dinislage/web2py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

increased security in admin and appadmin

Browse Source
This commit is contained in:
mdipierro
2014-08-25 16:36:10 -05:00
parent 353d83aa4e
commit bac9039c6e
5 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
VERSION
+1 -1
View File
@@ -1 +1 @@
Version 2.10.0-trunk+timestamp.2014.08.21.18.22.13
Version 2.10.0-trunk+timestamp.2014.08.25.16.35.41
applications/admin/controllers/appadmin.py
+1 -1
View File
@@ -32,7 +32,7 @@ try:
except:
hosts = (http_host, )
if request.env.http_x_forwarded_for or request.is_https:
if request.is_https:
session.secure()
elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \
(request.function != 'manage'):
applications/admin/models/access.py
+1 -1
View File
@@ -19,7 +19,7 @@ if request.env.web2py_runtime_gae:
else:
is_gae = False
if request.env.http_x_forwarded_for or request.is_https:
if request.is_https:
session.secure()
elif not request.is_local and not DEMO_MODE:
raise HTTP(200, T('Admin is disabled because insecure channel'))
applications/examples/controllers/appadmin.py
+1 -1
View File
@@ -32,7 +32,7 @@ try:
except:
hosts = (http_host, )
if request.env.http_x_forwarded_for or request.is_https:
if request.is_https:
session.secure()
elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \
(request.function != 'manage'):
applications/welcome/controllers/appadmin.py
+1 -1
View File
@@ -32,7 +32,7 @@ try:
except:
hosts = (http_host, )
if request.env.http_x_forwarded_for or request.is_https:
if request.is_https:
session.secure()
elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \
(request.function != 'manage'):