| changeset | 57325fea9982 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml. defusedxml will be used to moneypatch the problematic client and server modules. Test added using an xml bomb. |
| files |
| changeset | e34b69d75ff7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | doc: more table call alignment; fix formatting |
| files |
| changeset | c3a7b1aa06cf |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | docs: clarify no login rate limit for roundup-xmlrpc-server Login rate limit only available for /xmlrpc endpoint not supplied by roundup-xmlrpc-server endpoint. |
| files |
| changeset | 273c8c2b5042 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection. Failed API login rate limiting with expiring lockout added. |
| files |
| changeset | 924b07252412 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Fix verb agreement, reword. |
| files |
| changeset | db58a86aa29d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Redo headers. Elevete lack of ssl to caution. |
| files |
| changeset | e7b4ad2c57ac |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | landmarks, skiplink, remove bad attrs, autocomplete search layout.html: Add main and nav landmarks to layout templte. Add skiplink to get to main. Remove Description meta tag from layout template in favor of description metadata in individual files. Remove obsolete border attribute from sourceforge logo. Add autocomplete="on" attribute for search input box. doc/*.txt Remove language attribute from description meta tags. These changes also occur for other files not in this commit. Thse other files have changes to files for the 2.2.0 release not yet tobe committed. |
| files |
| changeset | 24e2eeb2ed9a |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Add meta description to some doc pages. Try to improve SEO a bit. Get more users/contributors. |
| files |
| changeset | 45e8d10a9609 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Update links in documentation Only broken link is for whoosh indexer. Have email to author to find out if it's dead or what URL I shoud use. |
| files |
| changeset | 31bac6f2dd8b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Update advanced script to python3; other doc updates |
| files |
| changeset | 81ae33038ec5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | more index entries. |
| files |
| changeset | e2b70d43d0fc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Document issues with xmlrpc security of python built in libraries Added note to changes with better description and link to defusedxml in the xmlrpc doc. |
| files |
| changeset | 94a7669677ae |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | add permissions to control user of rest and xmlrpc API interfaces. issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access' to allow per-user access control to rest and xmlrpc interfaces using roles. Updated all schemas to add these new perms to all authenticated roles. Error conditions in handle_xmlrpc were not working right in manual testing. I tried to make it a little better, but I don't actually understand how the fault xmlrpc object is supposed to be used. So I may have messed something up. I'll try to ping the people who wrote the xmlrpc code to have them review. |
| files |
| changeset | d0689aaa83db |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Applied patch 0038 from issue2550960 to upgrade code examples in documentation to be compatible with both python 2 and 3. Patch supplied by Joseph Myers. |
| files |
| changeset | 6efa6d44c27a |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Add doc for xmlrpc changes and errors related to anti-csrf protections. |
| files |
| changeset | 198b6e810c67 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Eric S. Raymond <esr@thyrsus.com> |
| description | Use Python-3-compatible 'as' syntax for except statements Many raise statements near these are also fixed. So are two ivorrect file encoding marks ('utf8'->'utf-8'). |
| files |
| changeset | 14d8f61e6ef2 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Reimplemented anti-csrf measures by raising exceptions rather than returning booleans. Redoing it using exceptions was the easiest way to return proper xmlrpc fault messages to the clients. Also this code should now properly make values set in the form override values from the database. So no lost work under some circumstances if the csrf requirements are not met. Also this code does a better job of cleaning up old csrf tokens. |
| files |
| changeset | ade4bbc2716d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Update the xmlrpc documentation for use with the CSRF defenses. |
| files |
| changeset | 47cc50617e19 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | doc/xmlrpc: Fix headers |
| files |
| changeset | eeb9572b0508 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | doc: Update XML-RPC documentation with example that points to demo |
| files |
| changeset | f47c35727b3e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Cédric Krier <ced@b2ck.com> |
| description | Add missing doc for xmlrpc schema (fixes issue2550735) |
| files |
| changeset | 57a482110a24 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | doc: Link XMLRPC `filter` doc to User Guide chapter about querying |
| files |
| changeset | 08a5a47855cb |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | Fix XMLRPC endpoint in documentation example (changed in 1.4.21) Thanks Ezio for the notice. |
| files |
| changeset | 609edf9de0a5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | docs: Remove one nesting level from ToC on subpages |
| files |
| changeset | 8ee41c7372e7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | doc: Fix some Sphinx warnings. |
| files |
| changeset | 23de24f57566 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | rouilj |
| description | issue2550749 - the xmlrpc interface is invoked on content type and not url path. Sending any text/xml data to roundup results in invoking the xml-rpc interface, but a REST or other interface could also consume xml data and do something different. So require the use of 'http(s)://.../xmlrpc' uri to trigger the xmlrpc interface. |
| files |
| changeset | 3f251efd5f48 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck) |
| files |
| changeset | a70dbbc7f967 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | Document filter method of xmlrpc interface |
| files |
| changeset | 905faf52a51f |
|---|---|
| branch | |
| bookmark | |
| tag | 1.4.3 |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | fix mysql breakage in 1.4.2 |
| files |
| changeset | 53b922e0d2b7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Justus Pendleton <jpend@users.sourceforge.net> |
| description | typo in docs for xmlrpc |
| files |
| changeset | 257b4eab3bb2 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Justus Pendleton <jpend@users.sourceforge.net> |
| description | Documentation for the XML-RPC interface Also make "all" the default rule again :( |
| files |