You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2015/08/03 20:57:46 UTC
[4/4] allura git commit: [#7947] don't allow any cached markdown from
before this fix to be used
[#7947] don't allow any cached markdown from before this fix to be used
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/ad029f87
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/ad029f87
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/ad029f87
Branch: refs/heads/db/7947
Commit: ad029f8752e8529fd7c5fe0928592ab8ed4f8c3a
Parents: dd3ca5b
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Mon Aug 3 18:49:21 2015 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Mon Aug 3 18:55:27 2015 +0000
----------------------------------------------------------------------
Allura/allura/lib/app_globals.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/ad029f87/Allura/allura/lib/app_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/app_globals.py b/Allura/allura/lib/app_globals.py
index 2a7ee5c..5d262e8 100644
--- a/Allura/allura/lib/app_globals.py
+++ b/Allura/allura/lib/app_globals.py
@@ -103,11 +103,12 @@ class ForgeMarkdown(markdown.Markdown):
field_name, artifact.__class__.__name__)
return self.convert(source_text)
+ bugfix_rev = 2 # increment this if we need all caches to invalidated (e.g. xss in markdown rendering fixed)
md5 = None
# If a cached version exists and it is valid, return it.
if cache.md5 is not None:
md5 = hashlib.md5(source_text.encode('utf-8')).hexdigest()
- if cache.md5 == md5 and getattr(cache, 'fix7528', False):
+ if cache.md5 == md5 and getattr(cache, 'fix7528', False) == bugfix_rev:
return h.html.literal(cache.html)
# Convert the markdown and time the result.
@@ -128,7 +129,7 @@ class ForgeMarkdown(markdown.Markdown):
if md5 is None:
md5 = hashlib.md5(source_text.encode('utf-8')).hexdigest()
cache.md5, cache.html, cache.render_time = md5, html, render_time
- cache.fix7528 = True # flag to indicate good caches created after [#7528] was fixed
+ cache.fix7528 = bugfix_rev # flag to indicate good caches created after [#7528] and other critical bugs were fixed.
# Prevent cache creation from updating the mod_date timestamp.
_session = artifact_orm_session._get()