format for a particular commit + type: string maintainers: type: array items: @@ -2162,6 +2165,10 @@ openapi: '3.0.0' format: uri readOnly: true maxLength: 2000 + commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true SeriesEmbedded: type: object properties: @@ -2301,6 +2308,10 @@ openapi: '3.0.0' type: string format: uri readOnly: true + commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true ErrorUserUpdate: type: object properties: diff --git a/docs/api/schemas/patchwork.j2 b/docs/api/schemas/patchwork.j2 index 5e2f5e4..c0676f2 100644 --- a/docs/api/schemas/patchwork.j2 +++ b/docs/api/schemas/patchwork.j2 @@ -1861,6 +1861,9 @@ openapi: '3.0.0' type: string format: uri maxLength: 2000 + commit_url_format: + title: Web SCM URL format for a particular commit + type: string maintainers: type: array items: @@ -2185,6 +2188,10 @@ openapi: '3.0.0' format: uri readOnly: true maxLength: 2000 + commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true SeriesEmbedded: type: object properties: @@ -2326,6 +2333,10 @@ openapi: '3.0.0' type: string format: uri readOnly: true + commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true ErrorUserUpdate: type: object properties: diff --git a/docs/api/schemas/v1.0/patchwork.yaml b/docs/api/schemas/v1.0/patchwork.yaml index 02f3a15..370dffe 100644 --- a/docs/api/schemas/v1.0/patchwork.yaml +++ b/docs/api/schemas/v1.0/patchwork.yaml @@ -1811,6 +1811,9 @@ openapi: '3.0.0' type: string format: uri maxLength: 2000 + commit_url_format: + title: Web SCM URL format for a particular commit + type: string maintainers: type: array items: @@ -2101,6 +2104,10 @@ openapi: '3.0.0' format: uri readOnly: true maxLength: 2000 + commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true SeriesEmbedded: type: object properties: @@ -2235,6 +2242,10 @@ openapi
Re: [PATCH] models: Add commit_url_format to Project
On 6/8/19 10:20 pm, Michael Ellerman wrote: Add a new field to Project, commit_url_format, which specifies a format string that can be used to generate a link to a particular commit for a project. This is used in the display of a patch, to render the patch's commit as a clickable link back to the commit on the SCM website. Signed-off-by: Michael Ellerman Argh, I've actually got a series of my own pending to do exactly this, just had to tidy up the documentation before sending it :) I'll take a look at this and compare later today. --- Passes tox tests. Not entirely sure about the schema changes, I just cribbed from the existing fields. I think the use of mark_safe() is correct, but would appreciate some review on that. --- docs/api/schemas/latest/patchwork.yaml| 11 ++ docs/api/schemas/patchwork.j2 | 11 ++ docs/api/schemas/v1.0/patchwork.yaml | 11 ++ docs/api/schemas/v1.1/patchwork.yaml | 11 ++ patchwork/api/embedded.py | 3 ++- patchwork/api/project.py | 4 ++-- .../0034_project_commit_url_format.py | 20 +++ patchwork/models.py | 9 + patchwork/templates/patchwork/submission.html | 2 +- patchwork/templatetags/patch.py | 12 +++ 10 files changed, 90 insertions(+), 4 deletions(-) create mode 100644 patchwork/migrations/0034_project_commit_url_format.py diff --git a/docs/api/schemas/latest/patchwork.yaml b/docs/api/schemas/latest/patchwork.yaml index 724b05e..c9e6c4f 100644 --- a/docs/api/schemas/latest/patchwork.yaml +++ b/docs/api/schemas/latest/patchwork.yaml @@ -1846,6 +1846,9 @@ openapi: '3.0.0' type: string format: uri maxLength: 2000 +commit_url_format: + title: Web SCM URL format for a particular commit + type: string maintainers: type: array items: @@ -2162,6 +2165,10 @@ openapi: '3.0.0' format: uri readOnly: true maxLength: 2000 +commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true SeriesEmbedded: type: object properties: @@ -2301,6 +2308,10 @@ openapi: '3.0.0' type: string format: uri readOnly: true +commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true ErrorUserUpdate: type: object properties: diff --git a/docs/api/schemas/patchwork.j2 b/docs/api/schemas/patchwork.j2 index 5e2f5e4..c0676f2 100644 --- a/docs/api/schemas/patchwork.j2 +++ b/docs/api/schemas/patchwork.j2 @@ -1861,6 +1861,9 @@ openapi: '3.0.0' type: string format: uri maxLength: 2000 +commit_url_format: + title: Web SCM URL format for a particular commit + type: string maintainers: type: array items: @@ -2185,6 +2188,10 @@ openapi: '3.0.0' format: uri readOnly: true maxLength: 2000 +commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true SeriesEmbedded: type: object properties: @@ -2326,6 +2333,10 @@ openapi: '3.0.0' type: string format: uri readOnly: true +commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true ErrorUserUpdate: type: object properties: diff --git a/docs/api/schemas/v1.0/patchwork.yaml b/docs/api/schemas/v1.0/patchwork.yaml index 02f3a15..370dffe 100644 --- a/docs/api/schemas/v1.0/patchwork.yaml +++ b/docs/api/schemas/v1.0/patchwork.yaml @@ -1811,6 +1811,9 @@ openapi: '3.0.0' type: string format: uri maxLength: 2000 +commit_url_format: + title: Web SCM URL format for a particular commit + type: string maintainers: type: array items: @@ -2101,6 +2104,10 @@ openapi: '3.0.0' format: uri readOnly: true maxLength: 2000 +commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true SeriesEmbedded: type: object properties: @@ -2235,6 +2242,10 @@ openapi: '3.0.0' type: string format: uri readOnly: true +commit_url_format: + title: Web SCM URL format for a particular commit + type: string + readOnly: true ErrorUserUpdate: type: object properties: diff --git a/docs/api/schemas/v1.1/patchwork.yaml b/docs/api/schemas/v1.1/patchwork.yaml ind