Mercurial > p > roundup > code
comparison roundup/__init__.py @ 4088:34434785f308
Plug a number of security holes:
- EditCSV and ExportCSV altered to include permission checks
- HTTP POST required on actions which alter data
- HTML file uploads served as application/octet-stream
- New item action reject creation of new users
- Item retirement was not being controlled
Additionally include documentation of the changes and modify affected tests.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Thu, 12 Mar 2009 02:25:03 +0000 |
| parents | 5bf05d2b3cf8 |
| children | 4d1fa6e1fe8c |
comparison
equal
deleted
inserted
replaced
| 4087:1d0d1921f083 | 4088:34434785f308 |
|---|---|
| 66 written by Ka-Ping Yee in the "doc" directory. If nothing else, it has a | 66 written by Ka-Ping Yee in the "doc" directory. If nothing else, it has a |
| 67 much prettier cake :) | 67 much prettier cake :) |
| 68 ''' | 68 ''' |
| 69 __docformat__ = 'restructuredtext' | 69 __docformat__ = 'restructuredtext' |
| 70 | 70 |
| 71 __version__ = '1.4.6' | 71 __version__ = '1.4.7' |
| 72 | 72 |
| 73 # vim: set filetype=python ts=4 sw=4 et si | 73 # vim: set filetype=python ts=4 sw=4 et si |