Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 25 May 2011 12:35:33 +0200] rev 7434
[test] fix tests broken by 7427:5338d895b891
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 25 May 2011 11:42:31 +0200] rev 7433
merge default heads
Arthur Lutz <arthur.lutz@logilab.fr> [Wed, 25 May 2011 11:41:16 +0200] rev 7432
[ui messages, xss] Start migration towards use of _msgid instead of __message (prone to XSS injection) closes #1698245
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 25 May 2011 11:40:10 +0200] rev 7431
backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 25 May 2011 11:39:54 +0200] rev 7430
[ui messages] make application message component works when request has no cnx set and support for explicit message given through render argument
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 25 May 2011 10:59:26 +0200] rev 7429
backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 25 May 2011 10:58:43 +0200] rev 7428
[web session] fix session handling so we get a chance to have for instance the 'forgotpwd' feature working on a site where anonymous are not allowed
fix several pbs:
* we need a session id and a session cookie anyway, else subsequent http queries are unrelated
* this imply some changes in the session attribution workflow for session without a cnx
* some views/selectors must be fixed for cases where session has no cnx
On the way, avoid unnecessary Redirect on successful login.
closes #750543