#589: Improve security and verbosity of the "Trac Environment needs to be
upgraded" message
-------------------------+--------------------
Reporter: rjollos | Owner: nobody
Type: enhancement | Status: new
Priority: major | Milestone:
Component: trac core | Version:
Keywords: |
-------------------------+--------------------
A discussion occurred on the [http://markmail.org/message/2yimvwnaxavxuopt
mailing list] regarding the //Trac Environment needs to be upgraded//
message. A typical example of the message that displays in the browser
after upgrading Bloodhound or Trac, or installing / upgrading a plugin is:
{{{
Error
TracError: The Trac Environment needs to be upgraded.
Run "trac-admin
/home/user/Workspace/bh586/bloodhound/installer/bloodhound/environments/sqlite
upgrade"
}}}
Two suggestions resulted from the discussion:
* It would be preferable if the server path was not revealed to a user
that doesn't have the `TRAC_ADMIN` permission. Users without `TRAC_ADMIN`
might only see a HTTP 503 ''Service unavailable'' response with body
//Under maintenance//.
* Since Bloodhound will often be installed in a virtualenv (as is
suggested in the Installation Instructions), the full path to `trac-admin`
should be provided in the message. The specific case that came up in the
mailing list discussion was that the user had Trac installed in the global
packages directory and was inadvertently running the `trac-admin`
associated with that install because they had not run the activate script
in their virtualenv or provided the full path to `trac-admin` in the
virtualenv.
The changes associated with this ticket will most likely be suggested for
the Trac core.
--
Ticket URL: <https://issues.apache.org/bloodhound/ticket/589>
Apache Bloodhound <https://issues.apache.org/bloodhound/>
The Apache Bloodhound issue tracker