3c2ee85295
Merge branch 'issue_1261'
...
Adding to Expose.__init__(..., follow_symlink_out=False).
If the user didn't override this, and if the OS supports symlinks, we
test that the we will not expose any symlinks that points outside of
self.base.
Expose is not also covered by unittests.
2016-06-11 12:38:21 +03:00
9877ad5155
fix in_base for base='/'
...
If the base directory already ends with '/' the test failed.
It failed because we added an extra '/' to make sure that '/foobar' is
not under '/foo', so ask '/foobar/'.startswith('/foo/').
Whoever when we have the base already start with '/' we might test:
'/foo/bar/'.startwith('/foo//'), and give a false negative. We
shouldn't have this case, because we normalized the path, but in the
case of the root directory ('/') even a normalized path ends with '/',
and thus when base='/' this function failed.
Some re-factoring was needed to make this base testable.
2016-06-11 12:19:16 +03:00
e020395bdc
apply pull request #1313
...
This should have resolved security issue#1261 -- gluon.tools.Expose
symlinks, however it does not deal well with the case where the base
exposed directory is '/'
2016-06-11 11:20:23 +03:00
15a26c00b1
Merge pull request #1352 from zvolsky/_revert_wiki
...
revert wiki to earlier (properly working) state
2016-06-07 20:36:52 -05:00
df9928d69c
Merge pull request #1349 from zvolsky/_represent_none
...
represent none
2016-06-07 20:36:01 -05:00
225a286162
revert wiki to earlier (properly working) state
2016-06-07 15:10:03 +02:00
876508a227
grid: custom representation of None value, in view
2016-06-06 12:43:11 +02:00
0c52f2a561
grid: custom representation of None value
2016-06-06 12:25:06 +02:00
154073c3a6
Merge pull request #1341 from nextghost/master
...
Ignore internal attributes when checking whether new session was changed
2016-06-03 10:04:00 -05:00
14ac911ce7
Merge pull request #1344 from michele-comitini/jwt-renew-fix
...
Jwt renew fix
2016-06-03 10:02:41 -05:00
1554a29f5f
Merge pull request #1345 from niphlod/fix/codecov
...
should turn off the codecov/changes report
2016-06-03 10:02:09 -05:00
850d79c287
should turn off the codecov/changes report
2016-06-01 00:50:01 +02:00
67f85fd631
allow token renewal with http authorization header.
2016-05-31 23:55:58 +02:00
40b8a4d75d
Whitespace fix
2016-05-28 22:25:58 +02:00
54e443dfad
Ignore internal attributes when checking whether new session was changed
2016-05-28 21:54:24 +02:00
95c1a734d1
fix wrong reference to request out of current namespace
2016-05-27 00:23:25 +02:00
cbd8c63b26
Merge pull request #1335 from zvolsky/_breadcrumb_divider
...
better breadcrumb divider for smartgrid
2016-05-23 22:20:57 -05:00
fec756213d
Merge pull request #1336 from cccaballero/master
...
fixing dictionary changed size error on SQLFORM using extra_fields
2016-05-23 22:19:29 -05:00
47b1bf7323
fixing dictionary changed size error on SQLFORM using extra_fields
...
When uses the extra_fields keyword argument in SQLFORM rises an
"RuntimeError: dictionary changed size during iteration" exception
because is trying to remove a dictionary element while is iterating the
dict
2016-05-23 14:36:10 -04:00
a70e966f0c
breadcrumb divider, finished
2016-05-20 19:04:07 +02:00
d1889b922b
Merge pull request #1333 from leonelcamara/versionchecks
...
Removed unnecessary version checks
2016-05-19 18:49:55 -05:00
180ebcd7f1
Removed unnecessary version checks
...
Fixed 2 memory leaks in restricted.py
2016-05-19 19:03:54 +01:00
56b29553c5
Merge pull request #1330 from oscarfonts/catalan-plurals
...
Added catalan plural rules
2016-05-14 10:16:39 -05:00
8679ab1777
Merge pull request #1329 from leonelcamara/test_week11
...
more tests for languages module
2016-05-14 10:16:21 -05:00
73713f2e45
Merge pull request #1328 from niphlod/settings/codecov
...
added codecov setting file
2016-05-14 10:16:12 -05:00
62f49d0f57
Added catalan plural rules
2016-05-12 16:14:01 +02:00
1029a70d10
more tests for languages module
...
removed 2.5/2.6 compatibility in test_validators.py
2016-05-12 02:00:14 +01:00
c15abd2585
added codecov setting file
2016-05-11 21:38:01 +02:00
be1845ad83
Merge pull request #1327 from leonelcamara/ditch26
...
Ditch python2.6
2016-05-11 01:35:52 -05:00
5246d808f0
Merge pull request #1326 from michele-comitini/jwt-decorator-fix
...
make allows_jwt a real decorator. Tests included!
2016-05-11 01:35:44 -05:00
32ac20c1c5
Merge pull request #1325 from gi0baro/issue-1324
...
Fix #1324
2016-05-11 01:35:30 -05:00
261da3e346
fix setup.py
2016-05-11 01:12:00 +01:00
87a3de22d7
remove ordereddict
2016-05-11 01:03:04 +01:00
a9ee9a6b58
remove simplejson
2016-05-11 00:47:23 +01:00
713fe8e2bc
remove 2.6 from CI configs
2016-05-10 23:35:15 +01:00
cda35fd48a
R-2.14.6
2016-05-09 19:19:07 -05:00
85c37af1f4
removed unwanted file
2016-05-09 19:11:08 -05:00
7d48d6ba03
removed logging leftover
2016-05-10 01:35:22 +02:00
4658e172c3
removed forgotten print statement
2016-05-10 01:11:08 +02:00
2c26a8c33a
make allows_jwt a real decorator. Tests included!
2016-05-10 00:50:33 +02:00
625c7ae82e
Fix #1324
2016-05-09 23:38:52 +02:00
87935a45ba
Merge branch 'master' of github.com:web2py/web2py
2016-05-09 00:24:29 -05:00
0692272991
going back to dal 16.03 to prepare for 2.14.6
2016-05-09 00:24:14 -05:00
c9f11c068c
Merge pull request #1322 from ShySec/oneall_optimization
...
simplified oneall dname handling
2016-05-09 00:05:06 -05:00
54b0feeffb
Merge pull request #1321 from ShySec/master
...
fixed timing attack in gluon.utils.compare
2016-05-09 00:04:39 -05:00
8666f993d1
Merge pull request #1320 from niphlod/enhancement/redis_scheduler
...
sync with main scheduler
2016-05-09 00:03:42 -05:00
822e68ac16
simplified oneall dname handling
2016-05-06 16:10:19 -04:00
292af5adc6
fixed timing attack in gluon.utils.compare
2016-05-06 14:14:32 -04:00
c6d4fb8f38
sync with main scheduler
2016-05-05 21:36:51 +02:00
82d79e74c6
Merge pull request #1318 from leonelcamara/admin_lockout
...
Check if host is denied before verifying password
2016-05-04 13:30:14 -05:00
Chen Rotem Levy