Fix bugs and a security issue

* admin/hosts.ptl: bad variable name * admin/users.ptl: fix the ctach of the EmailErorr exception * errors.ptl: cast "after_url" to string * sessions.py: fix security issue: session attributtes was shared by everybody * po/fr.po: translate everything git-svn-id: svn+ssh://labs.libre-entreprise.org/svnroot/larpe@473 3ed937ae-f919-0410-9a43-8e6f19e4ba6e
2009-09-16 13:06:47 +00:00 · 2009-09-16 13:06:47 +00:00 · 033ff593d8
parent 298ab6e5aa
commit 033ff593d8
7 changed files with 4595 additions and 4209 deletions
--- a/larpe/trunk/larpe/admin/hosts.ptl
+++ b/larpe/trunk/larpe/admin/hosts.ptl
@ -1056,7 +1056,7 @@ back and check your settings.''') % { 'finish': _('Finish') }
                if frame_url.startswith('http'):
                    frame_full_url = frame_url
                else:
-                    page_url_tokens = page_url.split('/')
+                    page_url_tokens = frame_url.split('/')
                    page_url_tokens[-1] = frame_url
                    frame_full_url = '/'.join(page_url_tokens)
                self.parse_page(frame_full_url)
--- a/larpe/trunk/larpe/admin/users.ptl
+++ b/larpe/trunk/larpe/admin/users.ptl
@ -6,6 +6,7 @@ from quixote import get_request, get_session, redirect, get_publisher
 from quixote.directory import Directory

 from qommon.admin.menu import html_top, error_page, command_icon
+from qommon.errors import EmailError
 from qommon.form import *
 from qommon import emails

@ -177,7 +178,7 @@ Click on %(url)s to use it.
 """) % {'token': self.user.identification_token, 'url': site_url}
                try:
                    emails.email(_('Identification Token'), body, self.user.email)
-                except errors.EmailError, e:
+                except EmailError, e:
                    html_top('users', title = _('Identification Token'))
                    _('Failed sending email. Check your email configuration.')
                    '<div class="buttons"><a href=".."><input type="button" value="%s" /></a></div><br />' % _('Back')
--- a/larpe/trunk/larpe/errors.ptl
+++ b/larpe/trunk/larpe/errors.ptl
@ -10,5 +10,6 @@ class AccessUnauthorizedError(AccessError):
        session.after_url = request.get_url()
        if query:
            session.after_url += '?' + query
+            session.after_url = str(session.after_url)
        login_url = '%s/liberty/larpe/login' % request.environ['SCRIPT_NAME']
        redirect(login_url)
--- a/larpe/trunk/larpe/sessions.py
+++ b/larpe/trunk/larpe/sessions.py
@ -13,9 +13,11 @@ class BasicSession(Session):
    '''Session object. Configuration variables and utilities'''
    _names = 'sessions'

-    users = {}
-    lasso_session_dumps = {}
-    provider_id = None
+    def __init__(self, id):
+        self.users = {}
+        self.lasso_session_dumps = {}
+        self.provider_id = None
+        Session.__init__(self, id)

    def has_info(self):
        return self.users or self.lasso_session_dumps or self.provider_id or Session.has_info(self)
--- a/larpe/trunk/larpe/site_authentication.ptl
+++ b/larpe/trunk/larpe/site_authentication.ptl
@ -277,6 +277,9 @@ class SiteAuthentication:
        return success, return_content

    def local_logout(self, federation=None, user=None):
+        """
+        TODO : recode with twill
+        """
        if federation is None and user is not None:
            federations = Federation.select(lambda x: user.name_identifiers[0] in x.name_identifiers)
            if federations:
--- a/larpe/trunk/po/fr.po
+++ b/larpe/trunk/po/fr.po
--- a/larpe/trunk/po/larpe.pot
+++ b/larpe/trunk/po/larpe.pot