Merge latest changes.

Author: schlatterbeck

CHANGES.txt

@@ -1,9 +1,9 @@
-This file contains the changes to the Roundup system over time. 
-The entries are given with the most recent entry first. 
-Each entry has the deveoper who committed the change in brackets.
+This file contains significant changes to Roundup over time.
+Entries are given with the most recent entry first.
+Each entry has the developer who committed the change in brackets.
 Entries without name were done by Richard Jones.
 
-2011-XX-XX: 1.4.20
+2012-XX-XX: 1.4.20
 
 Features:
 
@@ -12,14 +12,14 @@ Features:
   chameleon in the config). A new config-option "template_engine" under
   [main] can take these config-options, the default is zopetal.
   Thanks to Cheer Xiao for the idea of making this configurable *and*
-  for the actual implementation!
+  for the actual implementation! (Ralf)
 - issue2550678: Allow pagesize=-1 which returns all results.
   Suggested and implemented by John Kristensen. 
   Tested by Satchidanand Haridas. (Bernhard)
 - Allow to turn off translation of generated html options in menu method
   of LinkHTMLProperty and MultilinkHTMLProperty -- default is
   translation as it used to be (Ralf)
-- Sending of PGP-Encrypted mail to all users or selected users (via
+- Sending of OpenPGP encrypted mail to all users or selected users (via
   roles) is now working. (Ralf)
 - Add config-option "nosy" to messages_to_author setting in [nosy]
   section of config: This will send a message to the author only
@@ -45,42 +45,42 @@ Fixed:
   is addressed to [email protected] this would (wrongly) match. (Ralf)
 - issue2550729: Fix password history display for anydbm backend, thanks
   to Ralf Hemmecke for reporting. (Ralf)
-- PGP support is again working (pyme API has changed significantly) and
+- OpenPGP support is again working (pyme API has changed significantly) and
   we now have a regression test. We now take care that bounce-messages
   for incoming encrypted mails or mails where the policy dictates that
-  outgoing traffic should be encrypted is actually pgp-encrypted. (Ralf)
+  outgoing traffic should be encrypted is actually OpenPGP encrypted. (Ralf)
 - Ignore confirm set() fields by themselves in the absence of non-"confirm"
   values; otherwise a bare confirm field can be used to change the a
-  password. Reported by Cam Blackwood.
+  password. Reported by Cam Blackwood. (Ralf)
 - Updated version of simplified Chinese message file by Cheer Xiao:
   Corrected some mistakes, added a few more items and did some
-  formating.
+  formating. (Ralf)
 - Fix xmlrpc URL parsing so that passwords may contain a ':' character
   (Ralf)
 - Be more tolerant when parsing RFC2047 encoded mail headers. Use
   backported version of my proposed changes to
   email.header.decode_header in http://bugs.python.org/issue1079
   (Ralf)
 - issue2550684 Fix XSS vulnerability when username contains HTML code,
-  thanks to Thomas Arendsen Hein for reporting and patch.
+  thanks to Thomas Arendsen Hein for reporting and patch. (Ralf)
 - issue2550711 Fix XSS vulnerability in @action parameter,
-  thanks to "om" for reporting.
+  thanks to "om" for reporting. (Ralf)
 - issue2550535 In some cases even when keep_quoted_text=yes is
   configured we would strip quoted sections. This hit the python
   bug-tracker especially for python interpreter examples with leading
   '>>>' strings. The fix is slightly different compared to the proposal
   as this broke keep_quoted_text=no in certain cases. We also fix a bug
   where keep_quoted_text=no would drop the last line of a non-quoted
-  section if there wasn't an empty line between the next quotes.
+  section if there wasn't an empty line between the next quotes. (Ralf)
 - issue2431638 wrong registration link in bounce mail for non-registered
-  users reported *years* ago by anonymous
+  users reported *years* ago by anonymous (Ralf)
 - Fix doc/upgrading.txt which produces errors with latest docutils about
   wrong block structure. Fix .gitignore in doc directory. Thanks to
-  Cheer Xiao for the patches.
+  Cheer Xiao for the patches. (Ralf)
 - Fix wrong execute permissions on some files, thanks to Cheer Xiao for
-  the patch.
+  the patch. (Ralf)
 - Fix override of TemplatingUtils in instance.py, thanks to Cheer Xiao
-  for the patch.
+  for the patch. (Ralf)
 - Fix another XSS with the "otk" parameter, thanks to Jesse Ruderman for
   reporting. (Ralf)
 - Mark cookies HttpOnly and -- if https is used -- secure. Fixes

demo.py

@@ -105,19 +105,19 @@ def run_demo(home):
     hostname, port = urlparse.urlparse(url)[1].split(':')
     port = int(port)
     success_message = '''Server running - connect to:
-    %s
+    %(url)s
 1. Log in as "demo"/"demo" or "admin"/"admin".
 2. Hit Control-C to stop the server.
-3. Re-start the server by running "roundup-demo" again.
-4. Re-initialise the server by running "roundup-demo nuke".
+3. Re-start the server by running "%(script)s" again.
+4. Re-initialise the server by running "%(script)s nuke".
 
 Demo tracker is set up to be accessed by localhost browser.  If you
 run demo on a server host, please stop the demo, open file
 "demo/config.ini" with your editor, change the host name in the "web"
 option in section "[tracker]", save the file, then re-run the demo
 program. If you want to change backend types, you must use "nuke".
 
-''' % url
+''' % dict(url=url, script=sys.argv[0])
 
     # disable command line processing in roundup_server
     sys.argv = sys.argv[:1] + ['-p', str(port), 'demo=' + home]

doc/announcement.txt

@@ -55,10 +55,10 @@ Roundup requires python 2.4 or later (but not 3+) for correct operation.
 
 To give Roundup a try, just download (see below), unpack and run::
 
-    roundup-demo
+    python demo.py
 
 Release info and download page:
-     http://cheeseshop.python.org/pypi/roundup
+     http://pypi.python.org/pypi/roundup
 Source and documentation is available at the website:
      http://roundup-tracker.org/
 Mailing lists - the place to ask questions: