You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by he...@apache.org on 2015/08/10 19:32:50 UTC

[19/50] [abbrv] allura git commit: [#7947] don't allow any cached markdown from before this fix to be used

[#7947] don't allow any cached markdown from before this fix to be used


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/ad029f87
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/ad029f87
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/ad029f87

Branch: refs/heads/hs/7925
Commit: ad029f8752e8529fd7c5fe0928592ab8ed4f8c3a
Parents: dd3ca5b
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Mon Aug 3 18:49:21 2015 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Mon Aug 3 18:55:27 2015 +0000

----------------------------------------------------------------------
 Allura/allura/lib/app_globals.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/ad029f87/Allura/allura/lib/app_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/app_globals.py b/Allura/allura/lib/app_globals.py
index 2a7ee5c..5d262e8 100644
--- a/Allura/allura/lib/app_globals.py
+++ b/Allura/allura/lib/app_globals.py
@@ -103,11 +103,12 @@ class ForgeMarkdown(markdown.Markdown):
                 field_name, artifact.__class__.__name__)
             return self.convert(source_text)
 
+        bugfix_rev = 2  # increment this if we need all caches to invalidated (e.g. xss in markdown rendering fixed)
         md5 = None
         # If a cached version exists and it is valid, return it.
         if cache.md5 is not None:
             md5 = hashlib.md5(source_text.encode('utf-8')).hexdigest()
-            if cache.md5 == md5 and getattr(cache, 'fix7528', False):
+            if cache.md5 == md5 and getattr(cache, 'fix7528', False) == bugfix_rev:
                 return h.html.literal(cache.html)
 
         # Convert the markdown and time the result.
@@ -128,7 +129,7 @@ class ForgeMarkdown(markdown.Markdown):
             if md5 is None:
                 md5 = hashlib.md5(source_text.encode('utf-8')).hexdigest()
             cache.md5, cache.html, cache.render_time = md5, html, render_time
-            cache.fix7528 = True  # flag to indicate good caches created after [#7528] was fixed
+            cache.fix7528 = bugfix_rev  # flag to indicate good caches created after [#7528] and other critical bugs were fixed.
 
             # Prevent cache creation from updating the mod_date timestamp.
             _session = artifact_orm_session._get()