launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #16541
[Merge] lp:~wgrant/launchpad/own-the-xss-party into lp:launchpad
William Grant has proposed merging lp:~wgrant/launchpad/own-the-xss-party into lp:launchpad.
Commit message:
Fix structured() usage on ITeam:+reassign.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~wgrant/launchpad/own-the-xss-party/+merge/210367
Fix an XSS hole on ITeam:+reassign. structured() abuse abounds.
--
https://code.launchpad.net/~wgrant/launchpad/own-the-xss-party/+merge/210367
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~wgrant/launchpad/own-the-xss-party into lp:launchpad.
=== modified file 'lib/lp/registry/browser/team.py'
--- lib/lp/registry/browser/team.py 2013-05-22 01:56:43 +0000
+++ lib/lp/registry/browser/team.py 2014-03-11 09:57:00 +0000
@@ -2063,17 +2063,16 @@
else:
relationship = 'an indirect member'
full_path = [self.context] + path
- path_string = '(%s)' % '⇒'.join(
- team.displayname for team in full_path)
+ path_template = '⇒'.join(['%s'] * len(full_path))
+ path_string = structured(
+ '(%s)' % path_template, *[team.displayname for team in full_path])
error = structured(
'Circular team memberships are not allowed. '
'%(new)s cannot be the new team owner, since %(context)s '
'is %(relationship)s of %(new)s. '
- '<span style="white-space: nowrap">%(path)s</span>'
- % dict(new=new_owner.displayname,
- context=self.context.displayname,
- relationship=relationship,
- path=path_string))
+ '<span style="white-space: nowrap">%(path)s</span>',
+ new=new_owner.displayname, context=self.context.displayname,
+ relationship=relationship, path=path_string)
self.setFieldError(self.ownerOrMaintainerName, error)
@property
Follow ups
