Tue, 19 Mar 2013 15:30:06 +0100 [views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110)
Aurelien Campeas <aurelien.campeas@logilab.fr> [Tue, 19 Mar 2013 15:30:06 +0100] rev 8736
[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110) Today, it is possible to call .related and get a huge unlimited database-dos-inducing resultset that will be nevertheless limited a bit further in pure python in the `autolimited` view. While we cannot completely avoid potential denial of services such as these we mitigate the problem with the default ui settings: if the inner vid is `autolimited`, then the relation result sets is computed using the user-defined limit. This change respects the semantics of the `autolimited` view and shouldn't break anything.
Tue, 19 Mar 2013 15:18:22 +0100 [entity] ensure the .related(entities=False) parameter is honored all the way down (closes #2755994)
Aurelien Campeas <aurelien.campeas@logilab.fr> [Tue, 19 Mar 2013 15:18:22 +0100] rev 8735
[entity] ensure the .related(entities=False) parameter is honored all the way down (closes #2755994) As of today, such a call will always fill the relation cache by calling .entities() on every single related rset entry. As a consequence, the `limit` parameter handling also had to be fixed. It was bogus in the following ways: * not used in the related_rql, hence potentially huge database requests, but also actually * foolishly used in the .entities()-calling cache routine we now bypass (this changeset ticket's main topic) Now: * we set a limit on the rql expression, and * forbid caching if given a non-None limit (as we don't want to make the cache handling code more complicated than it is already) With this, entity.unrelated gets a better limit implementation (so the code in related/unrelated is nice and symmetric) Risk: * _cw_relation_cache disappears completely, which is good, but this is Python, so you never know ...
Tue, 19 Mar 2013 15:17:34 +0100 [test/web] fix invisibly bogus test (prepares #2755994)
Aurelien Campeas <aurelien.campeas@logilab.fr> [Tue, 19 Mar 2013 15:17:34 +0100] rev 8734
[test/web] fix invisibly bogus test (prepares #2755994) The test was wrong but that was cancelled out by a cache effect and fuzzy naming. Wiping the entity caches restores sanity: the choices list are the same before and after the SET. Also field.choices uses entity.unrelated but always returns related + unrelated elements. Hence `choice` replaces `unrelated` where it makes sense. AssertIn is used in place of AssertTrue.
Fri, 08 Mar 2013 11:03:28 +0100 [cwconfig] Fix exception handling when building the cube dependency graph
Rémi Cardona <remi.cardona@logilab.fr> [Fri, 08 Mar 2013 11:03:28 +0100] rev 8733
[cwconfig] Fix exception handling when building the cube dependency graph UnorderableGraph exceptions do not have a 'cycles' property. A simple cast to str does the job.
Tue, 19 Mar 2013 12:25:18 +0100 [merge] backport stable fixes
Aurelien Campeas <aurelien.campeas@logilab.fr> [Tue, 19 Mar 2013 12:25:18 +0100] rev 8732
[merge] backport stable fixes
Mon, 18 Mar 2013 16:38:57 +0100 [test/sobject] fix test regression stable
Aurelien Campeas <aurelien.campeas@logilab.fr> [Mon, 18 Mar 2013 16:38:57 +0100] rev 8731
[test/sobject] fix test regression Was complaining: - * updated comment #EID (#EID) ? ^^^^ + * updated comment #EID (duh?) ? ^^^^ in sobjects/test/unittest_supervising.
Wed, 13 Mar 2013 18:36:49 +0100 [web/request] Prune extraneous 'pageid' from generated ajax URL parameters (closes #2758130) stable
Rémi Cardona <remi.cardona@logilab.fr> [Wed, 13 Mar 2013 18:36:49 +0100] rev 8730
[web/request] Prune extraneous 'pageid' from generated ajax URL parameters (closes #2758130) If 'pageid' is given through extraparams, it is sent twice to the browser. On the JS side, the final URL loadxhtml() will end up using will have 'pageid' set twice which CubicWeb will readily accept as a list. Pruning this parameter makes sure it is exactly once.
(0) -3000 -1000 -300 -100 -30 -10 -7 +7 +10 +30 +100 +300 +1000 +3000 tip