Anonymous avatar Anonymous committed bd57b9b

Port [2585] and [2586] to 0.9-stable.

Comments (0)

Files changed (4)

+Trac 0.9.1  (Dec 1, 2005)
+http://svn.edgewall.com/repos/trac/tags/trac-0.9.1
+
+ * Fixed SQL injection vulnerability in ticket query module.
+ * Fixed bugs: #1633, #2167, #2283, #2284, #2285, #2291, #2292, #2300,
+   #2318, #2329, #2366, #2369, #2373, #2383, #2416, #2457
+
+
 Trac 0.9  (Oct 31, 2005)
 http://svn.edgewall.com/repos/trac/tags/trac-0.9
 
-Trac 0.9 Release Notes
+Trac 0.9.1 Release Notes
 ============================
-Oct 31, 2005
+Dec 1, 2005
 
-We're proud to present our latest release - Trac 0.9.
+We're proud to present our latest release - Trac 0.9.1.
 
 Trac is an enhanced wiki and issue tracking system, integrated with
 Subversion, for software development projects. Trac uses a minimalistic
 
 What's New
 ----------
-A brief summary of major changes for version 0.9:
+A brief summary of major changes for version 0.9.1:
 
- * License changed from GPL to modified BSD.
- * Improved modularity and extendibility (plugin support).
- * Improved ticket query interface.
- * Postgresql database support.
- * FastCGI frontend support.
+ * Fix for an SQL injection vulnerability in the ticket query module.
 
 For a more complete list of improvements, see the ChangeLog at:
 

trac/ticket/query.py

         self.cols = [] # lazily initialized
 
         if self.order != 'id' \
-                and not self.order in [f['name'] for f in self.fields]:
+                and self.order not in [f['name'] for f in self.fields]:
             # order by priority by default
             self.order = 'priority'
 
+        if self.group not in [f['name'] for f in self.fields]:
+            self.group = None
+
     def from_string(cls, env, string, **kw):
         filters = string.split('&')
         constraints = {}

wiki-default/TracQuery

 
 You may want to save some queries so that you can come back to them later.  You can do this by making a link to the query from any Wiki page.
 {{{
-[query:status!=closed&version=0.8 Active tickets against 0.8]
+[query:status=new|assigned|reopened&version=0.8 Active tickets against 0.8]
 }}}
 
 Which is displayed as:
-  [query:status!=closed&version=0.8 Active tickets against 0.8]
+  [query:status=new|assigned|reopened&version=0.8 Active tickets against 0.8]
 
 This uses a very simple query language to specify the criteria (see [wiki:TracQuery#QueryLanguage Query Language]).
 
 Alternatively, you can copy the query string of a query and paste that into the Wiki link, including the leading `?` character:
 {{{
-[query:?status=assigned&group=owner Assigned tickets by owner]
+[query:?status=new&status=assigned&status=reopened&group=owner Assigned tickets by owner]
 }}}
 
 Whis is displayed as:
-  [query:?status=assigned&group=owner Assigned tickets by owner]
+  [query:?status=new&status=assigned&status=reopened&group=owner Assigned tickets by owner]
 
 The advantage of this approach is that you can also specify the grouping and ordering, which is not possible using the first syntax.
 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.