Hello community, here is the log from the commit of package python-Mako for openSUSE:Factory checked in at 2011-11-14 13:35:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Mako (Old) and /work/SRC/openSUSE:Factory/.python-Mako.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-Mako", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/python-Mako/python-Mako.changes 2011-09-23 12:42:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python-Mako.new/python-Mako.changes 2011-11-14 13:35:53.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Nov 10 10:53:53 UTC 2011 - saschpe@suse.de + +- Update to version 0.5.0: + * A Template is explicitly disallowed from having a url that + normalizes to relative outside of the root. [ticket:174] + +------------------------------------------------------------------- Old: ---- Mako-0.4.2.tar.gz New: ---- Mako-0.5.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Mako.spec ++++++ --- /var/tmp/diff_new_pack.dnnSFw/_old 2011-11-14 13:35:54.000000000 +0100 +++ /var/tmp/diff_new_pack.dnnSFw/_new 2011-11-14 13:35:54.000000000 +0100 @@ -18,8 +18,8 @@ Name: python-Mako -Version: 0.4.2 -Release: 1 +Version: 0.5.0 +Release: 0 Url: http://www.makotemplates.org/ Summary: A super-fast Python templating language License: MIT ++++++ Mako-0.4.2.tar.gz -> Mako-0.5.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/CHANGES new/Mako-0.5.0/CHANGES --- old/Mako-0.4.2/CHANGES 2011-08-05 23:45:38.000000000 +0200 +++ new/Mako-0.5.0/CHANGES 2011-09-28 02:26:06.000000000 +0200 @@ -1,3 +1,22 @@ +0.5 +- A Template is explicitly disallowed + from having a url that normalizes to relative outside + of the root. That is, if the Lookup is based + at /home/mytemplates, an include that would place + the ultimate template at + /home/mytemplates/../some_other_directory, + i.e. outside of /home/mytemplates, + is disallowed. This usage was never intended + despite the lack of an explicit check. + The main issue this causes + is that module files can be written outside + of the module root (or raise an error, if file perms aren't + set up), and can also lead to the same template being + cached in the lookup under multiple, relative roots. + TemplateLookup instead has always supported multiple + file roots for this purpose. + [ticket:174] + 0.4.2 - Fixed bug regarding <%call>/def calls w/ content whereby the identity of the "caller" callable diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/Mako.egg-info/PKG-INFO new/Mako-0.5.0/Mako.egg-info/PKG-INFO --- old/Mako-0.4.2/Mako.egg-info/PKG-INFO 2011-08-05 23:48:05.000000000 +0200 +++ new/Mako-0.5.0/Mako.egg-info/PKG-INFO 2011-09-28 02:32:40.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: Mako -Version: 0.4.2 +Version: 0.5.0 Summary: A super-fast templating language that borrows the best ideas from the existing templating languages. Home-page: http://www.makotemplates.org/ Author: Mike Bayer diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/Mako.egg-info/SOURCES.txt new/Mako-0.5.0/Mako.egg-info/SOURCES.txt --- old/Mako-0.4.2/Mako.egg-info/SOURCES.txt 2011-08-05 23:48:05.000000000 +0200 +++ new/Mako-0.5.0/Mako.egg-info/SOURCES.txt 2011-09-28 02:32:40.000000000 +0200 @@ -151,6 +151,7 @@ test/templates/unicode_runtime_error.html test/templates/unicode_syntax_error.html test/templates/foo/modtest.html.py +test/templates/othersubdir/foo.html test/templates/subdir/incl.html test/templates/subdir/index.html test/templates/subdir/modtest.html diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/PKG-INFO new/Mako-0.5.0/PKG-INFO --- old/Mako-0.4.2/PKG-INFO 2011-08-05 23:48:05.000000000 +0200 +++ new/Mako-0.5.0/PKG-INFO 2011-09-28 02:32:41.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: Mako -Version: 0.4.2 +Version: 0.5.0 Summary: A super-fast templating language that borrows the best ideas from the existing templating languages. Home-page: http://www.makotemplates.org/ Author: Mike Bayer diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/_static/docs.css new/Mako-0.5.0/doc/_static/docs.css --- old/Mako-0.4.2/doc/_static/docs.css 2011-08-05 23:45:38.000000000 +0200 +++ new/Mako-0.5.0/doc/_static/docs.css 2011-09-28 02:26:06.000000000 +0200 @@ -186,6 +186,12 @@ padding:10px 0px 10px 0px; } +/* take out sphinx/pygments putting some kind +of green background here... */ +.highlight { + background:none; +} + pre { background-color: #f0f0f0; border: solid 1px #ccc; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/build/static/docs.css new/Mako-0.5.0/doc/build/static/docs.css --- old/Mako-0.4.2/doc/build/static/docs.css 2011-08-05 23:45:38.000000000 +0200 +++ new/Mako-0.5.0/doc/build/static/docs.css 2011-09-28 02:26:06.000000000 +0200 @@ -186,6 +186,12 @@ padding:10px 0px 10px 0px; } +/* take out sphinx/pygments putting some kind +of green background here... */ +.highlight { + background:none; +} + pre { background-color: #f0f0f0; border: solid 1px #ccc; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/caching.html new/Mako-0.5.0/doc/caching.html --- old/Mako-0.4.2/doc/caching.html 2011-08-05 23:45:59.000000000 +0200 +++ new/Mako-0.5.0/doc/caching.html 2011-09-28 02:26:30.000000000 +0200 @@ -7,7 +7,7 @@ <title> Caching - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="prev" title="The Unicode Chapter" href="unicode.html" /> @@ -38,7 +38,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -50,7 +50,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/defs.html new/Mako-0.5.0/doc/defs.html --- old/Mako-0.4.2/doc/defs.html 2011-08-05 23:46:00.000000000 +0200 +++ new/Mako-0.5.0/doc/defs.html 2011-09-28 02:26:30.000000000 +0200 @@ -7,7 +7,7 @@ <title> Defs and Blocks - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="next" title="The Mako Runtime Environment" href="runtime.html" /> <link rel="prev" title="Syntax" href="syntax.html" /> @@ -39,7 +39,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -51,7 +51,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/filtering.html new/Mako-0.5.0/doc/filtering.html --- old/Mako-0.4.2/doc/filtering.html 2011-08-05 23:46:00.000000000 +0200 +++ new/Mako-0.5.0/doc/filtering.html 2011-09-28 02:26:30.000000000 +0200 @@ -7,7 +7,7 @@ <title> Filtering and Buffering - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="next" title="The Unicode Chapter" href="unicode.html" /> <link rel="prev" title="Inheritance" href="inheritance.html" /> @@ -39,7 +39,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -51,7 +51,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/genindex.html new/Mako-0.5.0/doc/genindex.html --- old/Mako-0.4.2/doc/genindex.html 2011-08-05 23:46:01.000000000 +0200 +++ new/Mako-0.5.0/doc/genindex.html 2011-09-28 02:26:31.000000000 +0200 @@ -7,7 +7,7 @@ <title> Index - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="#" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> @@ -37,7 +37,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -49,7 +49,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/index.html new/Mako-0.5.0/doc/index.html --- old/Mako-0.4.2/doc/index.html 2011-08-05 23:46:00.000000000 +0200 +++ new/Mako-0.5.0/doc/index.html 2011-09-28 02:26:30.000000000 +0200 @@ -7,7 +7,7 @@ <title> Table of Contents - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="#" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="#" /> <link rel="next" title="Usage" href="usage.html" /> @@ -38,7 +38,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -50,7 +50,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/inheritance.html new/Mako-0.5.0/doc/inheritance.html --- old/Mako-0.4.2/doc/inheritance.html 2011-08-05 23:46:00.000000000 +0200 +++ new/Mako-0.5.0/doc/inheritance.html 2011-09-28 02:26:31.000000000 +0200 @@ -7,7 +7,7 @@ <title> Inheritance - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="next" title="Filtering and Buffering" href="filtering.html" /> <link rel="prev" title="Namespaces" href="namespaces.html" /> @@ -39,7 +39,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -51,7 +51,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/namespaces.html new/Mako-0.5.0/doc/namespaces.html --- old/Mako-0.4.2/doc/namespaces.html 2011-08-05 23:46:00.000000000 +0200 +++ new/Mako-0.5.0/doc/namespaces.html 2011-09-28 02:26:31.000000000 +0200 @@ -7,7 +7,7 @@ <title> Namespaces - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="next" title="Inheritance" href="inheritance.html" /> <link rel="prev" title="The Mako Runtime Environment" href="runtime.html" /> @@ -39,7 +39,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -51,7 +51,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/runtime.html new/Mako-0.5.0/doc/runtime.html --- old/Mako-0.4.2/doc/runtime.html 2011-08-05 23:46:00.000000000 +0200 +++ new/Mako-0.5.0/doc/runtime.html 2011-09-28 02:26:31.000000000 +0200 @@ -7,7 +7,7 @@ <title> The Mako Runtime Environment - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="next" title="Namespaces" href="namespaces.html" /> <link rel="prev" title="Defs and Blocks" href="defs.html" /> @@ -39,7 +39,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -51,7 +51,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/search.html new/Mako-0.5.0/doc/search.html --- old/Mako-0.4.2/doc/search.html 2011-08-05 23:46:01.000000000 +0200 +++ new/Mako-0.5.0/doc/search.html 2011-09-28 02:26:31.000000000 +0200 @@ -7,7 +7,7 @@ <title> Search - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -27,7 +27,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="#" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> @@ -38,7 +38,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -50,7 +50,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/syntax.html new/Mako-0.5.0/doc/syntax.html --- old/Mako-0.4.2/doc/syntax.html 2011-08-05 23:46:00.000000000 +0200 +++ new/Mako-0.5.0/doc/syntax.html 2011-09-28 02:26:31.000000000 +0200 @@ -7,7 +7,7 @@ <title> Syntax - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="next" title="Defs and Blocks" href="defs.html" /> <link rel="prev" title="Usage" href="usage.html" /> @@ -39,7 +39,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -51,7 +51,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/unicode.html new/Mako-0.5.0/doc/unicode.html --- old/Mako-0.4.2/doc/unicode.html 2011-08-05 23:46:00.000000000 +0200 +++ new/Mako-0.5.0/doc/unicode.html 2011-09-28 02:26:31.000000000 +0200 @@ -7,7 +7,7 @@ <title> The Unicode Chapter - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="next" title="Caching" href="caching.html" /> <link rel="prev" title="Filtering and Buffering" href="filtering.html" /> @@ -39,7 +39,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -51,7 +51,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/doc/usage.html new/Mako-0.5.0/doc/usage.html --- old/Mako-0.4.2/doc/usage.html 2011-08-05 23:46:01.000000000 +0200 +++ new/Mako-0.5.0/doc/usage.html 2011-09-28 02:26:31.000000000 +0200 @@ -7,7 +7,7 @@ <title> Usage - — Mako 0.4.2 Documentation</title> + — Mako 0.5.0 Documentation</title> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="_static/docs.css" type="text/css" /> @@ -15,7 +15,7 @@ <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '#', - VERSION: '0.4.2', + VERSION: '0.5.0', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html' }; @@ -26,7 +26,7 @@ <script type="text/javascript" src="_static/init.js"></script> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> - <link rel="top" title="Mako 0.4.2 Documentation" href="index.html" /> + <link rel="top" title="Mako 0.5.0 Documentation" href="index.html" /> <link rel="next" title="Syntax" href="syntax.html" /> <link rel="prev" title="Table of Contents" href="index.html" /> @@ -39,7 +39,7 @@ - <h1>Mako 0.4.2 Documentation</h1> + <h1>Mako 0.5.0 Documentation</h1> <div id="search"> Search: @@ -51,7 +51,7 @@ </div> <div class="versionheader"> - Version: <span class="versionnum">0.4.2</span> Last Updated: 08/05/2011 17:45:59 + Version: <span class="versionnum">0.5.0</span> Last Updated: 09/27/2011 20:26:30 </div> <div class="clearboth"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/mako/__init__.py new/Mako-0.5.0/mako/__init__.py --- old/Mako-0.4.2/mako/__init__.py 2011-08-05 23:45:39.000000000 +0200 +++ new/Mako-0.5.0/mako/__init__.py 2011-09-28 02:26:06.000000000 +0200 @@ -5,5 +5,5 @@ # the MIT License: http://www.opensource.org/licenses/mit-license.php -__version__ = '0.4.2' +__version__ = '0.5.0' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/mako/lookup.py new/Mako-0.5.0/mako/lookup.py --- old/Mako-0.4.2/mako/lookup.py 2011-08-05 23:45:39.000000000 +0200 +++ new/Mako-0.5.0/mako/lookup.py 2011-09-28 02:26:06.000000000 +0200 @@ -204,7 +204,7 @@ Note the "relativeto" argument is not supported here at the moment. """ - + try: if self.filesystem_checks: return self._check(uri, self._collection[uri]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/mako/template.py new/Mako-0.5.0/mako/template.py --- old/Mako-0.4.2/mako/template.py 2011-08-05 23:45:39.000000000 +0200 +++ new/Mako-0.5.0/mako/template.py 2011-09-28 02:26:06.000000000 +0200 @@ -163,7 +163,17 @@ else: self.module_id = "memory:" + hex(id(self)) self.uri = self.module_id - + + u_norm = self.uri + if u_norm.startswith("/"): + u_norm = u_norm[1:] + u_norm = os.path.normpath(u_norm) + if u_norm.startswith(".."): + raise exceptions.TemplateLookupException( + "Template uri \"%s\" is invalid - " + "it cannot be relative outside " + "of the root path." % self.uri) + self.input_encoding = input_encoding self.output_encoding = output_encoding self.encoding_errors = encoding_errors @@ -203,18 +213,14 @@ if module_filename is not None: path = module_filename elif module_directory is not None: - u = self.uri - if u[0] == '/': - u = u[1:] path = os.path.abspath( os.path.join( os.path.normpath(module_directory), - os.path.normpath(u) + ".py" + u_norm + ".py" ) ) else: path = None - module = self._compile_from_file(path, filename) else: raise exceptions.RuntimeException( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/test/test_lookup.py new/Mako-0.5.0/test/test_lookup.py --- old/Mako-0.4.2/test/test_lookup.py 2011-08-05 23:45:39.000000000 +0200 +++ new/Mako-0.5.0/test/test_lookup.py 2011-09-28 02:26:06.000000000 +0200 @@ -1,9 +1,11 @@ from mako.template import Template -from mako import lookup, exceptions +from mako import lookup, exceptions, runtime +from mako.util import FastEncodingBuffer from util import flatten_result, result_lines import unittest +import os -from test import TemplateTest, template_base, module_base +from test import TemplateTest, template_base, module_base, assert_raises_message tl = lookup.TemplateLookup(directories=[template_base]) class LookupTest(unittest.TestCase): @@ -74,3 +76,29 @@ ) assert f.uri not in tl._collection + def test_dont_accept_relative_outside_of_root(self): + """test the mechanics of an include where + the include goes outside of the path""" + tl = lookup.TemplateLookup(directories=[os.path.join(template_base, "subdir")]) + index = tl.get_template("index.html") + + ctx = runtime.Context(FastEncodingBuffer()) + ctx._with_template=index + + assert_raises_message( + exceptions.TemplateLookupException, + "Template uri \"../index.html\" is invalid - it " + "cannot be relative outside of the root path", + runtime._lookup_template, ctx, "../index.html", index.uri + ) + + assert_raises_message( + exceptions.TemplateLookupException, + "Template uri \"../othersubdir/foo.html\" is invalid - it " + "cannot be relative outside of the root path", + runtime._lookup_template, ctx, "../othersubdir/foo.html", index.uri + ) + + # this is OK since the .. cancels out + t = runtime._lookup_template(ctx, "foo/../index.html", index.uri) + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mako-0.4.2/test/test_template.py new/Mako-0.5.0/test/test_template.py --- old/Mako-0.4.2/test/test_template.py 2011-08-05 23:45:39.000000000 +0200 +++ new/Mako-0.5.0/test/test_template.py 2011-09-28 02:26:06.000000000 +0200 @@ -9,7 +9,7 @@ from util import flatten_result, result_lines import codecs from test import TemplateTest, eq_, template_base, module_base, \ - skip_if, assert_raises + skip_if, assert_raises, assert_raises_message class EncodingTest(TemplateTest): def test_unicode(self): @@ -918,8 +918,25 @@ finally: os.path = current_path - - + def test_dont_accept_relative_outside_of_root(self): + assert_raises_message( + exceptions.TemplateLookupException, + "Template uri \"../../foo.html\" is invalid - it " + "cannot be relative outside of the root path", + Template, "test", uri="../../foo.html", + ) + + assert_raises_message( + exceptions.TemplateLookupException, + "Template uri \"/../../foo.html\" is invalid - it " + "cannot be relative outside of the root path", + Template, "test", uri="/../../foo.html", + ) + + # normalizes in the root is OK + t = Template("test", uri="foo/bar/../../foo.html") + eq_(t.uri, "foo/bar/../../foo.html") + class ModuleTemplateTest(TemplateTest): def test_module_roundtrip(self): lookup = TemplateLookup() -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org