PR#4216: Backport CVE-2024-9427 fix for 1.34 - koji

docs/source/CVEs/CVE-2024-9427.rst

file added

+42

		`@@ -0,0 +1,42 @@`
		`+ =============`
		`+ CVE-2024-9427`
		`+ =============`
		`+`
		`+ New XSS attack on kojiweb`
		`+`
		`+ Summary`
		`+ -------`
		`+`
		`+ An unsanitized input allows for an XSS attack. Javascript code from a malicious`
		`+ link could be reflected in the resulting web page. At present, we do not`
		`+ believe that this can be used to submit an action or make a change in Koji due`
		`+ to existing XSS protections in the code. Even so, this is a serious issue and`
		`+ we recommend applying this update promptly.`
		`+`
		`+ Bug fix`
		`+ -------`
		`+`
		`+ We are releasing updates for affected versions of Koji from within the`
		`+ past year.`
		`+ The following releases all contain the fix:`
		`+`
		`+ - 1.35.1`
		`+ - 1.34.3`
		`+ - 1.33.2`
		`+`
		`+ Anyone using a Koji version older than a year should update to a more`
		`+ current version as soon as possible.`
		`+`
		`+ For users who have customized their Koji code, we recommend rebasing your work`
		`+ onto the appropriate update release. Please see Koji`
		+ `issue #4204 <https://pagure.io/koji/issue/4204>`_ for the code details.
		`+`
		`+ As with all changes to web code, you must restart httpd for the changes to`
		`+ take effect.`
		`+`
		`+ Links`
		`+ -----`
		`+`
		`+ Fixed versions can be found at our releases page:`
		`+`
		`+ https://pagure.io/koji/releases`

docs/source/CVEs/CVEs.rst

file modified

+1

		`@@ -5,6 +5,7 @@`
		`.. toctree::`
		`:titlesonly:`

		`+ CVE-2024-9427`
		`CVE-2020-15856`
		`CVE-2019-17109`
		`CVE-2018-1002161`

docs/source/release_notes/release_notes.rst

file modified

+2

		`@@ -5,8 +5,10 @@`
		`.. toctree::`
		`:maxdepth: 1`

		`+ release_notes_1.34.3`
		`release_notes_1.34.1`
		`release_notes_1.34`
		`+ release_notes_1.33.2`
		`release_notes_1.33.1`
		`release_notes_1.33`
		`release_notes_1.32.1`

docs/source/release_notes/release_notes_1.33.2.rst

file added

+34

		`@@ -0,0 +1,34 @@`
		`+`
		`+ Koji 1.33.2 Release notes`
		`+ =========================`
		`+`
		+ This is a security update to backport the fix for :doc:`../CVEs/CVE-2024-9427`
		`+ to Koji 1.33.`
		`+`
		`+`
		`+ Migrating from Koji 1.33.x`
		`+ --------------------------`
		`+`
		`+ No special actions are needed to migrate from earlier 1.33 point releases.`
		`+`
		`+`
		`+ Security Fixes`
		`+ --------------`
		`+`
		`+ web: XSS vulnerability`
		`+`
		+ \| CVE: :doc:`../CVEs/CVE-2024-9427`
		`+ \| Issue: https://pagure.io/koji/issue/4212`
		`+`
		`+ An unsanitized input allows for an XSS attack. Javascript code from a malicious`
		`+ link could be reflected in the resulting web page. At present, we do not`
		`+ believe that this can be used to submit an action or make a change in Koji due`
		`+ to existing XSS protections in the code. Even so, this is a serious issue and`
		`+ we recommend applying this update promptly.`
		`+`
		`+`
		`+ Other Changes`
		`+ -------------`
		`+`
		`+ There are no other significant changes in this release.`
		+ All changes can be found in `the roadmap <https://pagure.io/koji/roadmap/1.33.2/>`_.

docs/source/release_notes/release_notes_1.34.3.rst

file added

+34

		`@@ -0,0 +1,34 @@`
		`+`
		`+ Koji 1.34.3 Release notes`
		`+ =========================`
		`+`
		+ This is a security update to backport the fix for :doc:`../CVEs/CVE-2024-9427`
		`+ to Koji 1.34.`
		`+`
		`+`
		`+ Migrating from Koji 1.34.x`
		`+ --------------------------`
		`+`
		`+ No special actions are needed to migrate from earlier 1.34 point releases.`
		`+`
		`+`
		`+ Security Fixes`
		`+ --------------`
		`+`
		`+ web: XSS vulnerability`
		`+`
		+ \| CVE: :doc:`../CVEs/CVE-2024-9427`
		`+ \| Issue: https://pagure.io/koji/issue/4211`
		`+`
		`+ An unsanitized input allows for an XSS attack. Javascript code from a malicious`
		`+ link could be reflected in the resulting web page. At present, we do not`
		`+ believe that this can be used to submit an action or make a change in Koji due`
		`+ to existing XSS protections in the code. Even so, this is a serious issue and`
		`+ we recommend applying this update promptly.`
		`+`
		`+`
		`+ Other Changes`
		`+ -------------`
		`+`
		`+ There are no other significant changes in this release.`
		+ All changes can be found in `the roadmap <https://pagure.io/koji/roadmap/1.34.3/>`_.

koji.spec

file modified

+4 -1

		`@@ -83,7 +83,7 @@`
		`%define release %{baserelease}`
		`%endif`
		`Name: koji`
		`- Version: 1.34.1`
		`+ Version: 1.34.3`
		`Release: %{release}%{?dist}`
		`License: LGPL-2.1-only and GPL-2.0-or-later`
		`# the included arch lib from yum's rpmUtils is GPLv2+`
		`@@ -651,6 +651,9 @@`
		`%endif`

		`%changelog`
		`+ * Mon Oct 7 2024 Mike McLean <mikem at redhat.com> - 1.34.3-1`
		`+ - Fix CVE-2024-9427: New XSS attack on kojiweb`
		`+`
		`* Mon May 6 2024 Tomas Kopecek <tkopecek at redhat.com> - 1.34.1-1`
		`- PR#3931: web: add some handy links for module builds`
		`- PR#3942: policy_data_from_task_args: set target to None when it doesn't exist`

koji/_version.py

file modified

+1 -1

		`@@ -1,2 +1,2 @@`
		`- __version_info__ = (1, 34, 2)`
		`+ __version_info__ = (1, 34, 3)`
		`__version__ = '.'.join([str(x) for x in __version_info__])`

tests/test_www/test_util.py

file modified

+1 -1

		`@@ -33,7 +33,7 @@`
		`)`

		`for input, output in formats:`
		`- self.assertEqual(formatLink(input), output)`
		`+ self.assertEqual(str(formatLink(input)), output)`

		`def test_escape_html(self):`
		`tests = (`

www/kojiweb/activesession.chtml

file modified

+1 -1

		`@@ -18,7 +18,7 @@`
		`#for $act in $activesess`
		`<tr class="$util.rowToggle($self)">`
		`<td>$act.id</td>`
		`- <td>$util.escapeHTML($act.hostip)</td>`
		`+ <td>$act.hostip</td>`
		`<td>$act.authtype</td>`
		`<td>$util.formatTimeLong($act.start_time)</td>`
		`<td>$act.lengthSession days</td>`

www/kojiweb/archiveinfo.chtml

file modified

+6 -6

		`@@ -6,7 +6,7 @@`
		`#attr _PASSTHROUGH = ['archiveID', 'fileOrder', 'fileStart', 'buildrootOrder', 'buildrootStart']`

		`#include "includes/header.chtml"`
		`- <h4>Information for archive <a href="archiveinfo?archiveID=$archive.id">$util.escapeHTML($archive.filename)</a></h4>`
		`+ <h4>Information for archive <a href="archiveinfo?archiveID=$archive.id">$archive.filename</a></h4>`

		`<table>`
		`<tr>`
		`@@ -16,7 +16,7 @@`
		`#if $wininfo`
		`<th>File Name</th><td>$koji.pathinfo.winfile($archive)</td>`
		`#else`
		`- <th>File Name</th><td>$util.escapeHTML($archive.filename)</td>`
		`+ <th>File Name</th><td>$archive.filename</td>`
		`#end if`
		`</tr>`
		`#if $archive.metadata_only`
		`@@ -25,7 +25,7 @@`
		`</tr>`
		`#end if`
		`<tr>`
		`- <th>File Type</th><td>$util.escapeHTML($archive_type.description)</td>`
		`+ <th>File Type</th><td>$archive_type.description</td>`
		`</tr>`
		`<tr>`
		`<th>Build</th><td><a href="buildinfo?buildID=$build.id">$koji.buildLabel($build)</a></td>`
		`@@ -62,7 +62,7 @@`
		`#end if`
		`#if $archive.get('extra')`
		`<tr>`
		`- <th>Extra</th><td class="usertext">$util.escapeHTML($pformat($archive.extra))</td>`
		`+ <th>Extra</th><td class="usertext">$pformat($archive.extra)</td>`
		`</tr>`
		`#end if`
		`#if $files`
		`@@ -97,7 +97,7 @@`
		`</tr>`
		`#for $file in $files`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="fileinfo?archiveID=$archive.id&filename=$quote($file.name)">$util.escapeHTML($file.name)</a></td><td><span title="$util.formatThousands($file.size)">$util.formatNatural($file.size)</span></td>`
		`+ <td><a href="fileinfo?archiveID=$archive.id&filename=$quote($file.name)">$file.name</a></td><td><span title="$util.formatThousands($file.size)">$util.formatNatural($file.size)</span></td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -116,7 +116,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'archiveinfo?buildrootStart=' + this.value * $buildrootRange + '$util.passthrough_except($self, 'buildrootStart')#buildrootlist';">`
		`#for $pageNum in $buildrootPages`
		`- <option value="$pageNum"#if $pageNum == $buildrootCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $buildrootCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/archivelist.chtml

file modified

+5 -4

		`@@ -1,7 +1,8 @@`
		`#from kojiweb import util`

		`#include "includes/header.chtml"`
		`- #`
		`+`
		`+ #@util.safe_return`
		`#def getID()`
		`#if $type == 'image'`
		`imageID=$image.id #slurp`
		`@@ -13,7 +14,7 @@`
		`#if $type == 'component'`
		`<h4>Component Archives of buildroot <a href="buildrootinfo?buildrootID=$buildroot.id">$util.brLabel($buildroot)</a></h4>`
		`#elif $type == 'image'`
		`- <h4>Archives installed in <a href="archiveinfo?archiveID=$image.id">$util.escapeHTML($image.filename)</a></h4>`
		`+ <h4>Archives installed in <a href="archiveinfo?archiveID=$image.id">$image.filename</a></h4>`
		`#else`
		`<h4>Archives built in buildroot <a href="buildrootinfo?buildrootID=$buildroot.id">$util.brLabel($buildroot)</a></h4>`
		`#end if`
		`@@ -52,8 +53,8 @@`
		`#if $len($archives) > 0`
		`#for $archive in $archives`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="archiveinfo?archiveID=$archive.id">$util.escapeHTML($archive.filename)</a></td>`
		`- <td>$util.escapeHTML($archive.type_name)</td>`
		`+ <td><a href="archiveinfo?archiveID=$archive.id">$archive.filename</a></td>`
		`+ <td>$archive.type_name</td>`
		`#if $type == 'component'`
		`#set $project = $archive.project and 'yes' or 'no'`
		`<td class="$project">$util.imageTag($project)</td>`

www/kojiweb/buildinfo.chtml

file modified

+11 -11

		`@@ -13,7 +13,7 @@`
		`<th>ID</th><td>$build.id</td>`
		`</tr>`
		`<tr>`
		`- <th>Package Name</th><td><a href="packageinfo?packageID=$build.package_id">$util.escapeHTML($build.package_name)</a></td>`
		`+ <th>Package Name</th><td><a href="packageinfo?packageID=$build.package_id">$build.package_name</a></td>`
		`</tr>`
		`<tr>`
		`<th>Version</th><td>$build.version</td>`
		`@@ -64,12 +64,12 @@`
		`#end if`
		`#if $summary`
		`<tr>`
		`- <th>Summary</th><td class="rpmheader">$util.escapeHTML($summary)</td>`
		`+ <th>Summary</th><td class="rpmheader">$summary</td>`
		`</tr>`
		`#end if`
		`#if $description`
		`<tr>`
		`- <th>Description</th><td class="rpmheader">$util.escapeHTML($description)</td>`
		`+ <th>Description</th><td class="rpmheader">$description</td>`
		`</tr>`
		`#end if`
		`#if $vcs`
		`@@ -83,7 +83,7 @@`
		`</tr>`
		`#end if`
		`<tr>`
		`- <th>Built by</th><td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$util.escapeHTML($build.owner_name)</a></td>`
		`+ <th>Built by</th><td><a href="userinfo?userID=$build.owner_id">$build.owner_name</a></td>`
		`</tr>`
		`<tr>`
		`#set $stateName = $util.stateName($build.state)`
		`@@ -98,7 +98,7 @@`
		`</tr>`
		`<tr>`
		`<th>Volume</th>`
		`- <td>$util.escapeHTML($build.volume_name)</td>`
		`+ <td>$build.volume_name</td>`
		`</tr>`
		`<tr>`
		`<th>Started</th><td>$util.formatTimeLong($start_ts)</td>`
		`@@ -119,12 +119,12 @@`
		`<th>Promoted</th><td>$util.formatTimeLong($build.promotion_ts)</td>`
		`</tr>`
		`<tr>`
		`- <th>Promoted by</th><td class="user-$build.promoter_name"><a href="userinfo?userID=$build.promoter_id">$util.escapeHTML($build.promoter_name)</a></td>`
		`+ <th>Promoted by</th><td><a href="userinfo?userID=$build.promoter_id">$build.promoter_name</a></td>`
		`</tr>`
		`#end if`
		`#if $build.cg_id`
		`<tr>`
		`- <th>Content generator</th><td>$util.escapeHTML($build.cg_name)</td>`
		`+ <th>Content generator</th><td>$build.cg_name</td>`
		`</tr>`
		`#end if`
		`#if $task`
		`@@ -134,7 +134,7 @@`
		`#end if`
		`#if $build.get('extra')`
		`<tr>`
		`- <th>Extra</th><td class="usertext">$util.escapeHTML($pformat($build.extra))</td>`
		`+ <th>Extra</th><td class="usertext">$pformat($build.extra)</td>`
		`</tr>`
		`#end if`
		`<tr>`
		`@@ -144,7 +144,7 @@`
		`<table class="nested">`
		`#for $tag in $tags`
		`<tr>`
		`- <td><a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a></td>`
		`+ <td><a href="taginfo?tagID=$tag.id">$tag.name</a></td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -249,7 +249,7 @@`
		`<tr>`
		`<td/>`
		`<td>`
		`- <a href="$loginfo.dl_url">$util.escapeHTML($loginfo.name)</a>`
		`+ <a href="$loginfo.dl_url">$loginfo.name</a>`
		`</td>`
		`</tr>`
		`#end for`
		`@@ -261,7 +261,7 @@`
		`#if $changelog`
		`<tr>`
		`<th>Changelog</th>`
		`- <td class="changelog">$util.escapeHTML($koji.util.formatChangelog($changelog))</td>`
		`+ <td class="changelog">$koji.util.formatChangelog($changelog)</td>`
		`</tr>`
		`#end if`
		`</table>`

www/kojiweb/buildrootinfo.chtml

file modified

+4 -4

		`@@ -8,10 +8,10 @@`

		`<table>`
		`<tr>`
		`- <th>Host</th><td><a href="hostinfo?hostID=$buildroot.host_id">$util.escapeHTML($buildroot.host_name)</a></td>`
		`+ <th>Host</th><td><a href="hostinfo?hostID=$buildroot.host_id">$buildroot.host_name</a></td>`
		`</tr>`
		`<tr>`
		`- <th>Arch</th><td>$util.escapeHTML($buildroot.arch)</td>`
		`+ <th>Arch</th><td>$buildroot.arch</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$buildroot.id</td>`
		`@@ -32,7 +32,7 @@`
		`<th>Repo ID</th><td><a href="repoinfo?repoID=$buildroot.repo_id">$buildroot.repo_id</a></td>`
		`</tr>`
		`<tr>`
		`- <th>Repo Tag</th><td><a href="taginfo?tagID=$buildroot.tag_id">$util.escapeHTML($buildroot.tag_name)</a></td>`
		`+ <th>Repo Tag</th><td><a href="taginfo?tagID=$buildroot.tag_id">$buildroot.tag_name</a></td>`
		`</tr>`
		`<tr>`
		`<th>Repo State</th><td>$util.imageTag($util.repoStateName($buildroot.repo_state))</td>`
		`@@ -42,7 +42,7 @@`
		`</tr>`
		`#if $buildroot.get('extra')`
		`<tr>`
		`- <th>Extra</th><td class="usertext">$util.escapeHTML($pformat($buildroot.extra))</td>`
		`+ <th>Extra</th><td class="usertext">$pformat($buildroot.extra)</td>`
		`</tr>`
		`#end if`
		`<tr>`

www/kojiweb/buildrootinfo_cg.chtml

file modified

+6 -6

		`@@ -11,23 +11,23 @@`
		`<th>ID</th><td>$buildroot.id</td>`
		`</tr>`
		`<tr>`
		`- <th>Host OS</th><td>$util.escapeHTML($buildroot.host_os)</td>`
		`+ <th>Host OS</th><td>$buildroot.host_os</td>`
		`</tr>`
		`<tr>`
		`- <th>Host Arch</th><td>$util.escapeHTML($buildroot.host_arch)</td>`
		`+ <th>Host Arch</th><td>$buildroot.host_arch</td>`
		`</tr>`
		`<tr>`
		`- <th>Content Generator</th><td>$util.escapeHTML($buildroot.cg_name) ($buildroot.cg_version)</td>`
		`+ <th>Content Generator</th><td>$buildroot.cg_name ($buildroot.cg_version)</td>`
		`</tr>`
		`<tr>`
		`- <th>Container Type</th><td>$util.escapeHTML($buildroot.container_type)</td>`
		`+ <th>Container Type</th><td>$buildroot.container_type</td>`
		`</tr>`
		`<tr>`
		`- <th>Container Arch</th><td>$util.escapeHTML($buildroot.container_arch)</td>`
		`+ <th>Container Arch</th><td>$buildroot.container_arch</td>`
		`</tr>`
		`#if $buildroot.get('extra')`
		`<tr>`
		`- <th>Extra</th><td class="usertext">$util.escapeHTML($pformat($buildroot.extra))</td>`
		`+ <th>Extra</th><td class="usertext">$pformat($buildroot.extra)</td>`
		`</tr>`
		`#end if`
		`<tr>`

www/kojiweb/buildroots.chtml

file modified

+4 -4

		`@@ -17,7 +17,7 @@`
		`<select name="state" class="filterlist" onchange="javascript: window.location = 'buildroots?state=' + this.value + '$util.passthrough_except($self, 'state')';">`
		`<option value="all">all</option>`
		`#for $stateOpt in ['INIT', 'WAITING', 'BUILDING', 'EXPIRED']`
		`- <option value="$koji.BR_STATES[$stateOpt]" #if $state == $koji.BR_STATES[$stateOpt] then 'selected="selected"' else ''#>$stateOpt.lower()</option>`
		`+ <option value="$koji.BR_STATES[$stateOpt]" #if $state == $koji.BR_STATES[$stateOpt] then 'selected' else ''#>$stateOpt.lower()</option>`
		`#end for`
		`</select>`
		`</table>`
		`@@ -30,7 +30,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'builds?start=' + this.value * $buildrootRange + '$util.passthrough_except($self)';">`
		`#for $pageNum in $buildrootPages`
		`- <option value="$pageNum"#if $pageNum == $buildrootCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $buildrootCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -59,7 +59,7 @@`
		`<td><a href="buildrootinfo?buildrootID=$buildroot.id">$buildroot.id</a></td>`
		`<td><a href="repoinfo?repoID=$buildroot.repo_id">$buildroot.repo_id</a></td>`
		`<td><a href="taskinfo?taskID=$buildroot.task_id">$buildroot.task_id</a></td>`
		`- <td><a href="taginfo?tagID=$buildroot.tag_id">$util.escapeHTML($buildroot.tag_name)</a></td>`
		`+ <td><a href="taginfo?tagID=$buildroot.tag_id">$buildroot.tag_name</a></td>`
		`#set $stateName = $util.brStateName($buildroot.state)`
		`<td class="$stateName">$util.brStateImage($buildroot.state)</td>`
		`</tr>`
		`@@ -76,7 +76,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'builds?start=' + this.value * $buildrootRange + '$util.passthrough_except($self)';">`
		`#for $pageNum in $buildrootPages`
		`- <option value="$pageNum"#if $pageNum == $buildrootCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $buildrootCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/builds.chtml

file modified

+41 -16

		`@@ -5,7 +5,32 @@`

		`#include "includes/header.chtml"`

		- <h4>#if $latest then 'Latest ' else ''##if $state != None then $util.stateName($state).capitalize() + ' ' else ''##if $type then $type.capitalize() + ' ' else ''#Builds#if $package then ' of <a href="packageinfo?packageID=%i">%s</a>' % ($package.id, $util.escapeHTML($package.name)) else ''##if $prefix then ' starting with "%s"' % $prefix else ''##if $user then ' by <a href="userinfo?userID=%i">%s</a>' % ($user.id, $util.escapeHTML($user.name)) else ''##if $tag then ' in tag <a href="taginfo?tagID=%i">%s</a>' % ($tag.id, $util.escapeHTML($tag.name)) else ''#</h4>
		`+ #@util.safe_return`
		`+ #def getDescription()`
		`+ #if $latest`
		`+ Latest`
		`+ #elif $state != None`
		`+ $util.stateName($state).capitalize()`
		`+ #end if`
		`+ #if $type`
		`+ $type.capitalize()`
		`+ #end if`
		`+ Builds`
		`+ #if $package`
		`+ of <a href="packageinfo?packageID=$package.id">$package.name</a>`
		`+ #end if`
		`+ #if $user`
		`+ by <a href="userinfo?userID=$user.id">$user.name</a>`
		`+ #end if`
		`+ #if $prefix`
		`+ starting with "$prefix"`
		`+ #end if`
		`+ #if $tag`
		`+ in tag <a href="taginfo?tagID=$tag.id">$tag.name</a>`
		`+ #end if`
		`+ #end def`
		`+`
		`+ <h4>$getDescription()</h4>`

		`<table class="data-list">`
		`<tr>`
		`@@ -16,8 +41,8 @@`
		`<strong>Latest</strong>:`
		`</td><td>`
		`<select name="latest" class="filterlist" onchange="javascript: window.location = 'builds?latest=' + this.value + '$util.passthrough_except($self, 'latest')';">`
		`- <option value="1" #if $latest then 'selected="selected"' else ''#>yes</option>`
		`- <option value="0" #if not $latest then 'selected="selected"' else ''#>no</option>`
		`+ <option value="1" #if $latest then 'selected' else ''#>yes</option>`
		`+ <option value="0" #if not $latest then 'selected' else ''#>no</option>`
		`</select>`
		`#else`
		`<strong>State</strong>:`
		`@@ -25,7 +50,7 @@`
		`<select name="state" class="filterlist" onchange="javascript: window.location = 'builds?state=' + this.value + '$util.passthrough_except($self, 'state')';">`
		`<option value="all">all</option>`
		`#for $stateOpt in ['BUILDING', 'COMPLETE', 'FAILED', 'CANCELED']`
		`- <option value="$koji.BUILD_STATES[$stateOpt]" #if $state == $koji.BUILD_STATES[$stateOpt] then 'selected="selected"' else ''#>$stateOpt.lower()</option>`
		`+ <option value="$koji.BUILD_STATES[$stateOpt]" #if $state == $koji.BUILD_STATES[$stateOpt] then 'selected' else ''#>$stateOpt.lower()</option>`
		`#end for`
		`</select>`
		`#end if`
		`@@ -33,12 +58,12 @@`
		`<strong>Built by</strong>:`
		`</td><td>`
		`<select name="userID" class="filterlist" onchange="javascript: window.location = 'builds?userID=' + this.value + '$util.passthrough_except($self, 'userID')';">`
		`- <option value="" #if not $user then 'selected="selected"' else ''#>everyone</option>`
		`+ <option value="" #if not $user then 'selected' else ''#>everyone</option>`
		`#if $loggedInUser`
		`<option value="$loggedInUser.name">me</option>`
		`#end if`
		`#for $userOption in $users`
		`- <option value="$userOption.name" #if $userOption.name == ($user and $user.name or None) then 'selected="selected"' else ''#>$util.escapeHTML($userOption.name)</option>`
		`+ <option value="$userOption.name" #if $userOption.name == ($user and $user.name or None) then 'selected' else ''#>$userOption.name</option>`
		`#end for`
		`</select>`
		`</td></tr>`
		`@@ -48,9 +73,9 @@`
		`</td>`
		`<td>`
		`<select name="type" class="filterlist" onchange="javascript: window.location='builds?type=' + this.value + '$util.passthrough_except($self, 'type')';">`
		`- <option value="all" #if not $type then 'selected="selected"' else ''#>all</option>`
		`+ <option value="all" #if not $type then 'selected' else ''#>all</option>`
		`#for $btype in $btypes`
		`- <option value="$btype" #if $type == $btype then 'selected="selected"' else ''#>$btype</option>`
		`+ <option value="$btype" #if $type == $btype then 'selected' else ''#>$btype</option>`
		`#end for`
		`</select>`
		`</td>`
		`@@ -59,8 +84,8 @@`
		`<strong>Inherited</strong>:`
		`</td><td>`
		`<select name="inherited" class="filterlist" onchange="javascript: window.location = 'builds?inherited=' + this.value + '$util.passthrough_except($self, 'inherited')';">`
		`- <option value="1" #if $inherited then 'selected="selected"' else ''#>yes</option>`
		`- <option value="0" #if not $inherited then 'selected="selected"' else ''#>no</option>`
		`+ <option value="1" #if $inherited then 'selected' else ''#>yes</option>`
		`+ <option value="0" #if not $inherited then 'selected' else ''#>no</option>`
		`</select>`
		`</td>`
		`#end if`
		`@@ -79,7 +104,7 @@`
		`\|`
		`#end for`
		`#if $prefix`
		`- <a href="builds?${util.passthrough_except($self, 'prefix')[1:]}">all</a>`
		`+ <a href="builds?${util.passthrough_except($self, 'prefix', prefix='')}">all</a>`
		`#else`
		`<strong>all</strong>`
		`#end if`
		`@@ -92,7 +117,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'builds?start=' + this.value * $buildRange + '$util.passthrough_except($self)';">`
		`#for $pageNum in $buildPages`
		`- <option value="$pageNum"#if $pageNum == $buildCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $buildCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -122,11 +147,11 @@`
		`#for $build in $builds`
		`<tr class="$util.rowToggle($self)">`
		`<td>$build.build_id</td>`
		`- <td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($koji.buildLabel($build))</a></td>`
		`+ <td><a href="buildinfo?buildID=$build.build_id">$koji.buildLabel($build)</a></td>`
		`#if $tag`
		`- <td><a href="taginfo?tagID=$build.tag_id">$util.escapeHTML($build.tag_name)</a></td>`
		`+ <td><a href="taginfo?tagID=$build.tag_id">$build.tag_name</a></td>`
		`#end if`
		`- <td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$util.escapeHTML($build.owner_name)</a></td>`
		`+ <td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$build.owner_name</a></td>`
		`<td>$util.formatTime($build.completion_time)</td>`
		`#set $stateName = $util.stateName($build.state)`
		`<td class="$stateName">$util.stateImage($build.state)</td>`
		`@@ -144,7 +169,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'builds?start=' + this.value * $buildRange + '$util.passthrough_except($self)';">`
		`#for $pageNum in $buildPages`
		`- <option value="$pageNum"#if $pageNum == $buildCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $buildCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/buildsbystatus.chtml

file modified

+2 -1

		`@@ -1,10 +1,11 @@`
		`#from kojiweb import util`

		`+ #@util.safe_return`
		`#def printOption(value, label=None)`
		`#if not $label`
		`#set $label = $value`
		`#end if`
		`- <option value="$value"#if $value == $days then ' selected="selected"' else ''#>$label</option>`
		`+ <option value="$value"#if $value == $days then ' selected' else ''#>$label</option>`
		`#end def`

		`#set $numTotal = $numSucceeded + $numFailed + $numCanceled`

www/kojiweb/buildsbytarget.chtml

file modified

+5 -4

		`@@ -1,11 +1,12 @@`
		`#from kojiweb import util`
		`#from urllib.parse import quote`

		`+ #@util.safe_return`
		`#def printOption(value, label=None)`
		`#if not $label`
		`#set $label = $value`
		`#end if`
		`- <option value="$value"#if $value == $days then ' selected="selected"' else ''#>$label</option>`
		`+ <option value="$value"#if $value == $days then ' selected' else ''#>$label</option>`
		`#end def`

		`#include "includes/header.chtml"`
		`@@ -38,7 +39,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'buildsbytarget?start=' + this.value * $targetRange + '$util.passthrough($self, 'days', 'order')';">`
		`#for $pageNum in $targetPages`
		`- <option value="$pageNum"#if $pageNum == $targetCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $targetCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -62,7 +63,7 @@`
		`#if $len($targets) > 0`
		`#for $target in $targets`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="buildtargetinfo?name=$quote($target.name)">$util.escapeHTML($target.name)</a></td>`
		`+ <td><a href="buildtargetinfo?name=$quote($target.name)">$target.name</a></td>`
		`<td width="#echo $graphWidth + 5#"><img src=$util.themePath('images/1px.gif') width="#echo $increment * $target.builds#" height="15" class="graphrow" alt="graph row"/></td>`
		`<td>$target.builds</td>`
		`</tr>`
		`@@ -79,7 +80,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'buildsbytarget?start=' + this.value * $targetRange + '$util.passthrough($self, 'days', 'order')';">`
		`#for $pageNum in $targetPages`
		`- <option value="$pageNum"#if $pageNum == $targetCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $targetCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/buildsbyuser.chtml

file modified

+3 -3

		`@@ -11,7 +11,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'buildsbyuser?start=' + this.value * $userBuildRange + '$util.passthrough($self, 'order')';">`
		`#for $pageNum in $userBuildPages`
		`- <option value="$pageNum"#if $pageNum == $userBuildCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $userBuildCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -35,7 +35,7 @@`
		`#if $len($userBuilds) > 0`
		`#for $userBuild in $userBuilds`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="userinfo?userID=$userBuild.id">$util.escapeHTML($userBuild.name)</a></td>`
		`+ <td><a href="userinfo?userID=$userBuild.id">$userBuild.name</a></td>`
		`<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $userBuild.builds#" height="15" class="graphrow" alt="graph row"/></td>`
		`<td>$userBuild.builds</td>`
		`</tr>`
		`@@ -52,7 +52,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'buildsbyuser?start=' + this.value * $userBuildRange + '$util.passthrough($self, 'order')';">`
		`#for $pageNum in $userBuildPages`
		`- <option value="$pageNum"#if $pageNum == $userBuildCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $userBuildCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/buildtargetedit.chtml

file modified

+4 -4

		`@@ -3,7 +3,7 @@`
		`#include "includes/header.chtml"`

		`#if $target`
		`- <h4>Edit target $util.escapeHTML($target.name)</h4>`
		`+ <h4>Edit target $target.name</h4>`
		`#else`
		`<h4>Create build target</h4>`
		`#end if`
		`@@ -17,7 +17,7 @@`
		`<tr>`
		`<th>Name</th>`
		`<td>`
		`- <input type="text" name="name" size="50" value="#if $target then $util.escapeHTML($target.name) else ''#"/>`
		`+ <input type="text" name="name" size="50" value="#if $target then $target.name else ''#"/>`
		`</td>`
		`</tr>`
		`#if $target`
		`@@ -31,7 +31,7 @@`
		`<select name="buildTag">`
		`<option value="">select tag</option>`
		`#for $tag in $tags`
		`- <option value="$tag.id"#if $target and $target.build_tag == $tag.id then ' selected="selected"' else ''#>$util.escapeHTML($tag.name)</option>`
		`+ <option value="$tag.id"#if $target and $target.build_tag == $tag.id then ' selected' else ''#>$tag.name</option>`
		`#end for`
		`</select>`
		`</td>`
		`@@ -42,7 +42,7 @@`
		`<select name="destTag">`
		`<option value="">select tag</option>`
		`#for $tag in $tags`
		`- <option value="$tag.id"#if $target and $target.dest_tag == $tag.id then ' selected="selected"' else ''#>$util.escapeHTML($tag.name)</option>`
		`+ <option value="$tag.id"#if $target and $target.dest_tag == $tag.id then ' selected' else ''#>$tag.name</option>`
		`#end for`
		`</select>`
		`</td>`

www/kojiweb/buildtargetinfo.chtml

file modified

+4 -4

		`@@ -2,20 +2,20 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for target <a href="buildtargetinfo?targetID=$target.id">$util.escapeHTML($target.name)</a></h4>`
		`+ <h4>Information for target <a href="buildtargetinfo?targetID=$target.id">$target.name</a></h4>`

		`<table>`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($target.name)</td>`
		`+ <th>Name</th><td>$target.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$target.id</td>`
		`</tr>`
		`<tr>`
		`- <th>Build Tag</th><td><a href="taginfo?tagID=$buildTag.id">$util.escapeHTML($buildTag.name)</a></td>`
		`+ <th>Build Tag</th><td><a href="taginfo?tagID=$buildTag.id">$buildTag.name</a></td>`
		`</tr>`
		`<tr>`
		`- <th>Destination Tag</th><td><a href="taginfo?tagID=$destTag.id">$util.escapeHTML($destTag.name)</a></td>`
		`+ <th>Destination Tag</th><td><a href="taginfo?tagID=$destTag.id">$destTag.name</a></td>`
		`</tr>`
		`#if 'admin' in $perms`
		`<tr>`

www/kojiweb/buildtargets.chtml

file modified

+3 -3

		`@@ -11,7 +11,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'buildtargets?start=' + this.value * $targetRange + '$util.passthrough($self, 'order')';">`
		`#for $pageNum in $targetPages`
		`- <option value="$pageNum"#if $pageNum == $targetCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $targetCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -35,7 +35,7 @@`
		`#for $target in $targets`
		`<tr class="$util.rowToggle($self)">`
		`<td>$target.id</td>`
		`- <td><a href="buildtargetinfo?targetID=$target.id">$util.escapeHTML($target.name)</a></td>`
		`+ <td><a href="buildtargetinfo?targetID=$target.id">$target.name</a></td>`
		`</tr>`
		`#end for`
		`#else`
		`@@ -50,7 +50,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'buildtargets?start=' + this.value * $targetRange + '$util.passthrough($self, 'order')';">`
		`#for $pageNum in $targetPages`
		`- <option value="$pageNum"#if $pageNum == $targetCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $targetCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/channelinfo.chtml

file modified

+5 -5

		`@@ -2,17 +2,17 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for channel <a href="channelinfo?channelID=$channel.id">$util.escapeHTML($channel.name)</a></h4>`
		`+ <h4>Information for channel <a href="channelinfo?channelID=$channel.id">$channel.name</a></h4>`

		`<table>`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($channel.name)</td>`
		`+ <th>Name</th><td>$channel.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$channel.id</td>`
		`</tr>`
		`<tr>`
		`- <th>Description</th><td>$util.escapeHTML($channel.description)</td>`
		`+ <th>Description</th><td>$channel.description</td>`
		`</tr>`
		`<tr>`
		`#set $enabled = $channel.enabled and 'yes' or 'no'`
		`@@ -22,7 +22,7 @@`
		`</td>`
		`</tr>`
		`<tr>`
		`- <th>Comment</th><td>$util.escapeHTML($channel.comment)</td>`
		`+ <th>Comment</th><td>$channel.comment</td>`
		`</tr>`
		`<tr>`
		`<th>Active Tasks</th><td><a href="tasks?view=flat&channelID=$channel.id">$taskCount</a></td>`
		`@@ -39,7 +39,7 @@`
		`</tr>`
		`#for $host in $hosts`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></td>`
		`+ <td><a href="hostinfo?hostID=$host.id">$host.name</a></td>`
		`<td class="$str($bool($host.enabled)).lower()">#if $host.enabled then $util.imageTag('yes') else $util.imageTag('no')#</td>`
		`<td class="$str($bool($host.ready)).lower()">#if $host.ready then $util.imageTag('yes') else $util.imageTag('no')#</td>`
		`</tr>`

www/kojiweb/clusterhealth.chtml

file modified

+3 -2

		`@@ -1,10 +1,11 @@`
		`#from kojiweb import util`

		`+ #@util.safe_return`
		`#def printOption(value, label=None)`
		`#if not $label`
		`#set $label = $value`
		`#end if`
		`- <option value="$value"#if $value == $arch then ' selected="selected"' else ''#>$label</option>`
		`+ <option value="$value"#if $value == $arch then ' selected' else ''#>$label</option>`
		`#end def`

		`#include "includes/header.chtml"`
		`@@ -59,7 +60,7 @@`
		`#for $channel in $channels`
		`<tr>`
		`<th>`
		`- <a href="channelinfo?channelID=$channel['id']">$util.escapeHTML($channel['name'])</a>`
		`+ <a href="channelinfo?channelID=$channel['id']">$channel['name']</a>`
		`#if not $channel['enabled_channel']`
		`[disabled]`
		`#end if`

www/kojiweb/error.chtml

file modified

+3 -3

		`@@ -5,7 +5,7 @@`
		`<h4>Error</h4>`

		`<div>`
		`- $util.escapeHTML($explanation)`
		`+ $explanation`
		`</div>`

		`#if $debug_level >= 1`
		`@@ -13,7 +13,7 @@`
		`#else`
		`<div style="visibility: hidden">`
		`#end if`
		`- $util.escapeHTML($tb_short)`
		`+ $tb_short`
		`</div>`

		`#if $debug_level >= 2`
		`@@ -22,7 +22,7 @@`
		`<div style="visibility: hidden">`
		`#end if`
		`<pre>`
		`- #echo $util.escapeHTML($tb_long)`
		`+ #echo $tb_long`
		`</pre>`
		`</div>`

www/kojiweb/externalrepoinfo.chtml

file modified

+4 -4

		`@@ -2,24 +2,24 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for external repo <a href="externalrepoinfo?extrepoID=$extRepo.id">$util.escapeHTML($extRepo.name)</a></h4>`
		`+ <h4>Information for external repo <a href="externalrepoinfo?extrepoID=$extRepo.id">$extRepo.name</a></h4>`

		`<table>`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($extRepo.name)</td>`
		`+ <th>Name</th><td>$extRepo.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$extRepo.id</td>`
		`</tr>`
		`<tr>`
		`- <th>URL</th><td><a href="$util.escapeHTML($extRepo.url)">$util.escapeHTML($extRepo.url)</a></td>`
		`+ <th>URL</th><td><a href="$extRepo.url">$extRepo.url</a></td>`
		`</tr>`
		`<tr>`
		`<th>Tags using this external repo</th>`
		`<td>`
		`#if $len($repoTags)`
		`#for $tag in $repoTags`
		`- <a href="taginfo?tagID=$tag.tag_id">$util.escapeHTML($tag.tag_name)</a><br/>`
		`+ <a href="taginfo?tagID=$tag.tag_id">$tag.tag_name</a><br/>`
		`#end for`
		`#else`
		`No tags`

www/kojiweb/fileinfo.chtml

file modified

+6 -6

		`@@ -4,14 +4,14 @@`

		`#include "includes/header.chtml"`
		`#if $rpm`
		`- <h4>Information for file <a href="fileinfo?rpmID=$rpm.id&filename=$quote($file.name)">$util.escapeHTML($file.name)</a></h4>`
		`+ <h4>Information for file <a href="fileinfo?rpmID=$rpm.id&filename=$quote($file.name)">$file.name</a></h4>`
		`#elif $archive`
		`- <h4>Information for file <a href="fileinfo?archiveID=$archive.id&filename=$quote($file.name)">$util.escapeHTML($file.name)</a></h4>`
		`+ <h4>Information for file <a href="fileinfo?archiveID=$archive.id&filename=$quote($file.name)">$file.name</a></h4>`
		`#end if`

		`<table>`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($file.name)</td>`
		`+ <th>Name</th><td>$file.name</td>`
		`</tr>`
		`#if $rpm`
		`<tr>`
		`@@ -28,12 +28,12 @@`
		`#end if`
		`#if 'user' in $file and $file.user`
		`<tr>`
		`- <th>User</th><td>$util.escapeHTML($file.user)</td>`
		`+ <th>User</th><td>$file.user</td>`
		`</tr>`
		`#end if`
		`#if 'group' in $file and $file.group`
		`<tr>`
		`- <th>Group</th><td>$util.escapeHTML($file.group)</td>`
		`+ <th>Group</th><td>$file.group</td>`
		`</tr>`
		`#end if`
		`#if 'mode' in $file and $file.mode`
		`@@ -56,7 +56,7 @@`
		`</tr>`
		`#elif $archive`
		`<tr>`
		`- <th>Archive</th><td><a href="archiveinfo?archiveID=$archive.id">$util.escapeHTML($archive.filename)</a></td>`
		`+ <th>Archive</th><td><a href="archiveinfo?archiveID=$archive.id">$archive.filename</a></td>`
		`</tr>`
		`#end if`
		`</table>`

www/kojiweb/hostedit.chtml

file modified

+6 -6

		`@@ -2,14 +2,14 @@`

		`#include "includes/header.chtml"`

		`- <h4>Edit host $util.escapeHTML($host.name)</h4>`
		`+ <h4>Edit host $host.name</h4>`

		`<form action="hostedit">`
		`$util.authToken($self, form=True)`
		`<table>`
		`<tr>`
		`<th>Name</th>`
		`- <td>$util.escapeHTML($host.name)</td>`
		`+ <td>$host.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th>`
		`@@ -20,7 +20,7 @@`
		`</tr>`
		`<tr>`
		`<th>Arches</th>`
		`- <td><input type="text" name="arches" value="$util.escapeHTML($host.arches)"/></td>`
		`+ <td><input type="text" name="arches" value="$host.arches"/></td>`
		`</tr>`
		`<tr>`
		`<th>Capacity</th>`
		`@@ -28,11 +28,11 @@`
		`</tr>`
		`<tr>`
		`<th>Description</th>`
		`- <td><textarea name="description" rows="6" cols="50">$util.escapeHTML($host.description)</textarea></td>`
		`+ <td><textarea name="description" rows="6" cols="50">$host.description</textarea></td>`
		`</tr>`
		`<tr>`
		`<th>Comment</th>`
		`- <td><textarea name="comment" rows="2" cols="50">$util.escapeHTML($host.comment)</textarea></td>`
		`+ <td><textarea name="comment" rows="2" cols="50">$host.comment</textarea></td>`
		`</tr>`
		`<tr>`
		`<th>Enabled?</th>`
		`@@ -43,7 +43,7 @@`
		`<td>`
		`<select name="channels" multiple="multiple">`
		`#for $channel in $allChannels`
		`- <option value="$channel.name" #if $channel in $hostChannels then 'selected="selected"' else ''#>$util.escapeHTML($channel.name)</option>`
		`+ <option value="$channel.name" #if $channel in $hostChannels then 'selected' else ''#>$channel.name</option>`
		`#end for`
		`</select>`
		`</td>`

www/kojiweb/hostinfo.chtml

file modified

+7 -7

		`@@ -2,17 +2,17 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for host <a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></h4>`
		`+ <h4>Information for host <a href="hostinfo?hostID=$host.id">$host.name</a></h4>`

		`<table>`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($host.name)</td>`
		`+ <th>Name</th><td>$host.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$host.id</td>`
		`</tr>`
		`<tr>`
		`- <th>Arches</th><td>$util.escapeHTML($host.arches)</td>`
		`+ <th>Arches</th><td>$host.arches</td>`
		`</tr>`
		`<tr>`
		`<th>Capacity</th><td>$host.capacity</td>`
		`@@ -21,10 +21,10 @@`
		`<th>Task Load</th><td><a href="tasks?hostID=$host.id">#echo '%.2f' % $host.task_load#</a></td>`
		`</tr>`
		`<tr>`
		`- <th>Description</th><td class="usertext">$util.escapeHTML($host.description)</td>`
		`+ <th>Description</th><td class="usertext">$host.description</td>`
		`</tr>`
		`<tr>`
		`- <th>Comment</th><td class="usertext">$util.escapeHTML($host.comment)</td>`
		`+ <th>Comment</th><td class="usertext">$host.comment</td>`
		`</tr>`
		`<tr>`
		`#set $enabled = $host.enabled and 'yes' or 'no'`
		`@@ -51,7 +51,7 @@`
		`<th>Channels</th>`
		`<td>`
		`#for $channel in $channels`
		`- <a href="channelinfo?channelID=$channel.id" class="$channel.enabled">$util.escapeHTML($channel.name)</a><br/>`
		`+ <a href="channelinfo?channelID=$channel.id" class="$channel.enabled">$channel.name</a><br/>`
		`#end for`
		`#if not $channels`
		`No channels`
		`@@ -68,7 +68,7 @@`
		`</tr>`
		`#for $buildroot in $buildroots`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="buildrootinfo?buildrootID=$buildroot.id">$util.escapeHTML($buildroot.tag_name)-$buildroot.id-$buildroot.repo_id</a></td>`
		`+ <td><a href="buildrootinfo?buildrootID=$buildroot.id">$buildroot.tag_name-$buildroot.id-$buildroot.repo_id</a></td>`
		`<td>$util.formatTime($buildroot.create_event_time)</td>`
		`<td>$util.imageTag($util.brStateName($buildroot.state))</td>`
		`</tr>`

www/kojiweb/hosts.chtml

file modified

+18 -14

		`@@ -1,5 +1,6 @@`
		`#from kojiweb import util`

		`+ #@util.safe_return`
		`#def headerState($state)`
		`#if $state == 'enabled'`
		`Enabled hosts`
		`@@ -10,6 +11,7 @@`
		`#end if`
		`#end def`

		`+ #@util.safe_return`
		`#def headerReady($ready)`
		`#if $ready == 'ready'`
		`which are ready`
		`@@ -18,6 +20,7 @@`
		`#end if`
		`#end def`

		`+ #@util.safe_return`
		`#def headerArch($arch)`
		`#if $arch == 'all'`
		`on all arches`
		`@@ -26,6 +29,7 @@`
		`#end if`
		`#end def`

		`+ #@util.safe_return`
		`#def headerChannel($channel)`
		`#if $channel == 'all'`
		`in all channels`
		`@@ -47,18 +51,18 @@`
		`<strong>State</strong>:`
		`</td><td>`
		`<select name="state" class="filterlist" onchange="javascript: window.location = 'hosts?state=' + this.value + '$util.passthrough_except($self, 'state')';">`
		`- <option value="enabled" #if $state == 'enabled' then 'selected="selected"' else ''#>enabled</option>`
		`- <option value="disabled" #if $state == 'disabled' then 'selected="selected"' else ''#>disabled</option>`
		`- <option value="all" #if $state == 'all' then 'selected="selected"' else ''#>all</option>`
		`+ <option value="enabled" #if $state == 'enabled' then 'selected' else ''#>enabled</option>`
		`+ <option value="disabled" #if $state == 'disabled' then 'selected' else ''#>disabled</option>`
		`+ <option value="all" #if $state == 'all' then 'selected' else ''#>all</option>`
		`</select>`
		`</td>`
		`<td>`
		`<strong>Channels</strong>:`
		`</td><td>`
		`<select name="channel" class="filterlist" onchange="javascript: window.location = 'hosts?channel=' + this.value + '$util.passthrough_except($self, 'channel')';">`
		`- <option value="all" #if not $channel then 'selected="selected"' else ''#>all</option>`
		`+ <option value="all" #if not $channel then 'selected' else ''#>all</option>`
		`#for $chan in $channels`
		`- <option value="$chan.name" #if $chan.name == $channel then 'selected="selected"' else ''#>$util.escapeHTML($chan.name)</option>`
		`+ <option value="$chan.name" #if $chan.name == $channel then 'selected' else ''#>$chan.name</option>`
		`#end for`
		`</select>`
		`</td>`
		`@@ -67,17 +71,17 @@`
		`<strong>Ready</strong>:`
		`</td><td>`
		`<select name="ready" class="filterlist" onchange="javascript: window.location = 'hosts?ready=' + this.value + '$util.passthrough_except($self, 'ready')';">`
		`- <option value="yes" #if $ready == 'yes' then 'selected="selected"' else ''#>yes</option>`
		`- <option value="no" #if $ready == 'no' then 'selected="selected"' else ''#>no</option>`
		`- <option value="all" #if $ready== 'all' then 'selected="selected"' else ''#>all</option>`
		`+ <option value="yes" #if $ready == 'yes' then 'selected' else ''#>yes</option>`
		`+ <option value="no" #if $ready == 'no' then 'selected' else ''#>no</option>`
		`+ <option value="all" #if $ready== 'all' then 'selected' else ''#>all</option>`
		`</select>`
		`</td><td>`
		`<strong>Arches</strong>:`
		`</td><td>`
		`<select name="arch" class="filterlist" onchange="javascript: window.location = 'hosts?arch=' + this.value + '$util.passthrough_except($self, 'arch')';">`
		`- <option value="all" #if not $arch then 'selected="selected"' else ''#>all</option>`
		`+ <option value="all" #if not $arch then 'selected' else ''#>all</option>`
		`#for $arch_item in $arches`
		`- <option value="$arch_item" #if $arch_item == $arch then 'selected="selected"' else ''#>$arch_item</option>`
		`+ <option value="$arch_item" #if $arch_item == $arch then 'selected' else ''#>$arch_item</option>`
		`#end for`
		`</select>`
		`</td></tr>`
		`@@ -91,7 +95,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'hosts?start=' + this.value * $hostRange + '$util.passthrough_except($self)';">`
		`#for $pageNum in $hostPages`
		`- <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -122,11 +126,11 @@`
		`#for $host in $hosts`
		`<tr class="$util.rowToggle($self)">`
		`<td>$host.id</td>`
		`- <td><a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></td>`
		`+ <td><a href="hostinfo?hostID=$host.id">$host.name</a></td>`
		`<td>$host.arches</td>`
		`<td>`
		`#for $channame, $chan_id, $chan_enabled in zip($host.channels, $host.channels_id, $host.channels_enabled)`
		`- <a href="channelinfo?channelID=$chan_id" class="$chan_enabled">$util.escapeHTML($channame)</a>`
		`+ <a href="channelinfo?channelID=$chan_id" class="$chan_enabled">$channame</a>`
		`#end for`
		`</td>`
		`<td class="$str($bool($host.enabled)).lower()">#if $host.enabled then $util.imageTag('yes') else $util.imageTag('no')#</td>`
		`@@ -148,7 +152,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'hosts?start=' + this.value * $hostRange + '$util.passthrough_except($self)';">`
		`#for $pageNum in $hostPages`
		`- <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/imageinfo.chtml

file modified

+5 -5

		`@@ -5,23 +5,23 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for image <a href="imageinfo?imageID=$image.id">$util.escapeHTML($image.filename)</a></h4>`
		`+ <h4>Information for image <a href="imageinfo?imageID=$image.id">$image.filename</a></h4>`

		`<table>`
		`<tr>`
		`<th>ID</th><td>$image.id</td>`
		`</tr>`
		`<tr>`
		`- <th>File Name</th><td>$util.escapeHTML($image.filename)</a></td>`
		`+ <th>File Name</th><td>$image.filename</a></td>`
		`</tr>`
		`<tr>`
		`<th>File Size</th><td><span title="$util.formatThousands($image.filesize)">$util.formatNatural($image.filesize)</span></td>`
		`</tr>`
		`<tr>`
		`- <th>Arch</th><td>$util.escapeHTML($image.arch)</td>`
		`+ <th>Arch</th><td>$image.arch</td>`
		`</tr>`
		`<tr>`
		`- <th>Media Type</th><td>$util.escapeHTML($image.mediatype)</td>`
		`+ <th>Media Type</th><td>$image.mediatype</td>`
		`</tr>`
		`<tr>`
		`#if $len($image.hash) == 32`
		`@@ -42,7 +42,7 @@`
		`<th>Task</th><td><a href="taskinfo?taskID=$task.id" class="task$util.taskState($task.state)">$koji.taskLabel($task)</a></td>`
		`</tr>`
		`<tr>`
		`- <th>Buildroot</th><td><a href="buildrootinfo?buildrootID=$buildroot.id">$util.escapeHTML(/var/lib/mock/$buildroot.tag_name-$buildroot.id-$buildroot.repo_id)</a></td>`
		`+ <th>Buildroot</th><td><a href="buildrootinfo?buildrootID=$buildroot.id">/var/lib/mock/$buildroot.tag_name-$buildroot.id-$buildroot.repo_id</a></td>`
		`</tr>`
		`<tr>`
		`<th colspan="2"><a href="rpmlist?imageID=$image.id&type=image" title="RPMs that where installed into the LiveCD">Included RPMs</a></th>`

www/kojiweb/includes/footer.chtml

file modified

+2 -2

		`@@ -9,7 +9,7 @@`
		`#set $localfooterpath=$util.themePath("extra-footer.html", local=True)`
		`#if os.path.exists($localfooterpath)`
		`#if $literalFooter`
		`- #set $localfooter="".join(open($localfooterpath, 'rt', encoding='utf-8').readlines())`
		`+ #set $localfooter=$util.SafeValue("".join(open($localfooterpath, 'rt', encoding='utf-8').readlines()))`
		`$localfooter`
		`#else`
		`#include $localfooterpath`
		`@@ -20,7 +20,7 @@`
		`</div>`
		`#set $localbottompath=$util.themePath("extra-bottom.html", local=True)`
		`#if os.path.exists($localbottompath)`
		`- #set $localbottom="".join(open($localbottompath, 'rt', encoding='utf-8').readlines())`
		`+ #set $localbottom=$util.SafeValue("".join(open($localbottompath, 'rt', encoding='utf-8').readlines()))`
		`$localbottom`
		`#end if`
		`</body>`

www/kojiweb/includes/header.chtml

file modified

+2 -7

		`@@ -29,7 +29,7 @@`
		`<img src="$util.themePath('images/koji.png')" alt="Koji Logo" id="kojiLogo"/>`
		`#set $localnavpath=$util.themePath("extra-nav.html", local=True)`
		`#if os.path.exists($localnavpath)`
		`- #set $localnav="".join(open($localnavpath, 'rt', encoding='utf-8').readlines())`
		`+ #set $localnav=$util.SafeValue("".join(open($localnavpath, 'rt', encoding='utf-8').readlines()))`
		`$localnav`
		`#end if`
		`<form action="search" id="headerSearch">`
		`@@ -49,12 +49,7 @@`
		`<option $util.toggleSelected($self, $type, "win") value="win">Windows Artifacts</option>`
		`#end if`
		`</select>`
		`- #try`
		`- #set $old_terms = util.escapeHTML($terms)`
		`- #except`
		`- #set $old_terms = ""`
		`- #end try`
		`- <input type="text" name="terms" title="You can use glob expressions here (e.g. 'bash-*')" value="$old_terms"/>`
		`+ <input type="text" name="terms" title="You can use glob expressions here (e.g. 'bash-*')" value="$terms"/>`
		`<input type="submit" value="Search"/>`
		`</form>`
		`</div><!-- end header -->`

www/kojiweb/index.chtml

file modified

+10 -10

		`@@ -20,9 +20,9 @@`
		`<tr class="$util.rowToggle($self)">`
		`#set $stateName = $util.stateName($build.state)`
		`<td>$build.build_id</td>`
		`- <td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($build.nvr)</a></td>`
		`+ <td><a href="buildinfo?buildID=$build.build_id">$build.nvr</a></td>`
		`#if not $user`
		`- <td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$util.escapeHTML($build.owner_name)</a></td>`
		`+ <td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$build.owner_name</a></td>`
		`#end if`
		`<td>$util.formatTime($build.completion_ts)</td>`
		`<td class="$stateName">$util.stateImage($build.state)</td>`
		`@@ -54,13 +54,13 @@`
		`<tr class="$util.rowToggle($self) $scratch">`
		`#set $state = $util.taskState($task.state)`
		`<td>$task.id</td>`
		`- <td><a href="taskinfo?taskID=$task.id" class="task$state" title="$state">$util.escapeHTML($koji.taskLabel($task))</a></td>`
		`+ <td><a href="taskinfo?taskID=$task.id" class="task$state" title="$state">$koji.taskLabel($task)</a></td>`
		`#if not $user`
		`<td class="user-$task.owner_name">`
		`#if $task.owner_type == $koji.USERTYPES['HOST']`
		`- <a href="hostinfo?userID=$task.owner">$util.escapeHTML($task.owner_name)</a>`
		`+ <a href="hostinfo?userID=$task.owner">$task.owner_name</a>`
		`#else`
		`- <a href="userinfo?userID=$task.owner">$util.escapeHTML($task.owner_name)</a>`
		`+ <a href="userinfo?userID=$task.owner">$task.owner_name</a>`
		`#end if`
		`</td>`
		`#end if`
		`@@ -88,7 +88,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'index?packageStart=' + this.value * $packageRange + '$util.passthrough($self, 'packageOrder', 'buildOrder', 'buildStart', 'taskOrder', 'taskStart')#packagelist';">`
		`#for $pageNum in $packagePages`
		`- <option value="$pageNum"#if $pageNum == $packageCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $packageCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -111,8 +111,8 @@`
		`</tr>`
		`#for $package in $packages`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="packageinfo?packageID=$package.package_id">$util.escapeHTML($package.package_name)</a></td>`
		`- <td><a href="taginfo?tagID=$package.tag_id">$util.escapeHTML($package.tag_name)</a></td>`
		`+ <td><a href="packageinfo?packageID=$package.package_id">$package.package_name</a></td>`
		`+ <td><a href="taginfo?tagID=$package.tag_id">$package.tag_name</a></td>`
		`#set $included = $package.blocked and 'no' or 'yes'`
		`<td>$util.imageTag($included)</td>`
		`</tr>`
		`@@ -140,8 +140,8 @@`
		`</tr>`
		`#for $notif in $notifs`
		`<tr class="$util.rowToggle($self)">`
		`- <td>#if $notif.package then $util.escapeHTML($notif.package.name) else 'all'#</td>`
		`- <td>#if $notif.tag then $util.escapeHTML($notif.tag.name) else 'all'#</td>`
		`+ <td>#if $notif.package then $notif.package.name else 'all'#</td>`
		`+ <td>#if $notif.tag then $notif.tag.name else 'all'#</td>`
		`<td>#if $notif.success_only then 'success only' else 'all'#</td>`
		`<td><a href="notificationedit?notificationID=$notif.id$util.authToken($self)">edit</a></td>`
		`<td><a href="notificationdelete?notificationID=$notif.id$util.authToken($self)">delete</a></td>`

www/kojiweb/index.py

file modified

+2 -2

		`@@ -36,7 +36,7 @@`
		`from koji.tasks import parse_task_params`
		`import kojiweb.util`
		`from koji.server import ServerRedirect`
		`- from kojiweb.util import _genHTML, _getValidTokens, _initValues, formatRPM`
		`+ from kojiweb.util import _genHTML, _getValidTokens, _initValues, formatRPM, SafeValue`
		`from koji.util import extract_build_task`


		`@@ -1534,7 +1534,7 @@`
		`except koji.GenericError:`
		`raise koji.GenericError('No such RPM ID: %i' % rpmID)`

		`- values['title'] = formatRPM(rpm) + ' \| RPM Info'`
		`+ values['title'] = formatRPM(rpm) + SafeValue(' \| RPM Info')`

		`build = None`
		`if rpm['build_id'] is not None:`

www/kojiweb/notificationedit.chtml

file modified

+4 -4

		`@@ -18,9 +18,9 @@`
		`<th>Package</th>`
		`<td>`
		`<select name="package">`
		`- <option value="all"#if $notif and not $notif.package_id then ' selected="selected"' else ''#>all</option>`
		`+ <option value="all"#if $notif and not $notif.package_id then ' selected' else ''#>all</option>`
		`#for $package in $packages`
		`- <option value="$package.package_id"#if $notif and $notif.package_id == $package.package_id then ' selected="selected"' else ''#>$util.escapeHTML($package.package_name)</option>`
		`+ <option value="$package.package_id"#if $notif and $notif.package_id == $package.package_id then ' selected' else ''#>$package.package_name</option>`
		`#end for`
		`</select>`
		`</td>`
		`@@ -29,9 +29,9 @@`
		`<th>Tag</th>`
		`<td>`
		`<select name="tag">`
		`- <option value="all"#if $notif and not $notif.tag_id then ' selected="selected"' else ''#>all</option>`
		`+ <option value="all"#if $notif and not $notif.tag_id then ' selected' else ''#>all</option>`
		`#for $tag in $tags`
		`- <option value="$tag.id"#if $notif and $notif.tag_id == $tag.id then ' selected="selected"' else ''#>$util.escapeHTML($tag.name)</option>`
		`+ <option value="$tag.id"#if $notif and $notif.tag_id == $tag.id then ' selected' else ''#>$tag.name</option>`
		`#end for`
		`</select>`
		`</td>`

www/kojiweb/packageinfo.chtml

file modified

+8 -8

		`@@ -2,11 +2,11 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for package <a href="packageinfo?packageID=$package.id">$util.escapeHTML($package.name)</a></h4>`
		`+ <h4>Information for package <a href="packageinfo?packageID=$package.id">$package.name</a></h4>`

		`<table>`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($package.name)</td>`
		`+ <th>Name</th><td>$package.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$package.id</td>`
		`@@ -24,7 +24,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'packageinfo?buildStart=' + this.value * $buildRange + '$util.passthrough($self, 'packageID', 'buildOrder', 'tagOrder', 'tagStart')#buildlist';">`
		`#for $pageNum in $buildPages`
		`- <option value="$pageNum"#if $pageNum == $buildCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $buildCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -46,8 +46,8 @@`
		`</tr>`
		`#for $build in $builds`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($build.nvr)</a></td>`
		`- <td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$util.escapeHTML($build.owner_name)</a></td>`
		`+ <td><a href="buildinfo?buildID=$build.build_id">$build.nvr</a></td>`
		`+ <td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$build.owner_name</a></td>`
		`<td>$util.formatTime($build.completion_ts)</td>`
		`#set $stateName = $util.stateName($build.state)`
		`<td class="$stateName">$util.stateImage($build.state)</td>`
		`@@ -79,7 +79,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'packageinfo?tagStart=' + this.value * $tagRange + '$util.passthrough($self, 'packageID', 'tagOrder', 'buildOrder', 'buildStart')#taglist';">`
		`#for $pageNum in $tagPages`
		`- <option value="$pageNum"#if $pageNum == $tagCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $tagCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -101,8 +101,8 @@`
		`</tr>`
		`#for $tag in $tags`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a></td>`
		`- <td><a href="userinfo?userID=$tag.owner_id">$util.escapeHTML($tag.owner_name)</a></td>`
		`+ <td><a href="taginfo?tagID=$tag.id">$tag.name</a></td>`
		`+ <td><a href="userinfo?userID=$tag.owner_id">$tag.owner_name</a></td>`
		`#set $included = $tag.blocked and 'no' or 'yes'`
		`<td>$util.imageTag($included)</td>`
		`<td>$tag.extra_arches</td>`

www/kojiweb/packages.chtml

file modified

+26 -11

		`@@ -1,10 +1,25 @@`
		`#from kojiweb import util`
		`+ #from kojiweb.util import safe_return`

		`#attr _PASSTHROUGH = ['userID', 'tagID', 'order', 'prefix', 'inherited', 'blocked']`

		`#include "includes/header.chtml"`

		`- <h4>Packages#if $prefix then ' starting with "%s"' % $prefix else ''##if $tag then ' in tag <a href="taginfo?tagID=%i">%s</a>' % ($tag.id, $util.escapeHTML($tag.name)) else ''##if $user then ' owned by <a href="userinfo?userID=%i">%s</a>' % ($user.id, $util.escapeHTML($user.name)) else ''#</h4>`
		`+ #@safe_return`
		`+ #def getDescription()`
		`+ Packages`
		`+ #if $prefix`
		`+ starting with $prefix`
		`+ #end if`
		`+ #if $tag`
		`+ in tag <a href="taginfo?tagID=$tag.id">$tag.name</a>`
		`+ #end if`
		`+ #if $user`
		`+ owned by <a href="userinfo?userID=$user.id">$user.name</a>`
		`+ #end if`
		`+ #end def`
		`+`
		`+ <h4>$getDescription()</h4>`

		`<table class="data-list">`
		`#if $tag`
		`@@ -15,16 +30,16 @@`
		`<strong>Inherited</strong>:`
		`</td><td>`
		`<select name="inherited" class="filterlist" onchange="javascript: window.location = 'packages?inherited=' + this.value + '$util.passthrough_except($self, 'inherited')';">`
		`- <option value="1" #if $inherited then 'selected="selected"' else ''#>yes</option>`
		`- <option value="0" #if not $inherited then 'selected="selected"' else ''#>no</option>`
		`+ <option value="1" #if $inherited then 'selected' else ''#>yes</option>`
		`+ <option value="0" #if not $inherited then 'selected' else ''#>no</option>`
		`</select>`
		`</td></tr>`
		`<tr><td>`
		`<strong>With blocked</strong>:`
		`</td><td>`
		`<select name="blocked" class="filterlist" onchange="javascript: window.location = 'packages?blocked=' + this.value + '$util.passthrough_except($self, 'blocked')';">`
		`- <option value="1" #if $blocked then 'selected="selected"' else ''#>yes</option>`
		`- <option value="0" #if not $blocked then 'selected="selected"' else ''#>no</option>`
		`+ <option value="1" #if $blocked then 'selected' else ''#>yes</option>`
		`+ <option value="0" #if not $blocked then 'selected' else ''#>no</option>`
		`</select>`
		`</td></tr>`
		`</table>`
		`@@ -41,7 +56,7 @@`
		`\|`
		`#end for`
		`#if $prefix`
		`- <a href="packages?${util.passthrough($self, 'userID', 'tagID', 'order', 'inherited', 'blocked')[1:]}">all</a>`
		`+ <a href="packages?${util.passthrough($self, 'userID', 'tagID', 'order', 'inherited', 'blocked', prefix='')}">all</a>`
		`#else`
		`<strong>all</strong>`
		`#end if`
		`@@ -54,7 +69,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'packages?start=' + this.value * $packageRange + '$util.passthrough($self, 'userID', 'tagID', 'order', 'prefix', 'inherited', 'blocked')';">`
		`#for $pageNum in $packagePages`
		`- <option value="$pageNum"#if $pageNum == $packageCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $packageCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -83,10 +98,10 @@`
		`#for $package in $packages`
		`<tr class="$util.rowToggle($self)">`
		`<td>$package.package_id</td>`
		`- <td><a href="packageinfo?packageID=$package.package_id">$util.escapeHTML($package.package_name)</a></td>`
		`+ <td><a href="packageinfo?packageID=$package.package_id">$package.package_name</a></td>`
		`#if $tag or $user`
		`- <td><a href="taginfo?tagID=$package.tag_id">$util.escapeHTML($package.tag_name)</a></td>`
		`- <td class="user-$package.owner_name"><a href="userinfo?userID=$package.owner_id">$util.escapeHTML($package.owner_name)</a></td>`
		`+ <td><a href="taginfo?tagID=$package.tag_id">$package.tag_name</a></td>`
		`+ <td class="user-$package.owner_name"><a href="userinfo?userID=$package.owner_id">$package.owner_name</a></td>`
		`<td class="$str(not $package.blocked).lower()">#if $package.blocked then $util.imageTag('no') else $util.imageTag('yes')#</td>`
		`#end if`
		`</tr>`
		`@@ -103,7 +118,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'packages?start=' + this.value * $packageRange + '$util.passthrough($self, 'userID', 'tagID', 'order', 'prefix', 'inherited', 'blocked')';">`
		`#for $pageNum in $packagePages`
		`- <option value="$pageNum"#if $pageNum == $packageCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $packageCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/packagesbyuser.chtml

file modified

+3 -3

		`@@ -11,7 +11,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'packagesbyuser?start=' + this.value * $userRange + '$util.passthrough($self, 'order')';">`
		`#for $pageNum in $userPages`
		`- <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -35,7 +35,7 @@`
		`#if $len($users) > 0`
		`#for $user in $users`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="userinfo?userID=$user.id">$util.escapeHTML($user.name)</a></td>`
		`+ <td><a href="userinfo?userID=$user.id">$user.name</a></td>`
		`<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $user.packages#" height="15" class="graphrow" alt="graph row"/></td>`
		`<td>$user.packages</td>`
		`</tr>`
		`@@ -52,7 +52,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'packagesbyuser?start=' + this.value * $userRange + '$util.passthrough($self, 'order')';">`
		`#for $pageNum in $userPages`
		`- <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/recentbuilds.chtml

file modified

+6 -5

		`@@ -2,6 +2,7 @@`
		`#import koji.util`
		`#from kojiweb import util`

		`+ #@util.safe_return`
		`#def linkURL()`
		`#set $query = []`
		`#if $tag`
		`@@ -22,18 +23,18 @@`

		`<rss version="2.0">`
		`<channel>`
		`- <title>$siteName: recent builds#if $package then ' of package ' + $util.escapeHTML($package.name) else ''##if $tag then ' into tag ' + $util.escapeHTML($tag.name) else ''##if $user then ' by user ' + $util.escapeHTML($user.name) else ''#</title>`
		`+ <title>$siteName: recent builds#if $package then ' of package ' + $package.name else ''##if $tag then ' into tag ' + $tag.name else ''##if $user then ' by user ' + $user.name else ''#</title>`
		`<link>$linkURL()</link>`
		`<description>`
		`A list of the most recent builds`
		`#if $package`
		`- of package $util.escapeHTML($package.name)`
		`+ of package $package.name`
		`#end if`
		`#if $tag`
		`- into tag $util.escapeHTML($tag.name)`
		`+ into tag $tag.name`
		`#end if`
		`#if $user`
		`- by user $util.escapeHTML($user.name)`
		`+ by user $user.name`
		`#end if`
		`in the $siteName Build System. The list is sorted in reverse chronological order by build completion time.`
		`</description>`
		`@@ -46,7 +47,7 @@`
		`<pubDate>$util.formatTimeRSS($build.completion_ts)</pubDate>`
		`#end if`
		`#if $build.state == $koji.BUILD_STATES['COMPLETE'] and $build.changelog`
		`- <description><pre>$util.escapeHTML($koji.util.formatChangelog($build.changelog))</pre></description>`
		`+ <description><pre>$koji.util.formatChangelog($build.changelog)</pre></description>`
		`#end if`
		`</item>`
		`#end for`

www/kojiweb/repoinfo.chtml

file modified

+2 -2

		`@@ -8,12 +8,12 @@`
		`#if $repo`
		`<table>`
		`<tr><th>ID</th><td>$repo.id</td><th></tr>`
		`- <tr><th>Tag</th><td><a href="taginfo?tagID=$repo.tag_id">$util.escapeHTML($repo.tag_name)</a></td></tr>`
		`+ <tr><th>Tag</th><td><a href="taginfo?tagID=$repo.tag_id">$repo.tag_name</a></td></tr>`
		`#if $repo.task_id`
		`<tr><th>Task ID</th><td><a href="taskinfo?taskID=$repo.task_id">$repo.task_id</a></td></tr>`
		`#end if`
		`#set $state = $util.repoState($repo.state)`
		`- <tr><th>State</th><td class="repo$state">$util.escapeHTML($state)</td></tr>`
		`+ <tr><th>State</th><td class="repo$state">$state</td></tr>`
		`<tr><th>Event</th><td>$repo.create_event ($util.formatTimeLong($repo.create_ts))</td></tr>`
		`#if $repo.state != koji.REPO_STATES['DELETED']`
		`<tr><th>URL</th><td><a href="$url">repodata</a></td></tr>`

www/kojiweb/rpminfo.chtml

file modified

+20 -20

		`@@ -8,7 +8,7 @@`

		`#include "includes/header.chtml"`
		`#set $epoch = ($rpm.epoch != None and $str($rpm.epoch) + ':' or '')`
		`- <h4>Information for RPM <a href="rpminfo?rpmID=$rpm.id">$util.escapeHTML($rpm.name)-$epoch$rpm.version-$rpm.release.${rpm.arch}.rpm</a></h4>`
		`+ <h4>Information for RPM <a href="rpminfo?rpmID=$rpm.id">$rpm.name-$epoch$rpm.version-$rpm.release.${rpm.arch}.rpm</a></h4>`

		`<table>`
		`<tr>`
		`@@ -21,9 +21,9 @@`
		`#end if`
		`<tr>`
		`#if $build`
		`- <th>Name</th><td><a href="packageinfo?packageID=$build.package_id">$util.escapeHTML($rpm.name)</a></td>`
		`+ <th>Name</th><td><a href="packageinfo?packageID=$build.package_id">$rpm.name</a></td>`
		`#else`
		`- <th>Name</th><td>$util.escapeHTML($rpm.name)</td>`
		`+ <th>Name</th><td>$rpm.name</td>`
		`#end if`
		`</tr>`
		`<tr>`
		`@@ -40,7 +40,7 @@`
		`<th>Epoch</th><td>$rpm.epoch</td>`
		`</tr>`
		`<tr>`
		`- <th>Arch</th><td>$util.escapeHTML($rpm.arch)</td>`
		`+ <th>Arch</th><td>$rpm.arch</td>`
		`</tr>`
		`<tr>`
		`#if $rpm.draft`
		`@@ -50,10 +50,10 @@`
		`#end if`
		`#if $rpm.external_repo_id == 0`
		`<tr>`
		`- <th>Summary</th><td class="rpmheader">$util.escapeHTML($summary)</td>`
		`+ <th>Summary</th><td class="rpmheader">$summary</td>`
		`</tr>`
		`<tr>`
		`- <th>Description</th><td class="rpmheader">$util.escapeHTML($description)</td>`
		`+ <th>Description</th><td class="rpmheader">$description</td>`
		`</tr>`
		`#end if`
		`<tr>`
		`@@ -66,7 +66,7 @@`
		`#end if`
		`#if $rpm.external_repo_id`
		`<tr>`
		`- <th>External Repository</th><td><a href="externalrepoinfo?extrepoID=$rpm.external_repo_id">$util.escapeHTML($rpm.external_repo_name)</a></td>`
		`+ <th>External Repository</th><td><a href="externalrepoinfo?extrepoID=$rpm.external_repo_id">$rpm.external_repo_name</a></td>`
		`</tr>`
		`#end if`
		`<tr>`
		`@@ -77,7 +77,7 @@`
		`</tr>`
		`#if $rpm.external_repo_id == 0`
		`<tr>`
		`- <th>License</th><td>$util.escapeHTML($license)</td>`
		`+ <th>License</th><td>$license</td>`
		`</tr>`
		`#if $vcs`
		`<tr>`
		`@@ -97,7 +97,7 @@`
		`#end if`
		`#if $rpm.get('extra')`
		`<tr>`
		`- <th>Extra</th><td class="usertext">$util.escapeHTML($pformat($rpm.extra))</td>`
		`+ <th>Extra</th><td class="usertext">$pformat($rpm.extra)</td>`
		`</tr>`
		`#end if`
		`#if $rpm.external_repo_id == 0`
		`@@ -108,7 +108,7 @@`
		`<table class="nested">`
		`#for $dep in $provides`
		`<tr>`
		`- <td>$util.escapeHTML($util.formatDep($dep.name, $dep.version, $dep.flags))</td>`
		`+ <td>$util.formatDep($dep.name, $dep.version, $dep.flags)</td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -124,7 +124,7 @@`
		`<table class="nested">`
		`#for $dep in $obsoletes`
		`<tr>`
		`- <td>$util.escapeHTML($util.formatDep($dep.name, $dep.version, $dep.flags))</td>`
		`+ <td>$util.formatDep($dep.name, $dep.version, $dep.flags)</td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -140,7 +140,7 @@`
		`<table class="nested">`
		`#for $dep in $conflicts`
		`<tr>`
		`- <td>$util.escapeHTML($util.formatDep($dep.name, $dep.version, $dep.flags))</td>`
		`+ <td>$util.formatDep($dep.name, $dep.version, $dep.flags)</td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -156,7 +156,7 @@`
		`<table class="nested">`
		`#for $dep in $requires`
		`<tr>`
		`- <td>$util.escapeHTML($util.formatDep($dep.name, $dep.version, $dep.flags))</td>`
		`+ <td>$util.formatDep($dep.name, $dep.version, $dep.flags)</td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -172,7 +172,7 @@`
		`<table class="nested">`
		`#for $dep in $recommends`
		`<tr>`
		`- <td>$util.escapeHTML($util.formatDep($dep.name, $dep.version, $dep.flags))</td>`
		`+ <td>$util.formatDep($dep.name, $dep.version, $dep.flags)</td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -188,7 +188,7 @@`
		`<table class="nested">`
		`#for $dep in $suggests`
		`<tr>`
		`- <td>$util.escapeHTML($util.formatDep($dep.name, $dep.version, $dep.flags))</td>`
		`+ <td>$util.formatDep($dep.name, $dep.version, $dep.flags)</td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -204,7 +204,7 @@`
		`<table class="nested">`
		`#for $dep in $supplements`
		`<tr>`
		`- <td>$util.escapeHTML($util.formatDep($dep.name, $dep.version, $dep.flags))</td>`
		`+ <td>$util.formatDep($dep.name, $dep.version, $dep.flags)</td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -220,7 +220,7 @@`
		`<table class="nested">`
		`#for $dep in $enhances`
		`<tr>`
		`- <td>$util.escapeHTML($util.formatDep($dep.name, $dep.version, $dep.flags))</td>`
		`+ <td>$util.formatDep($dep.name, $dep.version, $dep.flags)</td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -241,7 +241,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'rpminfo?fileStart=' + this.value * $fileRange + '$util.passthrough_except($self, 'fileStart')#filelist';">`
		`#for $pageNum in $filePages`
		`- <option value="$pageNum"#if $pageNum == $fileCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $fileCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -261,7 +261,7 @@`
		`</tr>`
		`#for $file in $files`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="fileinfo?rpmID=$rpm.id&filename=$quote($file.name.encode('utf-8'))">$util.escapeHTML($file.name)</a></td><td align="right"><span title="$util.formatThousands($file.size)">$util.formatNatural($file.size)</span></td>`
		`+ <td><a href="fileinfo?rpmID=$rpm.id&filename=$quote($file.name.encode('utf-8'))">$file.name</a></td><td align="right"><span title="$util.formatThousands($file.size)">$util.formatNatural($file.size)</span></td>`
		`</tr>`
		`#end for`
		`</table>`
		`@@ -283,7 +283,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'rpminfo?buildrootStart=' + this.value * $buildrootRange + '$util.passthrough_except($self, 'buildrootStart')#buildrootlist';">`
		`#for $pageNum in $buildrootPages`
		`- <option value="$pageNum"#if $pageNum == $buildrootCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $buildrootCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/rpmlist.chtml

file modified

+6 -4

		`@@ -2,6 +2,7 @@`

		`#include "includes/header.chtml"`

		`+ #@util.safe_return`
		`#def getID()`
		`#if $type == 'image'`
		`imageID=$image.id #slurp`
		`@@ -10,6 +11,7 @@`
		`#end if`
		`#end def`

		`+ #@util.safe_return`
		`#def getColspan()`
		`#if $type == 'component'`
		`colspan="3" #slurp`
		`@@ -23,7 +25,7 @@`
		`#if $type == 'component'`
		`<h4>Component RPMs of buildroot <a href="buildrootinfo?buildrootID=$buildroot.id">$util.brLabel($buildroot)</a></h4>`
		`#elif $type == 'image'`
		`- <h4>RPMs installed in <a href="archiveinfo?archiveID=$image.id">$util.escapeHTML($image.filename)</a></h4>`
		`+ <h4>RPMs installed in <a href="archiveinfo?archiveID=$image.id">$image.filename</a></h4>`
		`#else`
		`<h4>RPMs built in buildroot <a href="buildrootinfo?buildrootID=$buildroot.id">$util.brLabel($buildroot)</a></h4>`
		`#end if`
		`@@ -36,7 +38,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'rpmlist?$getID()&start=' + this.value * $rpmRange + '$util.passthrough($self, 'order', 'type')';">`
		`#for $pageNum in $rpmPages`
		`- <option value="$pageNum"#if $pageNum == $rpmCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $rpmCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -70,7 +72,7 @@`
		`#if $rpm.external_repo_id == 0`
		`<td>internal</td>`
		`#else`
		`- <td><a href="externalrepoinfo?extrepoID=$rpm.external_repo_id">$util.escapeHTML($rpm.external_repo_name)</a></td>`
		`+ <td><a href="externalrepoinfo?extrepoID=$rpm.external_repo_id">$rpm.external_repo_name</a></td>`
		`#end if`
		`#end if`
		`#if $type == 'component'`
		`@@ -91,7 +93,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'rpmlist?$getID()&start=' + this.value * $rpmRange + '$util.passthrough($self, 'order', 'type')';">`
		`#for $pageNum in $rpmPages`
		`- <option value="$pageNum"#if $pageNum == $rpmCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $rpmCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/rpmsbyhost.chtml

file modified

+5 -5

		`@@ -14,7 +14,7 @@`
		`#end if`
		`#end for`
		`#if $hostArch`
		`- <a href="rpmsbyhost?${util.passthrough($self, 'order', 'rpmArch')[1:]}">all</a>`
		`+ <a href="rpmsbyhost?${util.passthrough($self, 'order', 'rpmArch', prefix='')}">all</a>`
		`#else`
		`<strong>all</strong>`
		`#end if`
		`@@ -30,7 +30,7 @@`
		`#end if`
		`#end for`
		`#if $rpmArch`
		`- <a href="rpmsbyhost?${util.passthrough($self, 'order', 'hostArch')[1:]}">all</a>`
		`+ <a href="rpmsbyhost?${util.passthrough($self, 'order', 'hostArch', prefix='')}">all</a>`
		`#else`
		`<strong>all</strong>`
		`#end if`
		`@@ -43,7 +43,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'rpmsbyhost?start=' + this.value * $hostRange + '$util.passthrough($self, 'order', 'hostArch', 'rpmArch')';">`
		`#for $pageNum in $hostPages`
		`- <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -67,7 +67,7 @@`
		`#if $len($hosts) > 0`
		`#for $host in $hosts`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></td>`
		`+ <td><a href="hostinfo?hostID=$host.id">$host.name</a></td>`
		`<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $host.rpms#" height="15" class="graphrow" alt="graph row"/></td>`
		`<td>$host.rpms</td>`
		`</tr>`
		`@@ -84,7 +84,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'rpmsbyhost?start=' + this.value * $hostRange + '$util.passthrough($self, 'order', 'hostArch', 'rpmArch')';">`
		`#for $pageNum in $hostPages`
		`- <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/search.chtml

file modified

+4 -9

		`@@ -12,12 +12,7 @@`
		`<tr><td colspan="5" class="error">$error</td></tr>`
		`#end if`
		`<th>Search</th>`
		`- #try`
		`- #set $old_terms = util.escapeHTML($terms)`
		`- #except`
		`- #set $old_terms = ""`
		`- #end try`
		`- <td><input type="text" name="terms" value="$old_terms"/></td>`
		`+ <td><input type="text" name="terms" value="$terms"/></td>`
		`<td>`
		`<select name="type">`
		`<option $util.toggleSelected($self, $type, "package") value="package">Packages</option>`
		`@@ -62,7 +57,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'search?start=' + this.value * $resultRange + '$util.passthrough($self, 'order', 'terms', 'type', 'match')';">`
		`#for $pageNum in $resultPages`
		`- <option value="$pageNum"#if $pageNum == $resultCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $resultCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -86,7 +81,7 @@`
		`#for $result in $results`
		`<tr class="$util.rowToggle($self)">`
		`<td>$result.id</td>`
		`- <td><a href="${infoURL % $result}">$util.escapeHTML($result.name)</a></td>`
		`+ <td><a href="${infoURL % $result}">$result.name</a></td>`
		`</tr>`
		`#end for`
		`#else`
		`@@ -101,7 +96,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'search?start=' + this.value * $resultRange + '$util.passthrough($self, 'order', 'terms', 'type', 'match')';">`
		`#for $pageNum in $resultPages`
		`- <option value="$pageNum"#if $pageNum == $resultCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $resultCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/tagedit.chtml

file modified

+4 -4

		`@@ -14,7 +14,7 @@`
		`<tr>`
		`<th>Name</th>`
		`<td>`
		`- <input type="text" name="name" value="#if $tag then $util.escapeHTML($tag.name) else ''#"/>`
		`+ <input type="text" name="name" value="#if $tag then $tag.name else ''#"/>`
		`#if $tag`
		`<input type="hidden" name="tagID" value="$tag.id"/>`
		`#end if`
		`@@ -22,7 +22,7 @@`
		`</tr>`
		`<tr>`
		`<th>Arches</th>`
		`- <td><input type="text" name="arches" value="#if $tag then $util.escapeHTML($tag.arches) else ''#"/></td>`
		`+ <td><input type="text" name="arches" value="#if $tag then $tag.arches else ''#"/></td>`
		`</tr>`
		`<tr>`
		`<th>Locked</th>`
		`@@ -32,9 +32,9 @@`
		`<th>Permission</th>`
		`<td>`
		`<select name="permission">`
		`- <option value="none" #if $tag and not $tag.perm_id then 'selected="selected"' else ''#>none</option>`
		`+ <option value="none" #if $tag and not $tag.perm_id then 'selected' else ''#>none</option>`
		`#for $permission in $permissions`
		`- <option value="$permission.id" #if $tag and $tag.perm_id == $permission.id then 'selected="selected"' else ''#>$util.escapeHTML($permission.name)</option>`
		`+ <option value="$permission.id" #if $tag and $tag.perm_id == $permission.id then 'selected' else ''#>$permission.name</option>`
		`#end for`
		`</select>`
		`</td>`

www/kojiweb/taginfo.chtml

file modified

+10 -10

		`@@ -4,22 +4,22 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for tag <a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a></h4>`
		`+ <h4>Information for tag <a href="taginfo?tagID=$tag.id">$tag.name</a></h4>`

		`<table>`
		`#if $child and 'admin' in $perms`
		`<tr>`
		`- <th colspan="2"><a href="tagparent?tagID=$child.id&parentID=$tag.id&action=add$util.authToken($self)">Add $util.escapeHTML($tag.name) as parent of $util.escapeHTML($child.name)</a></th>`
		`+ <th colspan="2"><a href="tagparent?tagID=$child.id&parentID=$tag.id&action=add$util.authToken($self)">Add $tag.name as parent of $child.name</a></th>`
		`</tr>`
		`#end if`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($tag.name)</td>`
		`+ <th>Name</th><td>$tag.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$tag.id</td>`
		`</tr>`
		`<tr>`
		`- <th>Arches</th><td>$util.escapeHTML($tag.arches)</td>`
		`+ <th>Arches</th><td>$tag.arches</td>`
		`</tr>`
		`<tr>`
		`<th>Locked</th><td class="$str(not $tag.locked).lower()">#if $tag.locked then 'yes' else 'no'#</td>`
		`@@ -38,7 +38,7 @@`
		`<tr>`
		`<th>Inheritance</th>`
		`<td class="tree">`
		`- <span class="root">$util.escapeHTML($tag.name)</span>`
		`+ <span class="root">$tag.name</span>`
		`#set $numParents = $len($inheritance)`
		`#set $iter = 0`
		`#set $maxDepth = 0`
		`@@ -62,7 +62,7 @@`
		`#silent $tagsByChild[$parent.child_id].pop()`
		`<span class="treeBranch">`
		`<span class="treeLabel">`
		`- <a href="taginfo?tagID=$parent.parent_id">$util.escapeHTML($parent.name)</a>`
		`+ <a href="taginfo?tagID=$parent.parent_id">$parent.name</a>`
		`#if $depth == 1 and 'admin' in $perms`
		`<span class="treeLink">(<a href="tagparent?tagID=$tag.id&parentID=$parent.parent_id&action=edit$util.authToken($self)">edit</a>) (<a href="tagparent?tagID=$tag.id&parentID=$parent.parent_id&action=remove$util.authToken($self)">remove</a>)</span>`
		`#end if`
		`@@ -103,9 +103,9 @@`
		`<th>External repos</th>`
		`<td>`
		`#for $external_repo in $external_repos`
		`- <a href="externalrepoinfo?extrepoID=$external_repo.external_repo_id">$util.escapeHTML($external_repo.external_repo_name)</a> [$external_repo.merge_mode]`
		`+ <a href="externalrepoinfo?extrepoID=$external_repo.external_repo_id">$external_repo.external_repo_name</a> [$external_repo.merge_mode]`
		`#if $external_repo.tag_id != $tag.id`
		`- <span class="smaller">(inherited from <a href="taginfo?tagID=$external_repo.tag_id">$util.escapeHTML($external_repo.tag_name)</a>)</span>`
		`+ <span class="smaller">(inherited from <a href="taginfo?tagID=$external_repo.tag_id">$external_repo.tag_name</a>)</span>`
		`#end if`
		`<br/>`
		`#end for`
		`@@ -137,7 +137,7 @@`
		`<td>`
		`#if $len($srcTargets)`
		`#for $target in $srcTargets`
		`- <a href="buildtargetinfo?name=$quote($target.name)">$util.escapeHTML($target.name)</a><br/>`
		`+ <a href="buildtargetinfo?name=$quote($target.name)">$target.name</a><br/>`
		`#end for`
		`#else`
		`No build targets`
		`@@ -149,7 +149,7 @@`
		`<td>`
		`#if $len($destTargets)`
		`#for $target in $destTargets`
		`- <a href="buildtargetinfo?name=$quote($target.name)">$util.escapeHTML($target.name)</a><br/>`
		`+ <a href="buildtargetinfo?name=$quote($target.name)">$target.name</a><br/>`
		`#end for`
		`#else`
		`No build targets`

www/kojiweb/taginfo_deleted.chtml

file modified

+2 -2

		`@@ -4,11 +4,11 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for deleted tag <a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a></h4>`
		`+ <h4>Information for deleted tag <a href="taginfo?tagID=$tag.id">$tag.name</a></h4>`

		`<table>`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($tag.name)</td>`
		`+ <th>Name</th><td>$tag.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$tag.id</td>`

www/kojiweb/tagparent.chtml

file modified

+2 -2

		`@@ -15,14 +15,14 @@`
		`<tr>`
		`<th>Tag Name</th>`
		`<td>`
		`- $util.escapeHTML($tag.name)`
		`+ $tag.name`
		`<input type="hidden" name="tagID" value="$tag.id"/>`
		`</td>`
		`</tr>`
		`<tr>`
		`<th>Parent Tag Name</th>`
		`<td>`
		`- $util.escapeHTML($parent.name)`
		`+ $parent.name`
		`<input type="hidden" name="parentID" value="$parent.id"/>`
		`</td>`
		`</tr>`

www/kojiweb/tags.chtml

file modified

+3 -3

		`@@ -11,7 +11,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'tags?start=' + this.value * $tagRange + '$util.passthrough($self, 'userID', 'tagID', 'order', 'childID')';">`
		`#for $pageNum in $tagPages`
		`- <option value="$pageNum"#if $pageNum == $tagCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $tagCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -35,7 +35,7 @@`
		`#for $tag in $tags`
		`<tr class="$util.rowToggle($self)">`
		`<td>$tag.id</td>`
		`- <td><a href="taginfo?tagID=$tag.id$util.passthrough($self, 'childID')">$util.escapeHTML($tag.name)</a></td>`
		`+ <td><a href="taginfo?tagID=$tag.id$util.passthrough($self, 'childID')">$tag.name</a></td>`
		`</tr>`
		`#end for`
		`#else`
		`@@ -50,7 +50,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'tags?start=' + this.value * $tagRange + '$util.passthrough($self, 'userID', 'tagID', 'order', 'childID')';">`
		`#for $pageNum in $tagPages`
		`- <option value="$pageNum"#if $pageNum == $tagCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $tagCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/taskinfo.chtml

file modified

+14 -9

		`@@ -4,6 +4,7 @@`
		`#from urllib.parse import quote`
		`#import datetime`

		`+ #@util.safe_return`
		`#def printChildren($taskID, $childMap)`
		`#set $iter = 0`
		`#set $children = $childMap[$str($taskID)]`
		`@@ -20,7 +21,7 @@`
		`<span class="treeBranch">`
		`<span class="treeLabel">`
		`<span class="task$childState">$util.imageTag($childState)</span>`
		`- <a href="taskinfo?taskID=$child.id" class="task$childState" title="$childState">$util.escapeHTML($koji.taskLabel($child))</a>`
		`+ <a href="taskinfo?taskID=$child.id" class="task$childState" title="$childState">$koji.taskLabel($child)</a>`
		`</span>`
		`</span>`
		`$printChildren($child.id, $childMap)`
		`@@ -30,6 +31,7 @@`
		`#end if`
		`#end def`

		`+ #@util.safe_return`
		`#def printMap($vals, $prefix='')`
		`#for $key, $value in $vals.items()`
		`#if $key == 'properties'`
		`@@ -40,6 +42,7 @@`
		`#end for`
		`#end def`

		`+ #@util.safe_return`
		`#def printOpts($opts)`
		`#if $opts`
		`<strong>Options:</strong><br/>`
		`@@ -47,6 +50,7 @@`
		`#end if`
		`#end def`

		`+ #@util.safe_return`
		`#def printValue($key, $value, $sep=', ')`
		`#if $value is None`
		`None`
		`@@ -84,6 +88,7 @@`
		`#end if`
		`#end def`

		`+ #@util.safe_return`
		`#def printProperties($props)`
		`#echo ', '.join([$v is not None and '%s=%s' % ($n, $v) or $str($n) for $n, $v in $props.items()])`
		`#end def`
		`@@ -91,7 +96,7 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for task <a href="taskinfo?taskID=$task.id">$util.escapeHTML($koji.taskLabel($task))</a></h4>`
		`+ <h4>Information for task <a href="taskinfo?taskID=$task.id">$koji.taskLabel($task)</a></h4>`

		`<table>`
		`<tr>`
		`@@ -130,7 +135,7 @@`
		`#if $taskBuilds`
		`#for $build in $taskBuilds`
		`<tr>`
		`- <th>Build</th><td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($koji.buildLabel($build))</a></td>`
		`+ <th>Build</th><td><a href="buildinfo?buildID=$build.build_id">$koji.buildLabel($build)</a></td>`
		`</tr>`
		`#end for`
		`#end if`
		`@@ -173,9 +178,9 @@`
		`<td>`
		`#if $owner`
		`#if $owner.usertype == $koji.USERTYPES['HOST']`
		`- <a href="hostinfo?userID=$owner.id">$util.escapeHTML($owner.name)</a>`
		`+ <a href="hostinfo?userID=$owner.id">$owner.name</a>`
		`#else`
		`- <a href="userinfo?userID=$owner.id">$util.escapeHTML($owner.name)</a>`
		`+ <a href="userinfo?userID=$owner.id">$owner.name</a>`
		`#end if`
		`#end if`
		`</td>`
		`@@ -184,7 +189,7 @@`
		`<th>Channel</th>`
		`<td>`
		`#if $task.channel_id`
		`- <a href="channelinfo?channelID=$task.channel_id">$util.escapeHTML($channelName)</a>`
		`+ <a href="channelinfo?channelID=$task.channel_id">$channelName</a>`
		`#end if`
		`</td>`
		`</tr>`
		`@@ -192,12 +197,12 @@`
		`<th>Host</th>`
		`<td>`
		`#if $task.host_id`
		`- <a href="hostinfo?hostID=$task.host_id">$util.escapeHTML($hostName)</a>`
		`+ <a href="hostinfo?hostID=$task.host_id">$hostName</a>`
		`#end if`
		`</td>`
		`</tr>`
		`<tr>`
		`- <th>Arch</th><td>$util.escapeHTML($task.arch)</td>`
		`+ <th>Arch</th><td>$task.arch</td>`
		`</tr>`
		`#if $buildroots`
		`<tr>`
		`@@ -213,7 +218,7 @@`
		`<th>Parent</th>`
		`<td>`
		`#if $parent`
		`- <a href="taskinfo?taskID=$parent.id" class="task$util.taskState($parent.state)">$util.escapeHTML($koji.taskLabel($parent))</a>`
		`+ <a href="taskinfo?taskID=$parent.id" class="task$util.taskState($parent.state)">$koji.taskLabel($parent)</a>`
		`#end if`
		`</td>`
		`</tr>`

www/kojiweb/tasks.chtml

file modified

+44 -21

		`@@ -1,6 +1,8 @@`
		`#import koji`
		`#from kojiweb import util`
		`+ #from kojiweb.util import SafeValue as S`

		`+ #@util.safe_return`
		`#def printChildren($taskID, $childMap)`
		`#set $iter = 0`
		`#set $children = $childMap[$str($taskID)]`
		`@@ -16,7 +18,7 @@`
		`#set $childState = $util.taskState($child.state)`
		`<span class="treeBranch">`
		`<span class="treeLabel">`
		`- <a href="taskinfo?taskID=$child.id" class="task$childState" title="$childState">$util.escapeHTML($koji.taskLabel($child))</a>`
		`+ <a href="taskinfo?taskID=$child.id" class="task$childState" title="$childState">$koji.taskLabel($child)</a>`
		`</span>`
		`</span>`
		`$printChildren($child.id, $childMap)`
		`@@ -26,6 +28,7 @@`
		`#end if`
		`#end def`

		`+ #@util.safe_return`
		`#def headerPrefix($state)`
		`#if $state == 'active'`
		`Active`
		`@@ -40,7 +43,27 @@`

		`#include "includes/header.chtml"`

		- <h4>$headerPrefix($state) #if $view == 'toplevel' then 'toplevel' else ''# #if $method != 'all' then $method else ''# Tasks#if $ownerObj then ' owned by <a href="userinfo?userID=%i">%s</a>' % ($ownerObj.id, $util.escapeHTML($ownerObj.name)) else ''##if $host then ' on host <a href="hostinfo?hostID=%i">%s</a>' % ($host.id, $util.escapeHTML($host.name)) else ''# #if $channel then ' in channel <a href="channelinfo?channelID=%i">%s</a>' % ($channel.id, $util.escapeHTML($channel.name)) else ''#</h4>
		`+ #@util.safe_return`
		`+ #def getDescription()`
		`+ $headerPrefix($state)`
		`+ #if $view == 'toplevel'`
		`+ toplevel`
		`+ #end if`
		`+ #if $method != 'all'`
		`+ $method Tasks`
		`+ #end if`
		`+ #if $ownerObj`
		`+ owned by <a href="userinfo?userID=$ownerObj.id">$ownerObj.name</a>`
		`+ #end if`
		`+ #if $host`
		`+ on host <a href="hostinfo?hostID=$host.id">$host.name</a>`
		`+ #end if`
		`+ #if $channel`
		`+ in channel <a href="channelinfo?channelID=$channel.id">$channel.name</a>`
		`+ #end if`
		`+ #end def`
		`+`
		`+ <h4>$getDescription()</h4>`

		`<table class="data-list">`
		`<tr>`
		`@@ -53,23 +76,23 @@`
		`<select name="state" class="filterlist" onchange="javascript: window.location = 'tasks?state=' + this.value + '$util.passthrough_except($self, 'state')';">`
		`<option value="active" $util.toggleSelected($self, $state, 'active')>active</option>`
		`<option value="all" $util.toggleSelected($self, $state, 'all')>all</option>`
		`- <option value="free" #if $state == 'free' then 'selected="selected"' else ''#>free</option>`
		`- <option value="open" #if $state == 'open' then 'selected="selected"' else ''#>open</option>`
		`- <option value="closed" #if $state == 'closed' then 'selected="selected"' else ''#>closed</option>`
		`- <option value="failed" #if $state == 'failed' then 'selected="selected"' else ''#>failed</option>`
		`- <option value="canceled" #if $state == 'canceled' then 'selected="selected"' else ''#>canceled</option>`
		`- <option value="assigned" #if $state == 'assigned' then 'selected="selected"' else ''#>assigned</option>`
		`+ <option value="free" #if $state == 'free' then 'selected' else ''#>free</option>`
		`+ <option value="open" #if $state == 'open' then 'selected' else ''#>open</option>`
		`+ <option value="closed" #if $state == 'closed' then 'selected' else ''#>closed</option>`
		`+ <option value="failed" #if $state == 'failed' then 'selected' else ''#>failed</option>`
		`+ <option value="canceled" #if $state == 'canceled' then 'selected' else ''#>canceled</option>`
		`+ <option value="assigned" #if $state == 'assigned' then 'selected' else ''#>assigned</option>`
		`</select>`
		`</td><td>`
		`<strong>Owner</strong>:`
		`</td><td>`
		`<select name="owner" class="filterlist" onchange="javascript: window.location = 'tasks?owner=' + this.value + '$util.passthrough_except($self, 'owner')';">`
		`- <option value="" #if not $owner then 'selected="selected"' else ''#>everyone</option>`
		`+ <option value="" #if not $owner then 'selected' else ''#>everyone</option>`
		`#if $loggedInUser`
		`<option value="$loggedInUser.name">me</option>`
		`#end if`
		`#for $user in $users`
		`- <option value="$user.name" #if $user.name == $owner then 'selected="selected"' else ''#>$util.escapeHTML($user.name)</option>`
		`+ <option value="$user.name" #if $user.name == $owner then 'selected' else ''#>$user.name</option>`
		`#end for`
		`</select>`
		`</td></tr>`
		`@@ -86,7 +109,7 @@`
		`#elif $task_type == 'wrapperRPM' and not ($mavenEnabled or $winEnabled)`
		`#continue`
		`#else`
		`- <option value="$task_type" #if $method == $task_type then 'selected="selected"' else ''#>$task_type</option>`
		`+ <option value="$task_type" #if $method == $task_type then 'selected' else ''#>$task_type</option>`
		`#end if`
		`#end for`
		`</select>`
		`@@ -111,7 +134,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'tasks?start=' + this.value * $taskRange + '$util.passthrough_except($self)';">`
		`#for $pageNum in $taskPages`
		`- <option value="$pageNum"#if $pageNum == $taskCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $taskCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -129,8 +152,8 @@`
		`<form class="pageJump" action="">`
		`Page:`
		`<select onchange="javascript: window.location = 'tasks?start=' + this.value * $taskRange + '$util.passthrough_except($self)';">`
		`- <option value="0"#if 0 == $taskCurrentPage then ' selected="selected"' else ''#>#echo 1#</option>`
		`- <option value="1"#if 1 == $taskCurrentPage then ' selected="selected"' else ''#>#echo "load more"#</option>`
		`+ <option value="0"#if 0 == $taskCurrentPage then ' selected' else ''#>#echo 1#</option>`
		`+ <option value="1"#if 1 == $taskCurrentPage then ' selected' else ''#>#echo "load more"#</option>`
		`</select>`
		`</form>`
		`<strong>Tasks #echo $taskStart + 1 # through #echo $taskStart + $taskCount# of ???</strong>`
		`@@ -151,17 +174,17 @@`
		`<tr class="$util.rowToggle($self)">`
		`#set $taskState = $util.taskState($task.state)`
		`<td>$task.id</td>`
		`- <td#if $treeDisplay then ' class="tree"' else ''#>`
		`- #if $treeDisplay then ' ' else ''#<a href="taskinfo?taskID=$task.id" class="task$taskState" title="$taskState">$util.escapeHTML($koji.taskLabel($task))</a>`
		`+ <td#if $treeDisplay then S(' class="tree"') else ''#>`
		`+ #if $treeDisplay then ' ' else ''#<a href="taskinfo?taskID=$task.id" class="task$taskState" title="$taskState">$koji.taskLabel($task)</a>`
		`#if $treeDisplay`
		`$printChildren($task.id, $task.descendents)`
		`#end if`
		`</td>`
		`<td class="user-$task.owner_name">`
		`#if $task.owner_type == $koji.USERTYPES['HOST']`
		`- <a href="hostinfo?userID=$task.owner">$util.escapeHTML($task.owner_name)</a>`
		`+ <a href="hostinfo?userID=$task.owner">$task.owner_name</a>`
		`#else`
		`- <a href="userinfo?userID=$task.owner">$util.escapeHTML($task.owner_name)</a>`
		`+ <a href="userinfo?userID=$task.owner">$task.owner_name</a>`
		`#end if`
		`</td>`
		`<td>$task.arch</td>`
		`@@ -182,7 +205,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'tasks?start=' + this.value * $taskRange + '$util.passthrough_except($self)';">`
		`#for $pageNum in $taskPages`
		`- <option value="$pageNum"#if $pageNum == $taskCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $taskCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -200,8 +223,8 @@`
		`<form class="pageJump" action="">`
		`Page:`
		`<select onchange="javascript: window.location = 'tasks?start=' + this.value * $taskRange + '$util.passthrough_except($self)';">`
		`- <option value="0"#if 0 == $taskCurrentPage then ' selected="selected"' else ''#>#echo 1#</option>`
		`- <option value="1"#if 1 == $taskCurrentPage then ' selected="selected"' else ''#>#echo "load more"#</option>`
		`+ <option value="0"#if 0 == $taskCurrentPage then ' selected' else ''#>#echo 1#</option>`
		`+ <option value="1"#if 1 == $taskCurrentPage then ' selected' else ''#>#echo "load more"#</option>`
		`</select>`
		`</form>`
		`<strong>Tasks #echo $taskStart + 1 # through #echo $taskStart + $taskCount# of ???</strong>`

www/kojiweb/tasksbyhost.chtml

file modified

+4 -4

		`@@ -14,7 +14,7 @@`
		`#end if`
		`#end for`
		`#if $hostArch`
		`- <a href="tasksbyhost?${util.passthrough($self, 'order')[1:]}">all</a>`
		`+ <a href="tasksbyhost?${util.passthrough($self, 'order', prefix='')}">all</a>`
		`#else`
		`<strong>all</strong>`
		`#end if`
		`@@ -27,7 +27,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'tasksbyhost?start=' + this.value * $hostRange + '$util.passthrough($self, 'order', 'hostArch')';">`
		`#for $pageNum in $hostPages`
		`- <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -51,7 +51,7 @@`
		`#if $len($hosts) > 0`
		`#for $host in $hosts`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></td>`
		`+ <td><a href="hostinfo?hostID=$host.id">$host.name</a></td>`
		`<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $host.tasks#" height="15" class="graphrow" alt="graph row"/></td>`
		`<td>$host.tasks</td>`
		`</tr>`
		`@@ -68,7 +68,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'tasksbyhost?start=' + this.value * $hostRange + '$util.passthrough($self, 'order', 'hostArch')';">`
		`#for $pageNum in $hostPages`
		`- <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $hostCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/tasksbyuser.chtml

file modified

+3 -3

		`@@ -11,7 +11,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'tasksbyuser?start=' + this.value * $userRange + '$util.passthrough($self, 'order')';">`
		`#for $pageNum in $userPages`
		`- <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -35,7 +35,7 @@`
		`#if $len($users) > 0`
		`#for $user in $users`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="userinfo?userID=$user.id">$util.escapeHTML($user.name)</a></td>`
		`+ <td><a href="userinfo?userID=$user.id">$user.name</a></td>`
		`<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $user.tasks#" height="15" class="graphrow" alt="graph row"/></td>`
		`<td>$user.tasks</td>`
		`</tr>`
		`@@ -52,7 +52,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'tasksbyuser?start=' + this.value * $userRange + '$util.passthrough($self, 'order')';">`
		`#for $pageNum in $userPages`
		`- <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/kojiweb/userinfo.chtml

file modified

+7 -7

		`@@ -2,11 +2,11 @@`

		`#include "includes/header.chtml"`

		`- <h4>Information for user <a href="userinfo?userID=$user.id">$util.escapeHTML($user.name)</a></h4>`
		`+ <h4>Information for user <a href="userinfo?userID=$user.id">$user.name</a></h4>`

		`<table>`
		`<tr>`
		`- <th>Name</th><td>$util.escapeHTML($user.name)</td>`
		`+ <th>Name</th><td>$user.name</td>`
		`</tr>`
		`<tr>`
		`<th>ID</th><td>$user.id</td>`
		`@@ -26,7 +26,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'userinfo?packageStart=' + this.value * $packageRange + '$util.passthrough($self, 'userID', 'packageOrder', 'buildOrder', 'buildStart')#packagelist';">`
		`#for $pageNum in $packagePages`
		`- <option value="$pageNum"#if $pageNum == $packageCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $packageCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -47,8 +47,8 @@`
		`</tr>`
		`#for $package in $packages`
		`<tr class="$util.rowToggle($self)">`
		`- <td><a href="packageinfo?packageID=$package.package_id">$util.escapeHTML($package.package_name)</a></td>`
		`- <td><a href="taginfo?tagID=$package.tag_id">$util.escapeHTML($package.tag_name)</a></td>`
		`+ <td><a href="packageinfo?packageID=$package.package_id">$package.package_name</a></td>`
		`+ <td><a href="taginfo?tagID=$package.tag_id">$package.tag_name</a></td>`
		`<td class="$str(not $package.blocked).lower()">#if $package.blocked then $util.imageTag('no') else $util.imageTag('yes')#</td>`
		`</tr>`
		`#end for`
		`@@ -70,7 +70,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'userinfo?buildStart=' + this.value * $buildRange + '$util.passthrough($self, 'userID', 'buildOrder', 'packageOrder', 'packageStart')#buildlist';">`
		`#for $pageNum in $buildPages`
		`- <option value="$pageNum"#if $pageNum == $buildCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $buildCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -92,7 +92,7 @@`
		`#for $build in $builds`
		`<tr class="$util.rowToggle($self)">`
		`#set $stateName = $util.stateName($build.state)`
		`- <td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($build.nvr)</a></td>`
		`+ <td><a href="buildinfo?buildID=$build.build_id">$build.nvr</a></td>`
		`<td>$util.formatTime($build.completion_ts)</td>`
		`<td class="$stateName">$util.stateImage($build.state)</td>`
		`</tr>`

www/kojiweb/users.chtml

file modified

+4 -4

		`@@ -16,7 +16,7 @@`
		`\|`
		`#end for`
		`#if $prefix`
		`- <a href="users?${util.passthrough($self, 'order')[1:]}">all</a>`
		`+ <a href="users?${util.passthrough($self, 'order', prefix='')}">all</a>`
		`#else`
		`<strong>all</strong>`
		`#end if`
		`@@ -29,7 +29,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'users?start=' + this.value * $userRange + '$util.passthrough($self, 'order', 'prefix')';">`
		`#for $pageNum in $userPages`
		`- <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`
		`@@ -56,7 +56,7 @@`
		`#for $user in $users`
		`<tr class="$util.rowToggle($self)">`
		`<td>$user.id</td>`
		`- <td><a href="userinfo?userID=$quote($user.name)">$util.escapeHTML($user.name)</a></td>`
		`+ <td><a href="userinfo?userID=$quote($user.name)">$user.name</a></td>`
		`<td><a href="packages?userID=$quote($user.name)">view</a></td>`
		`<td><a href="builds?userID=$quote($user.name)">view</a></td>`
		`<td><a href="tasks?owner=$quote($user.name)">view</a></td>`
		`@@ -74,7 +74,7 @@`
		`Page:`
		`<select onchange="javascript: window.location = 'users?start=' + this.value * $userRange + '$util.passthrough($self, 'order', 'prefix')';">`
		`#for $pageNum in $userPages`
		`- <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected="selected"' else ''#>#echo $pageNum + 1#</option>`
		`+ <option value="$pageNum"#if $pageNum == $userCurrentPage then ' selected' else ''#>#echo $pageNum + 1#</option>`
		`#end for`
		`</select>`
		`</form>`

www/lib/kojiweb/util.py

file modified

+87 -34

		`@@ -29,6 +29,7 @@`
		`# a bunch of exception classes that explainError needs`
		`from socket import error as socket_error`
		`from xml.parsers.expat import ExpatError`
		`+ from functools import wraps`

		`import Cheetah.Template`

		`@@ -53,6 +54,7 @@`
		`values['pageID'] = pageID`
		`values['currentDate'] = str(datetime.datetime.now())`
		`values['literalFooter'] = environ['koji.options'].get('LiteralFooter', True)`
		`+ values['terms'] = ''`
		`themeCache.clear()`
		`themeInfo.clear()`
		`themeInfo['name'] = environ['koji.options'].get('KojiTheme', None)`
		`@@ -91,23 +93,51 @@`
		`return ret`


		`- class DecodeUTF8(Cheetah.Filters.Filter):`
		`- def filter(self, args, *kw):`
		`- """Convert all strs to unicode objects"""`
		`- result = super(DecodeUTF8, self).filter(args, *kw)`
		`- if isinstance(result, str):`
		`- pass`
		`+ class EscapeFilter(Cheetah.Filters.Filter):`
		`+ def filter(self, val, args, *kw):`
		`+ """Apply html escaping to most values"""`
		`+ if isinstance(val, SafeValue):`
		`+ result = str(val.value)`
		`else:`
		`- result = result.decode('utf-8', 'replace')`
		`+ result = escapeHTML(val)`
		`return result`

		`- # Escape ampersands so the output can be valid XHTML`
		`+`
		`+ class SafeValue:`
		`+`
		`+ def __init__(self, value):`
		`+ if isinstance(value, SafeValue):`
		`+ self.value = value.value`
		`+ else:`
		`+ self.value = value`
		`+`
		`+ def __str__(self):`
		`+ return str(self.value)`
		`+`
		`+ def __repr__(self):`
		`+ return "SafeValue(%r)" % self.value`
		`+`
		`+ def __add__(self, other):`
		`+ if not isinstance(other, SafeValue):`
		`+ raise ValueError('Adding safe and nonsafe value')`
		`+ return SafeValue(self.value + other.value)`
		`+`
		`+ def __iadd__(self, other):`
		`+ if not isinstance(other, SafeValue):`
		`+ raise ValueError('Adding safe and nonsafe value')`
		`+ self.value += other.value`
		`+ return self`
		`+`
		`+ def __len__(self):`
		`+ # mainly needed for boolean evaluation in templates`
		`+ return len(self.value)`


		`- class XHTMLFilter(DecodeUTF8):`
		`- def filter(self, args, *kw):`
		`- result = super(XHTMLFilter, self).filter(args, *kw)`
		`- return re.sub(r'&(?![a-zA-Z0-9#]+;)', '&', result)`
		`+ def safe_return(func):`
		`+ @wraps(func)`
		`+ def _safe(args, *kwargs):`
		`+ return SafeValue(func(args, *kwargs))`
		`+ return _safe`


		`TEMPLATES = {}`
		`@@ -143,7 +173,7 @@`
		`if not tmpl_class:`
		`tmpl_class = Cheetah.Template.Template.compile(file=fileName)`
		`TEMPLATES[fileName] = tmpl_class`
		`- tmpl_inst = tmpl_class(namespaces=[environ['koji.values']], filter=XHTMLFilter)`
		`+ tmpl_inst = tmpl_class(namespaces=[environ['koji.values']], filter=EscapeFilter)`
		`return tmpl_inst.respond()`


		`@@ -187,6 +217,7 @@`
		`return sortKey`


		`+ @safe_return # avoid escaping quotes`
		`def toggleSelected(template, var, option, checked=False):`
		`"""`
		`If the passed in variable var equals the literal value in option,`
		`@@ -203,6 +234,7 @@`
		`return ''`


		`+ @safe_return`
		`def sortImage(template, sortKey, orderVar='order'):`
		`"""`
		`Return an html img tag suitable for inclusion in the sortKey of a sortable table,`
		`@@ -219,15 +251,20 @@`
		`return ''`


		`- def passthrough(template, *vars):`
		`+ @safe_return`
		`+ def passthrough(template, *vars, prefix='&'):`
		`"""`
		`- Construct a string suitable for use as URL`
		`- parameters. For each variable name in *vars,`
		`- if the template has a corresponding non-None value,`
		`- append that name-value pair to the string. The name-value`
		`- pairs will be separated by ampersands (&), and prefixed by`
		`- an ampersand if there are any name-value pairs. If there`
		`- are no name-value pairs, an empty string will be returned.`
		`+ Construct a url parameter string from template vars`
		`+`
		`+ Forms a url parameter string like '&key=value&key2=value' where`
		`+ the keys are the requested variable names and the values are pulled`
		`+ from the template vars.`
		`+`
		`+ None/missing values are omitted`
		`+`
		`+ If there are no non-None values, an empty string is returned`
		`+`
		`+ The prefix value (default '&') is prepended if any values were found`
		`"""`
		`result = []`
		`for var in vars:`
		`@@ -240,12 +277,14 @@`
		`value = urllib.parse.quote(value)`
		`result.append('%s=%s' % (var, value))`
		`if result:`
		`- return '&' + '&'.join(result)`
		`+ if prefix is None:`
		`+ prefix = ''`
		`+ return prefix + '&'.join(result)`
		`else:`
		`return ''`


		`- def passthrough_except(template, *exclude):`
		`+ def passthrough_except(template, *exclude, prefix='&'):`
		`"""`
		`Construct a string suitable for use as URL`
		`parameters. The template calling this method must have`
		`@@ -259,7 +298,7 @@`
		`for var in template._PASSTHROUGH:`
		`if var not in exclude:`
		`passvars.append(var)`
		`- return passthrough(template, *passvars)`
		`+ return passthrough(template, *passvars, prefix=prefix)`


		`def sortByKeyFuncNoneGreatest(key):`
		`@@ -413,8 +452,10 @@`
		`return koji.BUILD_STATES[stateID].lower()`


		`+ @safe_return`
		`def imageTag(name):`
		`"""Return an img tag that loads an icon with the given name"""`
		`+ name = escapeHTML(name)`
		`return '<img class="stateimg" src="%s" title="%s" alt="%s"/>' \`
		`% (themePath("images/%s.png" % name), name, name)`

		`@@ -557,6 +598,7 @@`
		`return '{:.2f} {}'.format(value, suffix[suff_index])`


		`+ @safe_return`
		`def formatLink(url):`
		`"""Turn a string into an HTML link if it looks vaguely like a URL.`
		`If it doesn't, just return it properly escaped."""`
		`@@ -568,6 +610,7 @@`
		`return url`


		`+ @safe_return`
		`def formatRPM(rpminfo, link=True):`
		`"""Format an rpm dict for display"""`
		`rpminfo = rpminfo.copy()`
		`@@ -581,7 +624,7 @@`
		`rpminfo['suffix'] = ''`
		`label = escapeHTML("%(name)s-%(epoch)s%(version)s-%(release)s.%(arch)s%(suffix)s" % rpminfo)`
		`if link:`
		`- rpm_id = rpminfo['id']`
		`+ rpm_id = urllib.parse.quote(str(rpminfo['id']))`
		`return f'<a href="rpminfo?rpmID={rpm_id}">{label}</a>'`
		`else:`
		`return label`
		`@@ -650,8 +693,10 @@`
		`" : "`
		`' : '`
		`"""`
		`+ if isinstance(value, SafeValue):`
		`+ return value.value`
		`if not value:`
		`- return value`
		`+ return str(value)`

		`value = koji.fixEncoding(str(value))`
		`return re.sub(r'&(?![a-zA-Z0-9#]+;)', '&', value).\`
		`@@ -661,6 +706,7 @@`
		`replace("'", ''')`


		`+ @safe_return`
		`def authToken(template, first=False, form=False):`
		`"""Return the current authToken if it exists.`
		`If form is True, return it enclosed in a hidden input field.`
		`@@ -669,6 +715,7 @@`
		`with &. If no authToken exists, return an empty string."""`
		`token = template.getVar('authToken', default=None)`
		`if token is not None:`
		`+ token = escapeHTML(token)`
		`if form:`
		`return '<input type="hidden" name="a" value="%s"/>' % token`
		`if first:`
		`@@ -752,7 +799,7 @@`
		`- empty_str_placeholder`
		`"""`

		`- def __init__(self, text='', size=None, need_escape=None, begin_tag='',`
		`+ def __init__(self, text='', size=None, need_escape=True, begin_tag='',`
		`end_tag='', composer=None, empty_str_placeholder=None):`
		`self.text = text`
		`if size is None:`
		`@@ -798,7 +845,7 @@`
		`- composer`
		`"""`

		`- def __init__(self, fragments=None, need_escape=None, begin_tag='',`
		`+ def __init__(self, fragments=None, need_escape=True, begin_tag='',`
		`end_tag='<br />', composer=None):`
		`if fragments is None:`
		`self.fragments = []`
		`@@ -849,10 +896,12 @@`
		`end_tag = ''`
		`need_escape = True`
		`if key in ('brootid', 'buildroot_id'):`
		`- _str = str(value)`
		`- begin_tag = '<a href="buildrootinfo?buildrootID=%s">' % _str`
		`- end_tag = '</a>'`
		`+ # do the escaping ourselves since we include html`
		`need_escape = False`
		`+ brid = urllib.parse.quote(str(value))`
		`+ _str = escapeHTML(value)`
		`+ begin_tag = '<a href="buildrootinfo?buildrootID=%s">' % brid`
		`+ end_tag = '</a>'`
		`elif isinstance(value, list):`
		`_str = sep.join([str(val) for val in value])`
		`elif isinstance(value, dict):`
		`@@ -890,6 +939,7 @@`
		`max_abbr_len = default_max_abbr_result_len`

		`postscript_fragment = TaskResultFragment(`
		`+ need_escape=False,`
		`text='...', end_tag='</a>',`
		`begin_tag='<a href="#" collapse" %s %s>' % (`
		`'id="toggle-full-result"',`
		`@@ -922,6 +972,7 @@`
		`_str = "%s: %s" % (exc_class.__name__, str(result))`
		`fragment = TaskResultFragment(text=_str, need_escape=True)`
		`line = TaskResultLine(fragments=[fragment],`
		`+ need_escape=False, # fragment already escaped`
		`begin_tag='<pre>', end_tag='</pre>')`
		`lines.append(line)`
		`elif isinstance(result, dict):`
		`@@ -947,18 +998,20 @@`
		`for k, v in result.items():`
		`if k == 'properties':`
		`_str = "properties = %s" % _parse_properties(v)`
		`- fragment = TaskResultFragment(text=_str)`
		`+ fragment = TaskResultFragment(text=_str, need_escape=False)`
		`line = TaskResultLine(fragments=[fragment], need_escape=True)`
		`elif k != '__starstar':`
		`val_fragment = _parse_value(k, v)`
		`key_fragment = TaskResultFragment(text=k, need_escape=True)`
		`+ # fragment already escaped`
		`line = TaskResultLine(fragments=[key_fragment, val_fragment],`
		`need_escape=False, composer=composer)`
		`lines.append(line)`
		`else:`
		`if result is not None:`
		`fragment = _parse_value('', result)`
		`- line = TaskResultLine(fragments=[fragment])`
		`+ # fragment already escaped`
		`+ line = TaskResultLine(fragments=[fragment], need_escape=False)`
		`lines.append(line)`

		`if not lines:`
		`@@ -986,4 +1039,4 @@`
		`total_abbr_lines += 1`
		`total_abbr_len += line_len`

		`- return full_ret_str, abbr_ret_str`
		`+ return SafeValue(full_ret_str), SafeValue(abbr_ret_str)`

koji

#4216 Backport CVE-2024-9427 fix for 1.34

Closed 6 months ago by mikem. Opened 6 months ago by mikem.

mikem/koji web-more-escapes.release-1.34 into koji-1.34-updates

Metadata

Changes Summary 57

koji

Source Code

Documentation

#4216 Backport CVE-2024-9427 fix for 1.34 Closed 6 months ago by mikem. Opened 6 months ago by mikem. mikem/koji web-more-escapes.release-1.34 into koji-1.34-updates

Metadata

Changes Summary 57

#4216 Backport CVE-2024-9427 fix for 1.34

Closed 6 months ago by mikem. Opened 6 months ago by mikem.

mikem/koji web-more-escapes.release-1.34 into koji-1.34-updates