Apr. 14th, 2009

Invite code bounty

Apr. 14th, 2009 03:15 am
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
[staff profile] denise
This week's bugpatch-bounty invite codes have just gone out, so anyone who had a patch checked into Mercurial this week now has some more invite codes to give away, found on the Invite Someone page. Some people also got additional invites, because their patches were really complex or because they had to go through multiple rounds of code review.

If I missed you, or missed counting one of your committed patches, let me know and I'll fix the problem. (It's a manual process, so assume operator error rather than that you don't qualify for invites.)

If you have a patch that's been uploaded and is awaiting review, you'll get your invite codes in the week in which it's committed!

Lions and tigers and login redirects, oh my!

Apr. 14th, 2009 02:24 pm
sophie: A cartoon-like representation of a girl standing on a hill, with brown hair, blue eyes, a flowery top, and blue skirt. ☀ (Default)
[personal profile] sophie
I'm doing some investigation into bug 125, which at first sight seems easy. And, to be fair, it is, if you just want to get it done.

However, when you look deeper, there are some oddities.

Cut for lots of technical jibber-jabber. )

All the above means we have a couple of things to ponder.

  • The bug's description is to change the redirect to the login page rather than the homepage, but perhaps what we really want to do is revert the changeset that redirected to the homepage in the first place?

    Thinking about it, the 'protected content' logic, which is what the bug is about, doesn't use <?needlogin?> anyway. Therefore, we'll need to go with the next point:

  • If we do want to change the redirect to go to the login page rather than taking the redirect out completely, which GET argument should be used for the original page?

    • I'm reluctant to allow returnto to be populated via GET because of its possible use as a phishing vector.

    • The overloaded use of ret seems to be deprecated via OpenID, and I'm not sure if ?ret=1 would work properly in a redirect.

    • The use of ref seems to be the sanest way, and fits its original purpose of acting as the referrer, but can't currently be populated via GET (and it would seem, well, weird to allow it to be).


Whichever we choose, I think we need to take a good, long look at all these options and hack at them with a machete.
Tags:

Profile

dw_dev: The word "develop" using the Swirly D logo. (Default)
Dreamwidth Open Source Development

June 2025

S M T W T F S
1234567
89101112 1314
15161718192021
22232425262728
2930     

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 17th, 2025 09:04 pm
Powered by Dreamwidth Studios