On Thu, Nov 26, 2009 at 11:08 AM, Michael Hudson <[email protected]> wrote:
Something that turns out to a bit annoying when you try to test bzr-svn with Launchpad is that bzr doesn't allow a netloc part in file:// urls and the launchpad "valid_absolute_url" insists on a netloc in all URLs (of course it's essentially always 'localhost' in file:// URLs). This is a bit stupid for bzr and I'll fix it to accept file://localhost/ URLs, but would it be possible to change this for Launchpad too?
I would think file: URLs are one of the things that valid_absolute_url is supposed to catch, as on the production system it would certainly indicate a mistake or an attack (the database constraint is our second layer of defense after the form validation). (I won't fix valid_absolute_url just now in case someone can point out sane use cases for allowing file: URLs to be accepted). -- Stuart Bishop <[email protected]> http://www.stuartbishop.net/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
