Making WordPress.org

#265 closed defect (fixed)

Update Trac security warnings

Reported by: nacin Owned by: nacin
Priority: normal Component: Trac
Keywords: Cc: jorbin


When you try to submit a ticket in the Security component, Core Trac will display a notice. This has probably helped some, but we still get (often bogus) security reports created sometimes.

We should instead detect words referring to a security issue, then display a checkbox and force them to click it before they can submit the ticket.

Attachments (2)

265.diff (3.7 KB) - added by jorbin 21 months ago.
265.2.diff (3.8 KB) - added by jorbin 21 months ago.

Download all attachments as: .zip

Change History (7)

comment:1 @nacin21 months ago

In 218:

Trac: Add JavaScript to detect words probably referring to a security report. props jorbin. see #265.

comment:2 @nacin21 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 219:

Trac: Add trac-security.js to /newticket views. fixes #265.

@jorbin21 months ago

comment:3 @jorbin21 months ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Patch attached is a version that contains passing unit tests https://github.com/aaronjorbin/trac_security

@jorbin21 months ago

comment:4 @jorbin21 months ago

  • Cc jorbin added

comment:5 @nacin10 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 1058:

Update Trac security script. props jorbin, fixes #265.

Note: See TracTickets for help on using tickets.