| Wed, 05 Apr 2017 21:38:32 -0400 |
John Rouillard |
Make properties method return only properties the user can search.
|
| Wed, 05 Apr 2017 21:20:20 -0400 |
John Rouillard |
Iterate over multilink items if they labelprop is accessible to the
|
| Wed, 05 Apr 2017 20:56:08 -0400 |
John Rouillard |
Reimplemented anti-csrf measures by raising exceptions rather than
|
| Mon, 27 Mar 2017 23:04:30 -0400 |
John Rouillard |
Update the xmlrpc documentation for use with the CSRF defenses.
|
| Mon, 27 Mar 2017 22:37:30 -0400 |
John Rouillard |
Added tests for csrf with xmlrpc.
|
| Thu, 23 Mar 2017 21:08:30 -0400 |
John Rouillard |
Add nonce to embedded script references.
|
| Wed, 22 Mar 2017 22:03:01 -0400 |
John Rouillard |
make roundup-admin init function set the transaction source. Otherwise when initial_data.py is loaded as part of init, db.tx_Source is set to None and thus checks like db.tx_Source in [ 'cli' ] will fail.
|
| Mon, 20 Mar 2017 21:22:28 -0400 |
John Rouillard |
test_postgress isn't properly skipping tests when database is not
|
| Mon, 20 Mar 2017 20:18:20 -0400 |
John Rouillard |
Fix text formatting, typos and, English grammar of the descriptive text.
|
| Sun, 19 Mar 2017 20:57:26 -0400 |
John Rouillard |
This change didn't make it into the last commit. Allow the user to
|
| Sun, 19 Mar 2017 19:01:41 -0400 |
John Rouillard |
Added support for SameSite cookie option for CSRF prevention
|
| Sun, 19 Mar 2017 17:10:13 -0400 |
John Rouillard |
Fix expiration dates and expire csrf tokens properly
|
| Sun, 19 Mar 2017 15:32:14 -0400 |
John Rouillard |
Remove csrf keys used with get
|
| Sun, 19 Mar 2017 11:21:21 -0400 |
John Rouillard |
Added .coveragerc to exclude the dist utilites from code coverage.
|
| Sun, 19 Mar 2017 00:24:16 -0400 |
John Rouillard |
fixing some tests due to changes to classic template by adding anti-csrf code
|
| Sat, 18 Mar 2017 23:36:02 -0400 |
John Rouillard |
changes to try to deploy anti-csrf defense to other templates.
|
| Sat, 18 Mar 2017 23:34:41 -0400 |
John Rouillard |
format fix
|
| Sat, 18 Mar 2017 23:02:30 -0400 |
John Rouillard |
Added csrf defense to minimal template.
|
| Sat, 18 Mar 2017 22:55:50 -0400 |
John Rouillard |
convert classic template for csrf defense
|
| Sat, 18 Mar 2017 22:19:51 -0400 |
John Rouillard |
Also rename test to testCsrfProtection
|
| Sat, 18 Mar 2017 19:16:56 -0400 |
John Rouillard |
My testing was with dbm backends which do an automatic commit on the
|
| Sat, 18 Mar 2017 16:59:01 -0400 |
John Rouillard |
issue 2550690 - Adding anti-csrf measures to roundup following
|
| Sat, 18 Mar 2017 15:12:39 -0400 |
John Rouillard |
Reset state of:
|
| Sat, 18 Mar 2017 14:42:05 -0400 |
John Rouillard |
Still trying to figure out why travis ci fails without a call to
|
| Sat, 18 Mar 2017 12:25:30 -0400 |
John Rouillard |
More travis debug
|
| Sat, 18 Mar 2017 11:37:46 -0400 |
John Rouillard |
Trying to debug test failures on travis-ci that I can't reproduce
|
| Sat, 18 Mar 2017 10:44:10 -0400 |
rouilj |
Implement props_only feature for permissions.
|
| Thu, 16 Mar 2017 23:06:16 -0400 |
rouilj |
Remove left over debugging statements.
|
| Tue, 14 Mar 2017 18:38:46 -0400 |
rouilj |
Hopefully making the doc for the query editing feature less confusing.
|
| Fri, 10 Mar 2017 00:22:55 +1100 |
John Kristensen |
Fix incorrect indentation using tabs
|
| Wed, 08 Mar 2017 22:04:15 -0500 |
rouilj |
Three sets of changes:
|
| Sat, 25 Feb 2017 22:21:15 -0500 |
John Rouillard |
issue2550932 - html_calendar produces templating errors for bad date strings
|
| Sat, 25 Feb 2017 21:01:50 -0500 |
John Rouillard |
Make url's in messages identified as http://... or https://...
|
| Sat, 25 Feb 2017 17:48:46 -0500 |
John Rouillard |
Fix spelling error. Make it match the name of the field.
|
| Sat, 18 Feb 2017 00:58:34 -0500 |
John Rouillard |
Small fix. Make sure view is defined before trying to find('|') in it.
|
| Fri, 17 Feb 2017 21:41:24 -0500 |
John Rouillard |
Added missing change entry for the indexargs_form() fix.
|
| Fri, 17 Feb 2017 21:18:34 -0500 |
John Rouillard |
Check in enhanced form for check command used by addPermission.
|
| Fri, 17 Feb 2017 19:44:15 -0500 |
John Rouillard |
Make @template support two alternate templates for error and ok cases.
|
| Fri, 17 Feb 2017 19:33:01 -0500 |
John Rouillard |
Issue2550934 - templating.py-indexargs_form() returns id's as space separated list not comma separated
|
| Sat, 11 Feb 2017 17:25:05 -0500 |
John Rouillard |
merge from upstream.
|
| Sat, 11 Feb 2017 17:20:47 -0500 |
John Rouillard |
- issue2550933 - Fix Traceback in cgi/templating.py when a string is
|
| Mon, 30 Jan 2017 22:09:32 -0500 |
John Rouillard |
Add a new argument "showdef" to the template function menu(). When set
|
| Sat, 28 Jan 2017 21:15:49 -0500 |
John Rouillard |
got the indent wrong in the last change for templating.py
|
| Sat, 28 Jan 2017 20:58:19 -0500 |
John Rouillard |
- issue2550796: Calendar and Classhelp selection tools don't cause
|
| Tue, 24 Jan 2017 16:58:05 +1100 |
John Kristensen |
TravisCI: Fix fetching of xapian-bindings (issue2550931)
|
| Thu, 12 Jan 2017 21:24:18 -0500 |
John Rouillard |
Check in the signed cert needed to complete an http connection to a
|
| Thu, 12 Jan 2017 20:22:44 -0500 |
John Rouillard |
Add ca-certficates package so that wget can pull https url's.
|
| Mon, 12 Dec 2016 13:53:47 +0100 |
Ralf Schlatterbeck |
Implement double-precision Number
|
| Fri, 09 Dec 2016 10:52:59 +0100 |
Ralf Schlatterbeck |
Fix Traceback in backends/portalocker.py (windows)
|
| Fri, 09 Dec 2016 09:49:25 +0100 |
Ralf Schlatterbeck |
Store template name with saved query
|
| Mon, 28 Nov 2016 16:09:39 +0100 |
Ralf Schlatterbeck |
Fix submit_once Javascript function
|
| Sat, 22 Oct 2016 17:23:18 -0400 |
John Rouillard |
issue2550929 fix for my use case, need Ralf to check for his.
|
| Fri, 21 Oct 2016 14:12:44 +0200 |
Ralf Schlatterbeck |
Hopefully fix issue2550929
|
| Fri, 02 Sep 2016 23:45:57 -0400 |
John Rouillard |
fix multilink support of try_id_parsing=no and add test for multilink cases.
|
| Thu, 01 Sep 2016 21:26:59 -0400 |
John Rouillard |
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
|
| Tue, 23 Aug 2016 11:08:28 +0200 |
Ralf Schlatterbeck |
Re-add changelog entry lost when merging
|
| Mon, 22 Aug 2016 22:19:48 +0200 |
Ralf Schlatterbeck |
issue1408570: fix that form values are lost
|
| Mon, 15 Aug 2016 20:53:37 -0400 |
John Rouillard |
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
|
| Sat, 23 Jul 2016 17:21:14 -0400 |
John Rouillard |
Fixed a couple of failing tests for *LoginRedirect in test_actions.py after url validation. Also raise ValueError from examine_url if base url is None.
|
| Sat, 23 Jul 2016 17:08:44 -0400 |
John Rouillard |
Some patches from wking to make admin.py bypass checks like nuking a
|
