dinislage/web2py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,918 Commits 18 Branches 72 Tags
116a7ff006be84df97a58f529e086122e84b4ecc
Commit Graph

6918 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mdipierro 9837aae642 Merge pull request #1378 from niphlod/fix/1331 
fixes #1331 (just rocket, really)
 2016-07-01 01:56:56 -05:00
mdipierro 5413b95320 Merge pull request #1377 from niphlod/fix/1347 
fixes #1347
 2016-07-01 01:56:37 -05:00
mdipierro 5d13e56dc5 Merge pull request #1376 from niphlod/fix/1354 
fixes #1354
 2016-07-01 01:56:21 -05:00
mdipierro 5a5c2b500a Merge pull request #1375 from niphlod/fix/1355 
fixes #1355
 2016-07-01 01:56:02 -05:00
mdipierro 46d02a3448 Merge pull request #1374 from niphlod/fix/1364 
fixes #1364
 2016-07-01 01:55:41 -05:00
mdipierro a99096d6b3 Merge pull request #1373 from ilvalle/py3_fixes_6 
Py3 fixes
 2016-07-01 01:55:24 -05:00
Th3R3p0 d95acb6897 Fixed open redirect security vulnerability. The previous filter searched for two forward slashes "//" in the "_next” parameter and if the two forward slashes were found it would check the URI and determine if the hostname matched the hostname of the web server. If not, it would change the next variable to the None. However, browsers don't require two forward slashes. As a feature, browsers accept typos such as http:google.com or http:/google.com and redirect to http://google.com. This can be used to leverage an open redirect attack even with the current filter. This commit fixes the open redirect vulnerability in the _next get parameter. Thanks to jnbrex for helping debug/write the patch for this vulnerability. 2016-06-30 17:24:47 -04:00
Alex Artigues f87c3e260c Fix next redirect if only one / exists 2016-06-29 20:54:13 -04:00
niphlod 9c8db3f65a corner case - fixes #1363 2016-06-28 23:52:28 +02:00
niphlod 595e37c2de removed web shell 2016-06-28 23:34:41 +02:00
niphlod 0708dd36e7 fixes #1331 (just rocket, really) 2016-06-28 22:00:57 +02:00
niphlod 5e0a53f4c2 fixes #1347 2016-06-28 21:49:23 +02:00
niphlod 4966466509 fixes #1354 2016-06-28 21:46:07 +02:00
niphlod a96f137e03 fixes #1355 2016-06-28 21:43:31 +02:00
niphlod 955b30a871 fixes #1364 2016-06-28 21:36:59 +02:00
ilvalle 4cdcf8eae0 Since py2.7 compile() supports Win and Mac newlines. Also input in 'exec' mode does not have to end in a newline anymore. 2016-06-28 19:58:25 +02:00
ilvalle ea337e07d0 p3 fixes in applications 2016-06-28 19:58:20 +02:00
mdipierro 5f80300c5d Merge pull request #1371 from ilvalle/py3_fixes_5 
PY3 fixes
 2016-06-26 00:32:09 -05:00
mdipierro 0b4b71ea09 Merge branch 'master' of github.com:web2py/web2py 2016-06-26 00:30:42 -05:00
mdipierro f8f471f51f new cheatsheet 2016-06-26 00:30:25 -05:00
ilvalle f343fab528 py3 fixes for admin app 2016-06-25 17:36:37 +02:00
ilvalle d429554c5b fix travis, pip 8.1.2 no longer supports --download-cache option 2016-06-25 13:45:06 +02:00
ilvalle abf8d9fb27 fix compiled app in py3 2016-06-25 13:27:35 +02:00
ilvalle 8aecaf4514 PY3 fixes and added tests for gluon/admin.py 2016-06-24 22:54:56 +02:00
mdipierro 48350664f0 Merge pull request #1369 from zvolsky/_transl_markmin 
cs translation: removed unwanted '@markmin' literal from translated s…
 2016-06-22 16:39:08 -05:00
mdipierro dabe5c4589 Merge pull request #1368 from ilvalle/py3_fixes4 
Py3 fixes4
 2016-06-22 16:38:59 -05:00
ilvalle 61795bc65e enabled test_web.py in PY3 2016-06-22 19:07:58 +02:00
zvolsky 3bb0299b29 cs translation: removed unwanted '@markmin' literal from translated strings 2016-06-22 12:19:42 +02:00
ilvalle 3270d39596 py3 fixed http.to 2016-06-21 22:24:33 +02:00
ilvalle 476db87335 updated pysimplesoap to current master 2016-06-21 21:25:30 +02:00
mdipierro 1da93676a2 Merge pull request #1367 from ilvalle/py3_fixes_step3 
Updated user_agent_parser
 2016-06-19 14:15:58 -05:00
ilvalle d9c7953147 updated user_agent_parser to 1.7.8, fix webclient 2016-06-19 11:49:16 +02:00
mdipierro 0dbd2ea6e5 added quote_template 2016-06-18 10:46:46 -05:00
mdipierro e33dd01516 DAL v16.06.09 2016-06-18 08:50:56 -05:00
mdipierro 45a376eee9 added extra_mssql_models.py, thanks Kyle Flanagan 2016-06-18 08:12:01 -05:00
mdipierro ce3f5fbff2 Merge pull request #1365 from niphlod/feature/scheduler_crontab 
repeats via cronline expression
 2016-06-18 07:49:08 -05:00
mdipierro 338ca6ba5c Merge pull request #1361 from ilvalle/py3_fixes_step2 
few py3 fixes
 2016-06-18 07:48:39 -05:00
mdipierro ce3e314360 Merge pull request #1360 from ilvalle/master 
fix request.json, close #1337
 2016-06-18 07:48:14 -05:00
niphlod 6bb255286a repeats via cronline expression 2016-06-15 21:32:51 +02:00
ilvalle 2aeb063890 enabled test_appadmin, fix markmin2html, fix main.py 2016-06-15 20:17:58 +02:00
ilvalle 0f648eee56 enabled pg8000 pymysql 2016-06-14 18:01:12 +02:00
Oscar Fonts 11fec25927 Don't truncate texts on SQLFORM.grid HTML Export 2016-06-14 11:06:14 +02:00
ilvalle 48209f5bdf fix compileapp 2016-06-13 20:20:49 +02:00
ilvalle 34f753be56 fix languages 2016-06-13 20:20:49 +02:00
ilvalle a27f6f88ef fix serializers, websocket_messaging 2016-06-13 20:20:49 +02:00
ilvalle ab2cdd595b fix utils 2016-06-13 20:20:49 +02:00
ilvalle 7259516627 fix tools 2016-06-13 20:20:44 +02:00
ilvalle 180ada57da fix request.json, close #1337 2016-06-13 18:00:14 +02:00
Oscar Fonts 8fdedb7018 Add maxtextlenth option to SQLFORM.grid HTML exporter 2016-06-13 12:17:45 +02:00
mdipierro a18e0e489f why is session.forget not callable in tests? 2016-06-12 21:08:33 -05:00