merging fix for missing id's on all inputs

Author: rouilj

doc/upgrading.txt

@@ -528,7 +528,7 @@ to::
       self.form_wins = True
       self.add_error_message(' '.join(msg.args))
 
-This escapes the Referer value an prevents it from being
+This escapes the Referer value and prevents it from being
 executed.
 
 .. _CVE-2024-39126:

roundup/cgi/client.py

@@ -1677,8 +1677,8 @@ def handle_csrf(self, api=False):
             if 'HTTP_X_REQUESTED_WITH' not in self.env:
                 logger.error(self._(
                     ''"csrf X-REQUESTED-WITH xmlrpc required header "
-                    ''"check failed for user%s."),
-                             current_user)
+                    ''"check failed for user%(userid)s."),
+                    {"userid": current_user})
                 raise UsageError(self._("Required Header Missing"))
 
         # Expire old csrf tokens now so we don't use them.  These will
@@ -1717,14 +1717,16 @@ def handle_csrf(self, api=False):
         if key is None:  # we do not have an @csrf token
             if enforce == 'required':
                 logger.error(self._(
-                    "Required csrf field missing for user%s"), current_user)
+                    "Required csrf field missing for user%(userid)s"),
+                             {"userid": current_user})
                 raise UsageError(self._(
                     ''"We can't validate your session (csrf failure). "
                     ''"Re-enter any unsaved data and try again."))
             if enforce == 'logfailure':
                 # FIXME include url
-                logger.warning(self._("csrf field not supplied by user%s"),
-                               current_user)
+                logger.warning(self._(
+                    "csrf field not supplied by user%(userid)s"),
+                    {"userid": current_user})
             else:
                 # enforce is either yes or no. Both permit change if token is
                 # missing

website/README.txt

@@ -57,6 +57,17 @@ to free resources:
 
 updating www.roundup-tracker.org
 ---------------------------------
+Note that sourceforge still only has python2 available on it's
+systems. Doc updates probably need to be done by building on local
+machine using modern Sphinx (7.x or greater) and the generated files
+pushed to the website.
+
+Also the files htdocs/ahref* and htdocs/google* have to be copied from
+the current production tree to the new directory so we keep some level
+of analytics.
+
+-----
+
 Site update requires rebuilding HTML files. For that
 `sphinx` is required/
 Hopefully, it is already installed into virtualenv, so

website/www/Makefile

@@ -13,7 +13,8 @@ help:
 # fix that in postprocess
 # also sed index.html to properly format meta og:... entries.
 html: doc_links  ## make standalone HTML files
-	rm -rf html
+	if [ -z "${KEEP_HTML}" ]; then rm -rf html; fi
+	rm -f html/robots.txt  # otherwise sphinx errors
 	mkdir -p $(TMP)/doctrees $(HTML)
 	sphinx-build -n -W -b html -d $(TMP)/doctrees . $(HTML)
         # install searchtools.js into search page.
@@ -23,7 +24,7 @@ html: doc_links  ## make standalone HTML files
 	sed -i -e '/<meta/s/og\\:/og:/' \
              -e '/<meta/s/name="og:/property="og:/' html/index.html
 	cp robots.txt html/robots.txt
-	mkdir html/signatures && cp signatures/*.asc html/signatures
+	mkdir -p html/signatures && cp signatures/*.asc html/signatures
 	cp --no-clobber -r docs/html_extra/. html/docs/.
 	cp htaccess html/.htaccess
 	@echo; \