1 2010-12-16T00:09:13 *** m4k3r
2 2010-12-16T00:10:34 <diofeher> ThomasWaldmann, patches are sending direct to melange?
3 2010-12-16T00:17:31 *** Samm
4 2010-12-16T00:21:25 <dreimark> diofeher: yes or using bitbucket
5 2010-12-16T00:22:48 <diofeher> dreimark, can you send me link of repository in bitbucket?
6 2010-12-16T00:23:39 <dreimark> diofeher: https://bitbucket.org/thomaswaldmann/moin-2.0-dev
7 2010-12-16T00:23:56 <dreimark> students do fork it from there
8 2010-12-16T00:24:08 <dreimark> they have their individual repos
9 2010-12-16T00:24:21 *** grzywacz
10 2010-12-16T00:24:25 <diofeher> dreimark, ah nice! thanks
11 2010-12-16T00:25:22 <diofeher> i think the workflow is better this way
12 2010-12-16T00:26:06 <dreimark> http://moinmo.in/MoinMoin2.0
13 2010-12-16T00:33:06 * dreimark mail from ellen on the mentor list
14 2010-12-16T00:35:10 <dreimark> http://www.youtube.com/user/googOSPOstudntprgrms
15 2010-12-16T00:44:09 <diofeher> dreimark, how can i add myself to mentors in determined task?
16 2010-12-16T00:47:17 <dreimark> if the task is published now, then i think that is not possible
17 2010-12-16T00:47:29 *** rfw
18 2010-12-16T00:50:12 <dreimark> may be it can be done by edit of a task
19 2010-12-16T00:50:27 <dreimark> i am not sure if you can do this
20 2010-12-16T00:51:54 <dreimark> gn
21 2010-12-16T00:52:18 <diofeher> gn ^^
22 2010-12-16T01:06:26 *** rfw
23 2010-12-16T01:06:26 *** rfw
24 2010-12-16T05:22:09 *** kursor
25 2010-12-16T05:35:48 *** jordonwii
26 2010-12-16T06:13:09 *** kursor
27 2010-12-16T07:05:26 *** jordonwii
28 2010-12-16T08:16:14 *** GCIBot
29 2010-12-16T09:19:09 *** jbills
30 2010-12-16T09:22:10 *** kursor
31 2010-12-16T09:25:03 *** kursor
32 2010-12-16T09:25:59 *** grzywacz
33 2010-12-16T09:48:50 <dreimark> ThomasWaldmann: ronny diofeher xorAxAx please comment on http://www.google-melange.com/gci/task/show/google/gci2010/moinmoin/t129037970526 too
34 2010-12-16T09:51:56 <ronny> dreimark: i think it shoulndt just create userlink-chevron as id
35 2010-12-16T09:52:01 <ronny> since its used multiple times
36 2010-12-16T09:59:04 *** m4k3r
37 2010-12-16T10:12:26 <dreimark> bbl
38 2010-12-16T10:13:13 *** rfw
39 2010-12-16T10:15:09 *** grzywacz
40 2010-12-16T10:27:02 *** greg_f
41 2010-12-16T11:02:40 *** m4k3r
42 2010-12-16T12:27:18 *** m4k3r
43 2010-12-16T12:28:02 *** skylamer`
44 2010-12-16T13:00:33 *** skylamer`
45 2010-12-16T13:11:52 *** m4k3r
46 2010-12-16T13:15:24 *** magnus_
47 2010-12-16T13:53:59 <ThomasWaldmann> * This page was last modified on 24 January 2007, at 19:51.
48 2010-12-16T13:53:59 <ThomasWaldmann> * Text is available under the Creative Commons Attribution/Share-Alike License; additional terms may apply. See Terms of Use for details.
49 2010-12-16T13:54:02 <ThomasWaldmann> * Privacy policy
50 2010-12-16T13:54:05 <ThomasWaldmann> * About MediaWiki.org
51 2010-12-16T13:54:07 <ThomasWaldmann> * Disclaimers
52 2010-12-16T13:54:28 <ThomasWaldmann> this, without the " * " is the standard footer of mediawiki
53 2010-12-16T13:54:54 <ThomasWaldmann> simple and extendable somehow :)
54 2010-12-16T13:55:10 <ThomasWaldmann> shall we do it in a similar way for modernized?
55 2010-12-16T13:55:41 <ThomasWaldmann> i.e.: not centering, moving last edit info there?
56 2010-12-16T13:56:09 <ThomasWaldmann> could be an easytodo :)
57 2010-12-16T14:03:08 *** jbills
58 2010-12-16T14:03:16 <jbills> moin
59 2010-12-16T14:17:41 <ThomasWaldmann> hi jbills
60 2010-12-16T14:19:54 <jbills> dreimark: I have fixed a major bug in my code. I only shows minimize on items with subitems.
61 2010-12-16T14:19:55 *** skylamer`
62 2010-12-16T14:43:37 *** skylamer`
63 2010-12-16T14:55:02 <ThomasWaldmann> jbills: ah, good :) will also have a look after work.
64 2010-12-16T15:06:50 *** skylamer`
65 2010-12-16T15:43:54 <dreimark> jbills: i look later into it. do you have readed my other lines too?
66 2010-12-16T15:44:08 <dreimark> i prefer to see a title if collapsed
67 2010-12-16T15:44:24 <jbills> ok. my dad just told me that
68 2010-12-16T15:51:17 <jbills> how do you use multiple % in a statment
69 2010-12-16T15:51:18 <jbills> ?
70 2010-12-16T15:51:55 *** raignarok
71 2010-12-16T16:04:14 <ThomasWaldmann> jbills: what do you mean exactly?
72 2010-12-16T16:04:22 <jbills> nevermind
73 2010-12-16T16:05:15 <jbills> why is there & and quot; in my output?
74 2010-12-16T16:08:17 <jbills> I am trying to put quotes around my %s. It results in that
75 2010-12-16T16:29:30 <dreimark> jbills: the output must be escaped
76 2010-12-16T16:29:45 <jbills> how?
77 2010-12-16T16:30:26 <dreimark> later by jinja autoescape, currently likly by the formatter
78 2010-12-16T16:30:37 <dreimark> or a wikiutil function
79 2010-12-16T16:30:51 <dreimark> if it is not escaped one can do XSS
80 2010-12-16T16:33:11 <TheSheep> wrap it in Markup() to prevent escaping
81 2010-12-16T16:35:52 <jbills> I use \ but that did not help
82 2010-12-16T16:41:36 <ThomasWaldmann> http://moinmo.in/EasyToDo/update%20moin%201.9%20system%20pages please review ASAP (we have 1 student waiting for that)
83 2010-12-16T16:45:28 * dreimark builds currently various scientific library packages for debian
84 2010-12-16T16:48:45 <jbills> I use \ but that did not help
85 2010-12-16T16:49:53 <dreimark> jbills: 16:33 < TheSheep> wrap it in Markup() to prevent escaping
86 2010-12-16T16:50:09 <jbills> ok
87 2010-12-16T16:52:57 <jbills> "togglein(%s,\"%s\",\"%s\")" % (count, id, text)
88 2010-12-16T16:53:12 <jbills> NameError: global name 'Markup' is not defined
89 2010-12-16T16:53:26 <jbills> sorry ignore the first one
90 2010-12-16T16:55:33 <dreimark> from jinja2.utils import Markup ?
91 2010-12-16T17:00:11 <jbills> did not help
92 2010-12-16T17:01:56 <dreimark> >>> from jinja2.utils import Markup
93 2010-12-16T17:01:56 <dreimark> >>> print Markup('"test"')
94 2010-12-16T17:02:15 <dreimark> print Markup('"%s<>test"')
95 2010-12-16T17:02:22 <dreimark> works for me too
96 2010-12-16T17:02:44 <dreimark> so what exactly do you talk about
97 2010-12-16T17:07:39 <jbills> it works but when it reaches the browser it has & and quot;
98 2010-12-16T17:17:52 <pvinogradov> Hi ThomasWaldmann
99 2010-12-16T17:18:21 <pvinogradov> thanks for code review and comments
100 2010-12-16T17:18:50 <pvinogradov> i have only one question, suggestion about: "onsider moving the ssha256 stuff into the loop also"
101 2010-12-16T17:19:13 <pvinogradov> maybe move ssha256 stuff before loop is better - https://bitbucket.org/pavel_vinogradov/gci10-moin-2.0-dev/changeset/296a33873d5e
102 2010-12-16T17:21:48 <ThomasWaldmann> hi pvinogradov
103 2010-12-16T17:22:16 <ThomasWaldmann> pvinogradov: before loop was also my first idea. until i noticed that in the loop might be even easier :)
104 2010-12-16T17:22:36 <ThomasWaldmann> afaics it only needs that one "if" additionally
105 2010-12-16T17:25:38 <pvinogradov> yes, but loop seems like "password upgrade" stuff
106 2010-12-16T17:26:36 <ThomasWaldmann> pvinogradov: if some day someone breaks ssha256 and we want to move to ssha1024, we could keep it where it is
107 2010-12-16T17:26:53 <ThomasWaldmann> and the pw checking is same
108 2010-12-16T17:27:17 <ThomasWaldmann> as i said, it seems to miss only that if method != theonewewant: upgrade()
109 2010-12-16T17:27:58 <ThomasWaldmann> or do you see something that should keep us from moving it into loop?
110 2010-12-16T17:28:33 <pvinogradov> comment before loop confuse me
111 2010-12-16T17:30:00 <pvinogradov> but you know this code much better than me, i will prepare patch
112 2010-12-16T17:30:19 <jbills> dreimak: http://pastebin.com/rDz0Tv6F I need to be able to pass the text of the headings to this function. when I do I get " instead of "
113 2010-12-16T17:33:16 <jbills> dreimak: http://pastebin.com/rDz0Tv6F I need to be able to pass the text of the headings to this function. when I do I get " instead of "
114 2010-12-16T17:33:28 <jbills> dreimark: http://pastebin.com/rDz0Tv6F I need to be able to pass the text of the headings to this function. when I do I get " instead of "
115 2010-12-16T17:33:37 <jbills> sorry bad r key
116 2010-12-16T17:47:49 <ThomasWaldmann> pvinogradov: all you need to know is right there :)
117 2010-12-16T17:53:23 <dreimark> jbills: try '
118 2010-12-16T17:53:42 <jbills> ok
119 2010-12-16T17:56:59 <dreimark> bbl
120 2010-12-16T17:57:14 *** raignarok
121 2010-12-16T17:59:43 <jbills> dreimark: TypeError: not all arguments converted during string formatting
122 2010-12-16T17:59:44 <pvinogradov> hmm, i'm not sure but it seems like i found security bug in original moin-2.0
123 2010-12-16T18:00:12 <ThomasWaldmann> tell :)
124 2010-12-16T18:01:35 <ThomasWaldmann> http://www.google-melange.com/gci/task/show/google/gci2010/moinmoin/t129037970084#c1001 i hope that was not too rude :)
125 2010-12-16T18:02:08 <jbills> oops used dollar sign instead of percent
126 2010-12-16T18:02:56 <pvinogradov> create new user, login, go to settings change password
127 2010-12-16T18:03:32 <pvinogradov> fill Current Password with any characters
128 2010-12-16T18:03:40 <pvinogradov> and provide new password
129 2010-12-16T18:05:29 <ThomasWaldmann> 821 if not element['password_current'].value: # XXX add the real pw check
130 2010-12-16T18:05:32 <ThomasWaldmann> this?
131 2010-12-16T18:06:02 <pvinogradov> maybe, i'm still don't find this code
132 2010-12-16T18:06:03 <ThomasWaldmann> http://hg.moinmo.in/moin/2.0-dev/file/43c80eb8741f/MoinMoin/apps/frontend/views.py from there
133 2010-12-16T18:06:38 <ThomasWaldmann> you could claim an easy bugfix task afterwards :)
134 2010-12-16T18:07:06 <pvinogradov> yes, i'm glad to fix it:)
135 2010-12-16T18:10:03 <ThomasWaldmann> nice how tasks create new tasks :D
136 2010-12-16T18:16:23 <pvinogradov> in any case - i'm implement all suggestion about secure password storage code
137 2010-12-16T18:21:07 *** m4k3r
138 2010-12-16T18:43:09 <ThomasWaldmann> pvinogradov: i just look at your changesets (but have to leave soon)
139 2010-12-16T18:43:40 <ThomasWaldmann> https://bitbucket.org/pavel_vinogradov/gci10-moin-2.0-dev/src/e9cf0ce0fae0/MoinMoin/user.py looking at this right now
140 2010-12-16T18:44:42 <pvinogradov> no problem, i will back tomorrow again:)
141 2010-12-16T18:44:50 <ThomasWaldmann> pvinogradov: how about modifying 416 so it is rather like 423?
142 2010-12-16T18:45:43 <ThomasWaldmann> and then inserting a check before line 443 whether upgrade is needed
143 2010-12-16T18:46:15 <ThomasWaldmann> the point about that is that we'ld have exactly one place then where a password is checked, not 2
144 2010-12-16T18:46:57 <ThomasWaldmann> and the code in 410..440 would be very consistent internally
145 2010-12-16T18:47:14 <ThomasWaldmann> and if we ever need to add another method, this could would not need changes
146 2010-12-16T18:48:04 <ThomasWaldmann> ok, i need to go, bbl
147 2010-12-16T18:57:36 *** magnus_
148 2010-12-16T19:05:02 *** grzywacz
149 2010-12-16T19:05:02 *** grzywacz
150 2010-12-16T19:27:57 <m4k3r> ThomasWaldmann: the documentation on MoinMoin.auth is poor; could you explain me how to redirect to another page _in_ the auth.login method? Especially I would know what happens calling a MultistageRedirectLogin; should I just subclass it or call it from the login method (and, if so, which method is called after the redirect?)?
151 2010-12-16T19:32:14 *** raignarok
152 2010-12-16T19:41:58 *** raignarok
153 2010-12-16T19:42:13 *** raignarok
154 2010-12-16T19:47:35 *** raignarok
155 2010-12-16T19:55:20 *** greg_f
156 2010-12-16T20:12:29 <ThomasWaldmann> m4k3r: multistage is not from me, so i can't tell much more
157 2010-12-16T20:18:51 <ThomasWaldmann> m4k3r: is that moin2 or 1.9 what you are talking about?
158 2010-12-16T20:19:03 <m4k3r> ThomasWaldmann: moin2.
159 2010-12-16T20:20:05 <ThomasWaldmann> multistage in moin2 is likely not functional
160 2010-12-16T20:20:19 <ThomasWaldmann> have a look at 1.9
161 2010-12-16T20:21:56 *** rfw
162 2010-12-16T20:23:02 <m4k3r> ThomasWaldmann: also, has MoinMoin something like a base_url variable?
163 2010-12-16T20:26:51 <ThomasWaldmann> use url_for()
164 2010-12-16T20:27:59 <m4k3r> ThomasWaldmann: url_for('frontend.show_root') gives me a BuildError :\
165 2010-12-16T20:29:53 *** Samm
166 2010-12-16T20:35:31 *** Samm
167 2010-12-16T20:35:42 *** Sammy
168 2010-12-16T20:35:51 *** raignarok
169 2010-12-16T20:44:03 * m4k3r don't uderstands why in MoinMoin.auth.__init__, line 386, the login form immediately raises an error while it should render it.
170 2010-12-16T20:49:58 *** skylamer`
171 2010-12-16T21:09:02 <m4k3r> ThomasWaldmann, dreimark: someone of you has few minutes to explain me a line I don't understand in MoinMoin/auth/__init__.py? There's no much time left until the deadline.
172 2010-12-16T21:14:07 *** Samm_
173 2010-12-16T21:14:31 <jbills> dreimark: Done with the headings. tested compatability.
174 2010-12-16T21:31:04 <jbills> google melange uploads are not working.
175 2010-12-16T22:11:59 *** eSyr
176 2010-12-16T22:19:04 *** eSyr
177 2010-12-16T22:50:05 *** moinBot`
178 2010-12-16T22:50:38 *** ChanServ
179 2010-12-16T22:50:39 *** xjjk
180 2010-12-16T22:50:40 *** ThomasWaldmann
181 2010-12-16T22:50:44 *** franklin_
182 2010-12-16T22:50:45 *** TheSheep
183 2010-12-16T22:50:45 *** xorAxAx
184 2010-12-16T22:50:46 *** CIA-62
185 2010-12-16T22:50:49 *** blathijs
186 2010-12-16T22:50:50 *** dreimark
187 2010-12-16T22:50:50 *** moinBot
188 2010-12-16T22:50:50 *** valeuf
189 2010-12-16T22:50:52 *** kapace__
190 2010-12-16T22:50:59 *** eSyr
191 2010-12-16T22:53:05 *** TheSheep
192 2010-12-16T22:53:05 *** dreimark
193 2010-12-16T22:53:10 *** blathijs
194 2010-12-16T22:53:30 <dreimark> m4k3r: http://hg.moinmo.in/moin/1.9/file/021c1f6d3272/MoinMoin/auth/__init__.py#l410 this line in 1.9
195 2010-12-16T22:57:11 <dreimark> gn
196 2010-12-16T22:57:21 <m4k3r> dreimark: !
197 2010-12-16T22:57:22 <m4k3r> https://bitbucket.org/thomaswaldmann/moin-2.0-dev/src/43c80eb8741f/MoinMoin/auth/__init__.py#cl-385
198 2010-12-16T22:57:27 <m4k3r> That's the same here.
199 2010-12-16T22:57:40 <m4k3r> But why immediately abort?
200 2010-12-16T22:57:53 <m4k3r> It should render the page, and if any error, abort.
201 2010-12-16T22:58:09 *** franklin
202 2010-12-16T22:58:09 *** kapace__
203 2010-12-16T22:58:09 *** xjjk
204 2010-12-16T22:58:09 *** ChanServ
205 2010-12-16T22:58:09 *** ThomasWaldmann
206 2010-12-16T22:58:09 *** CIA-62
207 2010-12-16T22:58:09 *** barjavel.freenode.net
208 2010-12-16T23:00:25 *** valeuf
209 2010-12-16T23:05:18 *** xorAxAx
210 2010-12-16T23:21:30 <ThomasWaldmann> re
211 2010-12-16T23:21:53 <ThomasWaldmann> m4k3r: still there?
212 2010-12-16T23:23:04 *** raignarok
213 2010-12-16T23:32:04 <m4k3r> ThomasWaldmann: re.
214 2010-12-16T23:32:18 <ThomasWaldmann> ok, so the question is ...?
215 2010-12-16T23:32:33 <m4k3r> ThomasWaldmann: https://bitbucket.org/thomaswaldmann/moin-2.0-dev/src/43c80eb8741f/MoinMoin/auth/__init__.py#cl-385
216 2010-12-16T23:32:58 <m4k3r> Why here we don't redirect to the url given?
217 2010-12-16T23:34:45 <ThomasWaldmann> no idea. what's the problem?
218 2010-12-16T23:35:32 <m4k3r> The problem is that I return the url for the user's OpenID authentication, but it aborts() that url.
219 2010-12-16T23:35:52 <m4k3r> To be more precise:
220 2010-12-16T23:37:41 <m4k3r> https://bitbucket.org/thomaswaldmann/moin-2.0-dev/src/43c80eb8741f/MoinMoin/auth/__init__.py#cl-187
221 2010-12-16T23:38:03 <m4k3r> I use this class to return the OpenID authentication page, which leads to
222 2010-12-16T23:38:21 <m4k3r> https://bitbucket.org/thomaswaldmann/moin-2.0-dev/src/43c80eb8741f/MoinMoin/auth/__init__.py#cl-356
223 2010-12-16T23:38:58 <m4k3r> that is, handle_login(), the function which aborts() instead of redirecting my url.
224 2010-12-16T23:40:26 *** jbills
225 2010-12-16T23:41:18 <m4k3r> If you look at my actual code (as you can see, fresh and without any cleanup), you will see how I call MultistageRedirectLogin.
226 2010-12-16T23:41:19 <m4k3r> https://bitbucket.org/maker/moin-2.0-dev/src/18b6da525afc/MoinMoin/auth/openid_login.py#cl-49
227 2010-12-16T23:41:23 *** samm
228 2010-12-16T23:41:24 <ThomasWaldmann> abort(redirect(u)) should redirect to u
229 2010-12-16T23:41:53 <m4k3r> ThomasWaldmann: it doesn't. It's an Aborter() instance.
230 2010-12-16T23:43:11 <m4k3r> https://bitbucket.org/thomaswaldmann/moin-2.0-dev/src/43c80eb8741f/MoinMoin/support/werkzeug/exceptions.py#cl-440
231 2010-12-16T23:43:16 <m4k3r> ^ defined here.
232 2010-12-16T23:43:22 * m4k3r loves ctags.
233 2010-12-16T23:43:48 <ThomasWaldmann> redirect_url = request.redirectURL(...) what's that?
234 2010-12-16T23:44:36 <m4k3r> ThomasWaldmann: there I use the python-openid library to get the link to the authentication page.
235 2010-12-16T23:45:57 *** jbills
236 2010-12-16T23:50:41 *** jbills
237 2010-12-16T23:52:12 <m4k3r> Any idea?