web2py

Author	SHA1	Message	Date
mdipierro	c5bd7ca25d	look for dal in packages by default	2016-07-05 08:35:42 -05:00
mdipierro	d9c2f778ee	fixed auth next open redirect	2016-07-01 02:22:15 -05:00
mdipierro	409cfda1f6	Merge pull request #1382 from apa-1/master Fix next redirect if only one / exists	2016-07-01 02:00:58 -05:00
mdipierro	229da5847b	Merge pull request #1381 from niphlod/fix/1363 corner case - fixes #1363	2016-07-01 02:00:18 -05:00
mdipierro	c7eb1c1eae	Merge branch 'niphlod-remove/webshell'	2016-07-01 01:59:42 -05:00
mdipierro	67b27f4daf	removed webshell	2016-07-01 01:59:12 -05:00
mdipierro	9837aae642	Merge pull request #1378 from niphlod/fix/1331 fixes #1331 (just rocket, really)	2016-07-01 01:56:56 -05:00
mdipierro	5413b95320	Merge pull request #1377 from niphlod/fix/1347 fixes #1347	2016-07-01 01:56:37 -05:00
mdipierro	5d13e56dc5	Merge pull request #1376 from niphlod/fix/1354 fixes #1354	2016-07-01 01:56:21 -05:00
mdipierro	5a5c2b500a	Merge pull request #1375 from niphlod/fix/1355 fixes #1355	2016-07-01 01:56:02 -05:00
mdipierro	46d02a3448	Merge pull request #1374 from niphlod/fix/1364 fixes #1364	2016-07-01 01:55:41 -05:00
mdipierro	a99096d6b3	Merge pull request #1373 from ilvalle/py3_fixes_6 Py3 fixes	2016-07-01 01:55:24 -05:00
Th3R3p0	d95acb6897	Fixed open redirect security vulnerability. The previous filter searched for two forward slashes "//" in the "_next” parameter and if the two forward slashes were found it would check the URI and determine if the hostname matched the hostname of the web server. If not, it would change the next variable to the None. However, browsers don't require two forward slashes. As a feature, browsers accept typos such as http:google.com or http:/google.com and redirect to http://google.com . This can be used to leverage an open redirect attack even with the current filter. This commit fixes the open redirect vulnerability in the _next get parameter. Thanks to jnbrex for helping debug/write the patch for this vulnerability.	2016-06-30 17:24:47 -04:00
Alex Artigues	f87c3e260c	Fix next redirect if only one / exists	2016-06-29 20:54:13 -04:00
niphlod	9c8db3f65a	corner case - fixes #1363	2016-06-28 23:52:28 +02:00
niphlod	595e37c2de	removed web shell	2016-06-28 23:34:41 +02:00
niphlod	0708dd36e7	fixes #1331 (just rocket, really)	2016-06-28 22:00:57 +02:00
niphlod	5e0a53f4c2	fixes #1347	2016-06-28 21:49:23 +02:00
niphlod	4966466509	fixes #1354	2016-06-28 21:46:07 +02:00
niphlod	a96f137e03	fixes #1355	2016-06-28 21:43:31 +02:00
niphlod	955b30a871	fixes #1364	2016-06-28 21:36:59 +02:00
ilvalle	4cdcf8eae0	Since py2.7 compile() supports Win and Mac newlines. Also input in 'exec' mode does not have to end in a newline anymore.	2016-06-28 19:58:25 +02:00
ilvalle	ea337e07d0	p3 fixes in applications	2016-06-28 19:58:20 +02:00
mdipierro	5f80300c5d	Merge pull request #1371 from ilvalle/py3_fixes_5 PY3 fixes	2016-06-26 00:32:09 -05:00
mdipierro	0b4b71ea09	Merge branch 'master' of github.com:web2py/web2py	2016-06-26 00:30:42 -05:00
mdipierro	f8f471f51f	new cheatsheet	2016-06-26 00:30:25 -05:00
ilvalle	f343fab528	py3 fixes for admin app	2016-06-25 17:36:37 +02:00
ilvalle	d429554c5b	fix travis, pip 8.1.2 no longer supports --download-cache option	2016-06-25 13:45:06 +02:00
ilvalle	abf8d9fb27	fix compiled app in py3	2016-06-25 13:27:35 +02:00
ilvalle	8aecaf4514	PY3 fixes and added tests for gluon/admin.py	2016-06-24 22:54:56 +02:00
mdipierro	48350664f0	Merge pull request #1369 from zvolsky/_transl_markmin cs translation: removed unwanted '@markmin' literal from translated s…	2016-06-22 16:39:08 -05:00
mdipierro	dabe5c4589	Merge pull request #1368 from ilvalle/py3_fixes4 Py3 fixes4	2016-06-22 16:38:59 -05:00
ilvalle	61795bc65e	enabled test_web.py in PY3	2016-06-22 19:07:58 +02:00
zvolsky	3bb0299b29	cs translation: removed unwanted '@markmin' literal from translated strings	2016-06-22 12:19:42 +02:00
ilvalle	3270d39596	py3 fixed http.to	2016-06-21 22:24:33 +02:00
ilvalle	476db87335	updated pysimplesoap to current master	2016-06-21 21:25:30 +02:00
mdipierro	1da93676a2	Merge pull request #1367 from ilvalle/py3_fixes_step3 Updated user_agent_parser	2016-06-19 14:15:58 -05:00
ilvalle	d9c7953147	updated user_agent_parser to 1.7.8, fix webclient	2016-06-19 11:49:16 +02:00
mdipierro	0dbd2ea6e5	added quote_template	2016-06-18 10:46:46 -05:00
mdipierro	e33dd01516	DAL v16.06.09	2016-06-18 08:50:56 -05:00
mdipierro	45a376eee9	added extra_mssql_models.py, thanks Kyle Flanagan	2016-06-18 08:12:01 -05:00
mdipierro	ce3f5fbff2	Merge pull request #1365 from niphlod/feature/scheduler_crontab repeats via cronline expression	2016-06-18 07:49:08 -05:00
mdipierro	338ca6ba5c	Merge pull request #1361 from ilvalle/py3_fixes_step2 few py3 fixes	2016-06-18 07:48:39 -05:00
mdipierro	ce3e314360	Merge pull request #1360 from ilvalle/master fix request.json, close #1337	2016-06-18 07:48:14 -05:00
niphlod	6bb255286a	repeats via cronline expression	2016-06-15 21:32:51 +02:00
ilvalle	2aeb063890	enabled test_appadmin, fix markmin2html, fix main.py	2016-06-15 20:17:58 +02:00
ilvalle	0f648eee56	enabled pg8000 pymysql	2016-06-14 18:01:12 +02:00
ilvalle	48209f5bdf	fix compileapp	2016-06-13 20:20:49 +02:00
ilvalle	34f753be56	fix languages	2016-06-13 20:20:49 +02:00
ilvalle	a27f6f88ef	fix serializers, websocket_messaging	2016-06-13 20:20:49 +02:00

1 2 3 4 5 ...

6872 Commits