[Tracker-discuss] [issue270] Upgrade to 1.4.8

Daniel Diniz metatracker at psf.upfronthosting.co.za
Mon Apr 13 20:19:53 CEST 2009

Daniel Diniz <ajaksu at gmail.com> added the comment:

Martin v. Löwis wrote:
> Why is it necessary to spell the method in lower case?

Not necessary, but it is the correct way for the doctype we use:
http://tinyurl.com/tracker-validation (it's also already in lower case
in page.html). Since I had to add 'method="post"' to some forms (that
wouldn't work without it after the upgrade), I standardized on lower
case and later made all forms use this spelling.

Should I keep this change (lowercasing existing POSTs) out of the 1.4.8 patch?

I want to fix the other validation issues too, before adding some
template RFEs (like anchors for messages in issue view, so you can
link to a message in its context, element ids, etc.).

> I don't think we need to 2.3 compatibility, the the anypy import of set is
> unnecessary (IMO).

I'd like to gradually make our template more general were it doesn't
cause us harm. I'm fine with relying on set() being built-in and I can
edit the patch on that assumption. But the fact that our
nosyreaction.py still uses "import sets [...] sets.Set()" makes me
think that the least we diverge from upstream (without creating more
work for us), the better.

IMHO, both explicitly targeting a specific (set of) version(s) or
using the anypy helper could help us make our detectors better and
less prone to bit-rot. So, what would you prefer: target 2.4 and above
(2.x), target  2.4-2.6, rely on anypy, something else?

> I'd rather see this patch restricted to what is really necessary for 1.4.8
> upgrade, so:
> - I have already committed the typo in file.index.html (thanks!)
> - I wonder why _generic.help now uses "structure"

The patch makes it stop using structure, which fixes some security
issues in the helpers: structure means "do not encode '<' and '>' ",
making it possible to use raw html there. As Richard said, some of our
problems in this area are fixed upstream in the classic template.

I'll re-create the patch based on your feedback, thanks for reviewing!

PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>

More information about the Tracker-discuss mailing list