This was discussed in a separate thread: 1) we changed in order to fix a bug 2) we found that broke backward compatibility and reverted the change 3) we changed again together with other parts of web2py in order to make sure that it does not break backward compatibility
People should test it and if no object the change will stay because it fixes a bug. massimo On Aug 20, 4:35 pm, Michael Wolfe <michael.joseph.wo...@gmail.com> wrote: > Look at revisions 804, 808, and 811 in web2py's hg repos. > > R804: > URL+XML, and oauth1.0 from Michele > > === (+6,-3) gluon/html.py === > @@ -201,8 +201,8 @@ > > if regex_crlf.search(url): > raise SyntaxError, 'CRLF Injection Detected' > - return rewrite.filter_out(url, env) > - > + return XML(rewrite.filter_out(url, env)) > + > > R808: > no more XML in URL, breaks scaffoling app > > === (+2,-2) gluon/html.py === > @@ -201,7 +201,7 @@ > > if regex_crlf.search(url): > raise SyntaxError, 'CRLF Injection Detected' > - return XML(rewrite.filter_out(url, env)) > + return rewrite.filter_out(url, env) > > R811: > fixed problem with URL, thanks Jonathan > > === (+14,-2) gluon/html.py === > @@ -201,7 +201,7 @@ > > if regex_crlf.search(url): > raise SyntaxError, 'CRLF Injection Detected' > - return rewrite.filter_out(url, env) > + return XML(rewrite.filter_out(url, env)) > > So which way is it? I think this still needs to be sorted out. I'm > going back to R803 for the time being. It looks like more than just > that one line needs to be changed, since both versions apparently > cause problems in different areas. > > -Mike
