| Mon, 14 May 2012 14:17:07 +0200 |
Ralf Schlatterbeck |
Fix another XSS with the ok- and error message, see issue2550724.
|
| Thu, 23 Feb 2012 14:55:35 +0100 |
Ralf Schlatterbeck |
Mark cookies HttpOnly and -- if https is used -- secure.
|
| Thu, 05 Jan 2012 16:22:27 +0100 |
Ralf Schlatterbeck |
issue2550711 Fix XSS vulnerability in @action parameter.
|
| Wed, 21 Dec 2011 11:25:40 +0100 |
Ralf Schlatterbeck |
Fix xmlrpc URL parsing so that passwords may contain a ':' character
|
| Fri, 07 Oct 2011 19:08:54 +0000 |
Ralf Schlatterbeck |
- fix handling of traceback mails to the roundup admin
|
| Thu, 11 Aug 2011 19:21:26 +0000 |
Bernhard Reiter |
issue2550715: IndexError when requesting non-existing file via http.
|
| Fri, 15 Jul 2011 14:05:29 +0000 |
Ralf Schlatterbeck |
Fix issue2550691 where a Unix From-Header was sometimes inserted...
|
| Sat, 10 Jul 2010 03:52:22 +0000 |
Richard Jones |
fix actions check for < Python2.6
|
| Thu, 01 Jul 2010 01:41:54 +0000 |
Richard Jones |
fix potential XSS hole
|
| Thu, 08 Apr 2010 14:40:10 +0000 |
Ralf Schlatterbeck |
- fix case where action isn't present in form, e.g., for xmlrpc
|
| Sat, 20 Mar 2010 04:29:45 +0000 |
Richard Jones |
Handle multiple @action values from broken trackers
|
| Fri, 26 Feb 2010 00:38:53 +0000 |
Richard Jones |
more modernisation
|
| Tue, 02 Feb 2010 05:00:42 +0000 |
Richard Jones |
Fix thread safety with stdin in roundup-server
|
| Fri, 29 Jan 2010 05:46:59 +0000 |
Richard Jones |
fixes to make registration work again
|
| Fri, 29 Jan 2010 05:12:46 +0000 |
Richard Jones |
allow Anonymous users to log in, and register
|
| Fri, 29 Jan 2010 05:03:48 +0000 |
Richard Jones |
Fix "Web Access" permission check to allow serving of static files to Anonymous again
|
| Mon, 30 Nov 2009 21:55:59 +0000 |
Ralf Schlatterbeck |
Fix traceback on .../msgN/ url...
|
| Fri, 09 Oct 2009 13:51:35 +0000 |
Stefan Seefeld |
Improve login failure response.
|
| Fri, 09 Oct 2009 13:13:32 +0000 |
Stefan Seefeld |
Improve error reporting.
|
| Fri, 09 Oct 2009 13:06:43 +0000 |
Stefan Seefeld |
Robustify web interface.
|
| Sun, 19 Jul 2009 22:56:30 +0000 |
Stefan Seefeld |
Move db.commit() call from handle_xmlrpc() to individual methods...
|
| Tue, 14 Jul 2009 13:52:38 +0000 |
Stefan Seefeld |
Reopen session with database.
|
| Tue, 30 Jun 2009 01:32:06 +0000 |
Stefan Seefeld |
Fix issue2550552.
|
| Tue, 17 Mar 2009 22:56:38 +0000 |
Richard Jones |
bug introduced in the migration to the email package (issue 2550531)
|
| Fri, 13 Mar 2009 22:39:02 +0000 |
Stefan Seefeld |
Address issue2550528.
|
| Thu, 12 Mar 2009 02:25:03 +0000 |
Richard Jones |
Plug a number of security holes:
|
| Fri, 27 Feb 2009 17:46:47 +0000 |
Stefan Seefeld |
XMLRPC improvements:
|
| Wed, 25 Feb 2009 18:17:39 +0000 |
Stefan Seefeld |
* Refactor XMLRPC interface.
|
| Tue, 24 Feb 2009 05:07:03 +0000 |
Stefan Seefeld |
Fix issue2550517
|
| Sun, 22 Feb 2009 01:46:45 +0000 |
Stefan Seefeld |
Uniformly use """...""" instead of '''...''' for comments.
|
| Sun, 22 Feb 2009 01:41:19 +0000 |
Stefan Seefeld |
Add support for resuming (file) downloads.
|
| Tue, 17 Feb 2009 04:32:34 +0000 |
Stefan Seefeld |
Support the use of sendfile() for file transfer, if available.
|
| Tue, 17 Feb 2009 02:38:08 +0000 |
Stefan Seefeld |
Fix typo in last checkin.
|
| Tue, 17 Feb 2009 01:36:11 +0000 |
Stefan Seefeld |
Only feed back traceback to web users if config.WEB_DEBUG is True
|
| Mon, 09 Feb 2009 19:18:47 +0000 |
Stefan Seefeld |
Catch missing page template errors.
|
| Mon, 18 Aug 2008 05:04:02 +0000 |
Richard Jones |
improvements to session management
|
| Sat, 22 Sep 2007 21:20:57 +0000 |
Justus Pendleton |
handle bad cookies
|
| Wed, 12 Sep 2007 16:16:49 +0000 |
Justus Pendleton |
wrap comment to less than 75 chars
|
| Wed, 12 Sep 2007 01:15:07 +0000 |
Justus Pendleton |
per-tracker 404 templating
|
| Tue, 11 Sep 2007 21:30:14 +0000 |
Justus Pendleton |
ignore client shutdown exceptions when sending responses
|
| Mon, 27 Aug 2007 10:27:31 +0000 |
Richard Jones |
Enabled over-riding of content-type in web interface (thanks John Mitchell)
|
| Tue, 16 Jan 2007 10:16:08 +0000 |
Ralf Schlatterbeck |
Real handling of network errors.
|
| Mon, 15 Jan 2007 21:10:26 +0000 |
Ralf Schlatterbeck |
Band-aid over handling of netework errors.
|
| Fri, 29 Dec 2006 08:00:21 +0000 |
Richard Jones |
really fix the last-modified code
|
| Thu, 28 Dec 2006 22:08:45 +0000 |
Richard Jones |
If-Modified-Since handling was broken
|
| Wed, 15 Nov 2006 06:27:15 +0000 |
Alexander Smishlajev |
ignore common network errors, like "Connection reset by peer"
|
| Thu, 09 Nov 2006 00:36:21 +0000 |
Richard Jones |
WSGI support via roundup.cgi.wsgi_handler
|
| Tue, 29 Aug 2006 04:20:50 +0000 |
Richard Jones |
Postgres backend allows transaction collisions to be ignored when...
|
| Tue, 06 Jun 2006 01:44:44 +0000 |
Richard Jones |
handle connection loss when responding to web requests
|
| Thu, 27 Apr 2006 04:03:11 +0000 |
Richard Jones |
reduced frequency of session timestamp update
|
| Thu, 27 Apr 2006 03:48:41 +0000 |
Richard Jones |
dangling connections in session handling [SF#1463359]
|
| Sun, 12 Feb 2006 11:00:23 +0000 |
Alexander Smishlajev |
fix failure with browsers not sending "Accept-Language" header [SF#1429646]
|
| Thu, 09 Feb 2006 23:53:11 +0000 |
Richard Jones |
fixed schema migration problem when Class keys were removed
|
| Wed, 08 Feb 2006 05:33:11 +0000 |
Alexander Smishlajev |
translate error message shown instead of tracebacks, add page title
|
| Wed, 08 Feb 2006 03:47:28 +0000 |
Richard Jones |
login may now be for a single session
|
| Wed, 25 Jan 2006 03:01:51 +0000 |
Richard Jones |
merge from HEAD;
maint-0.8
|
| Wed, 25 Jan 2006 02:59:27 +0000 |
Richard Jones |
catch bad classname in URL (related to [SF#1240541])
|
| Mon, 09 Jan 2006 09:14:27 +0000 |
Alexander Smishlajev |
prefer http authorization over cookie sessions [SF#1396134]
|
| Sat, 03 Dec 2005 09:35:06 +0000 |
Alexander Smishlajev |
add language detection (patch [SF#1360321])
|
| Mon, 18 Jul 2005 02:20:13 +0000 |
Richard Jones |
merge from HEAD
maint-0.8
|
