-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all.
I've found a bug in Trac 0.10.3.1 where a "malicious" user can post ticket comments having a non-integer value in the replyto-field of the form. Trac does accept that input and stores it in the database. Looking at a ticket that has received such a comment then fails with a Traceback stating "ValueError: invalid literal for int():". Details are provided in ticket #5166 [1]. pacopablo in #trac suggested that I also send a short note to this list, as this probably should get fixed before 0.10.4 gets released. Bye, Mike [1] http://trac.edgewall.org/ticket/5166 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkYlreMACgkQa3V7dXg8JKuSJQCguW2JnF+6Pqpj86of2HtxMZUF T20AoIHQ4o2W2jJurmSPZzoIj/eh5Q2O =wf6M -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
