[Xerte-dev] Re: Fixes last night (XOT)

Julian Tenney Julian.Tenney at nottingham.ac.uk
Tue Mar 6 10:10:39 GMT 2012 

I'll have a look. There are feeds, I'm not sure if they reflect updated statuses.

-----Original Message-----
From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of David Goodwin
Sent: 06 March 2012 10:05
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Fixes last night (XOT)

Julian - 

Assuming you are the Google code boss - can you set GoogleCode up so issue(s) are cc'ed to this mailing list automatically? Does it provide any sort of integration between tickets and the mailing list?

It's a bit annoying having to notify the list that a ticket has been created or changed or whatever.

thanks,

David.

On 6 Mar 2012, at 08:10, Ron Mitchell wrote:

> I added this to the issue page but thought I'd post here too....
> 
> Not sure it's practical to have a whitelist - too many potential urls that
> users might add to the relevant XOT page and unrealistic for someone with
> access to the code or management.php to keep adding new allowed url's upon
> request. Isn't there a way to restrict rss_proxy.php so that it can't be
> accessed via browser and can only be called from relevant XOT code?
> 
> Sorry I might be mis-understanding the risk but in a big college or
> University I can't see it being practical to have and manage a whitelist.
> 
> HTH
> Ron
> 
> -----Original Message-----
> From: xerte-dev-bounces at lists.nottingham.ac.uk
> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of David Goodwin
> Sent: 06 March 2012 07:38
> To: For Xerte technical developers
> Subject: [Xerte-dev] Fixes last night (XOT)
> 
> Hi
> 
> I made some fixes to XOT trunk last night - so you can at least install and
> login as a new user. (I did a full install and used demo.php to login).
> Again this breakage was due to merging by the looks of it. 
> 
> The installer will now remove any existing xerte db tables if they exist
> before trying to create then. 
> 
> The installer now tries to strongly suggest to people that they delete the
> setup folder. Can we change the installer so it aborts if someone has an
> existing database.php file or something so making deletion unnecessary?
> (obviously I can code it to - but is this an ok thing to do ?)
> 
> 
> I've also created an issue on the google issue tracker covering a security
> problem in proxy_rss.php. Does XOT store a list of all remote urls someone
> may want to request anywhere so we can have a whitelist of good urls - at
> the moment someone can use proxy_rss.php to fetch any remote URL. 
> 
> Thanks
> David 
> 
> David Goodwin
> Pale Purple Ltd. 
> http://www.palepurple.co.uk
> 0845 0046746
> 07792 380669
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
> 
> This message and any attachment are intended solely for the addressee and
> may contain confidential information. If you have received this message in
> error, please send it back to me, and immediately delete it.   Please do not
> use, copy or disclose the information contained in this message or in any
> attachment.  Any views or opinions expressed by the author of this email do
> not necessarily reflect the views of the University of Nottingham.
> 
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
> 
> 
> 
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev

Pale Purple Ltd.  (Company No: 5580814)
'Business Web Application Development and Training in PHP'

http://www.palepurple.co.uk   
Office: 0845 0046746     Mobile: 07792380669 

Follow us on Twitter: @PalePurpleLtd


_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev

More information about the Xerte-dev mailing list