Making WordPress.org

Opened 3 months ago

Last modified 3 months ago

#265 reopened defect

Update Trac security warnings

Reported by: nacin Owned by: nacin
Priority: normal Component: Trac
Keywords: Cc: jorbin


When you try to submit a ticket in the Security component, Core Trac will display a notice. This has probably helped some, but we still get (often bogus) security reports created sometimes.

We should instead detect words referring to a security issue, then display a checkbox and force them to click it before they can submit the ticket.

Attachments (2)

265.diff (3.7 KB) - added by jorbin 3 months ago.
265.2.diff (3.8 KB) - added by jorbin 3 months ago.

Download all attachments as: .zip

Change History (6)

comment:1 nacin3 months ago

In 218:

Trac: Add JavaScript to detect words probably referring to a security report. props jorbin. see #265.

comment:2 nacin3 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 219:

Trac: Add trac-security.js to /newticket views. fixes #265.

jorbin3 months ago

comment:3 jorbin3 months ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Patch attached is a version that contains passing unit tests https://github.com/aaronjorbin/trac_security

jorbin3 months ago

comment:4 jorbin3 months ago

  • Cc jorbin added
Note: See TracTickets for help on using tickets.