Merge commit '920dd1083' into anoa/dinsic_release_1_21_x

* commit '920dd1083': 1.20.1 Mark the shadow_banned column as boolean in synapse_port_db. (#8386) Hotfix: disable autoescape by default when rendering Jinja2 templates (#8394)
matrix-org · Oct 21, 2020 · d70f909 · d70f909
2 parents 3729b15 + 920dd10
commit d70f909
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 3 deletions.
diff --git a/.buildkite/test_db.db b/.buildkite/test_db.db
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,13 @@
+Synapse 1.20.1 (2020-09-24)
+===========================
+
+Bugfixes
+--------
+
+- Fix a bug introduced in v1.20.0 which caused the `synapse_port_db` script to fail. ([\#8386](https://github.com/matrix-org/synapse/issues/8386))
+- Fix URLs being accidentally escaped in Jinja2 templates. Broke in v1.20.0. ([\#8394](https://github.com/matrix-org/synapse/issues/8394))
+
+
 Synapse 1.20.0 (2020-09-22)
 ===========================
 

diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.20.1) stable; urgency=medium
+
+  * New synapse release 1.20.1.
+
+ -- Synapse Packaging team <packages@matrix.org>  Thu, 24 Sep 2020 16:25:22 +0100
+
 matrix-synapse-py3 (1.20.0) stable; urgency=medium
 
   [ Synapse Packaging team ]

diff --git a/scripts/synapse_port_db b/scripts/synapse_port_db
@@ -90,6 +90,7 @@ BOOLEAN_COLUMNS = {
     "redactions": ["have_censored"],
     "room_stats_state": ["is_federatable"],
     "local_media_repository": ["safe_from_quarantine"],
+    "users": ["shadow_banned"],
 }
 
 

diff --git a/synapse/__init__.py b/synapse/__init__.py
@@ -48,7 +48,7 @@
 except ImportError:
     pass
 
-__version__ = "1.20.0"
+__version__ = "1.20.1"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when

diff --git a/synapse/config/_base.py b/synapse/config/_base.py
@@ -195,7 +195,10 @@ def read_file(cls, file_path, config_name):
             return file_stream.read()
 
     def read_templates(
-        self, filenames: List[str], custom_template_directory: Optional[str] = None,
+        self,
+        filenames: List[str],
+        custom_template_directory: Optional[str] = None,
+        autoescape: bool = False,
     ) -> List[jinja2.Template]:
         """Load a list of template files from disk using the given variables.
 
@@ -211,6 +214,9 @@ def read_templates(
             custom_template_directory: A directory to try to look for the templates
                 before using the default Synapse template directory instead.
 
+            autoescape: Whether to autoescape variables before inserting them into the
+                template.
+
         Raises:
             ConfigError: if the file's path is incorrect or otherwise cannot be read.
 
@@ -234,7 +240,7 @@ def read_templates(
             search_directories.insert(0, custom_template_directory)
 
         loader = jinja2.FileSystemLoader(search_directories)
-        env = jinja2.Environment(loader=loader, autoescape=True)
+        env = jinja2.Environment(loader=loader, autoescape=autoescape)
 
         # Update the environment with our custom filters
         env.filters.update(

diff --git a/synapse/config/saml2_config.py b/synapse/config/saml2_config.py
@@ -169,6 +169,12 @@ def read_config(self, config, **kwargs):
             saml2_config.get("saml_session_lifetime", "15m")
         )
 
+        # We enable autoescape here as the message may potentially come from a
+        # remote resource
+        self.saml2_error_html_template = self.read_templates(
+            ["saml_error.html"], saml2_config.get("template_dir"), autoescape=True
+        )[0]
+
     def _default_saml_config_dict(
         self, required_attributes: set, optional_attributes: set
     ):