dinislage/web2py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • c7eb1c1eae Merge branch 'niphlod-remove/webshell' mdipierro 2016-07-01 01:59:42 -05:00
  • 67b27f4daf removed webshell mdipierro 2016-07-01 01:59:12 -05:00
  • 9837aae642 Merge pull request #1378 from niphlod/fix/1331 mdipierro 2016-07-01 01:56:56 -05:00
  • 5413b95320 Merge pull request #1377 from niphlod/fix/1347 mdipierro 2016-07-01 01:56:37 -05:00
  • 5d13e56dc5 Merge pull request #1376 from niphlod/fix/1354 mdipierro 2016-07-01 01:56:21 -05:00
  • 5a5c2b500a Merge pull request #1375 from niphlod/fix/1355 mdipierro 2016-07-01 01:56:02 -05:00
  • 46d02a3448 Merge pull request #1374 from niphlod/fix/1364 mdipierro 2016-07-01 01:55:41 -05:00
  • a99096d6b3 Merge pull request #1373 from ilvalle/py3_fixes_6 mdipierro 2016-07-01 01:55:24 -05:00
  • d95acb6897 Fixed open redirect security vulnerability. The previous filter searched for two forward slashes "//" in the "_next” parameter and if the two forward slashes were found it would check the URI and determine if the hostname matched the hostname of the web server. If not, it would change the next variable to the None. However, browsers don't require two forward slashes. As a feature, browsers accept typos such as http:google.com or http:/google.com and redirect to http://google.com. This can be used to leverage an open redirect attack even with the current filter. This commit fixes the open redirect vulnerability in the _next get parameter. Thanks to jnbrex for helping debug/write the patch for this vulnerability. Th3R3p0 2016-06-30 17:24:47 -04:00
  • f87c3e260c Fix next redirect if only one / exists Alex Artigues 2016-06-29 20:54:13 -04:00
  • 9c8db3f65a corner case - fixes #1363 niphlod 2016-06-28 23:52:28 +02:00
  • 595e37c2de removed web shell niphlod 2016-06-28 23:22:37 +02:00
  • 0708dd36e7 fixes #1331 (just rocket, really) niphlod 2016-06-28 22:00:57 +02:00
  • 5e0a53f4c2 fixes #1347 niphlod 2016-06-28 21:49:23 +02:00
  • 4966466509 fixes #1354 niphlod 2016-06-28 21:46:07 +02:00
  • a96f137e03 fixes #1355 niphlod 2016-06-28 21:43:31 +02:00
  • 955b30a871 fixes #1364 niphlod 2016-06-28 21:36:59 +02:00
  • 4cdcf8eae0 Since py2.7 compile() supports Win and Mac newlines. Also input in 'exec' mode does not have to end in a newline anymore. ilvalle 2016-06-26 18:16:56 +02:00
  • ea337e07d0 p3 fixes in applications ilvalle 2016-06-26 17:47:12 +02:00
  • 5f80300c5d Merge pull request #1371 from ilvalle/py3_fixes_5 mdipierro 2016-06-26 00:32:09 -05:00
  • 0b4b71ea09 Merge branch 'master' of github.com:web2py/web2py mdipierro 2016-06-26 00:30:42 -05:00
  • f8f471f51f new cheatsheet mdipierro 2016-06-26 00:30:25 -05:00
  • f343fab528 py3 fixes for admin app ilvalle 2016-06-25 17:36:37 +02:00
  • d429554c5b fix travis, pip 8.1.2 no longer supports --download-cache option ilvalle 2016-06-25 13:40:12 +02:00
  • abf8d9fb27 fix compiled app in py3 ilvalle 2016-06-25 13:27:35 +02:00
  • 8aecaf4514 PY3 fixes and added tests for gluon/admin.py ilvalle 2016-06-24 15:02:28 +02:00
  • 48350664f0 Merge pull request #1369 from zvolsky/_transl_markmin mdipierro 2016-06-22 16:39:08 -05:00
  • dabe5c4589 Merge pull request #1368 from ilvalle/py3_fixes4 mdipierro 2016-06-22 16:38:59 -05:00
  • 61795bc65e enabled test_web.py in PY3 ilvalle 2016-06-22 18:39:30 +02:00
  • 3bb0299b29 cs translation: removed unwanted '@markmin' literal from translated strings zvolsky 2016-06-22 12:19:42 +02:00
  • 3270d39596 py3 fixed http.to ilvalle 2016-06-21 19:47:56 +02:00
  • 476db87335 updated pysimplesoap to current master ilvalle 2016-06-21 21:09:24 +02:00
  • 1da93676a2 Merge pull request #1367 from ilvalle/py3_fixes_step3 mdipierro 2016-06-19 14:15:58 -05:00
  • d9c7953147 updated user_agent_parser to 1.7.8, fix webclient ilvalle 2016-06-19 11:44:19 +02:00
  • 0dbd2ea6e5 added quote_template mdipierro 2016-06-18 10:46:46 -05:00
  • e33dd01516 DAL v16.06.09 mdipierro 2016-06-18 08:50:56 -05:00
  • 45a376eee9 added extra_mssql_models.py, thanks Kyle Flanagan mdipierro 2016-06-18 08:12:01 -05:00
  • ce3f5fbff2 Merge pull request #1365 from niphlod/feature/scheduler_crontab mdipierro 2016-06-18 07:49:08 -05:00
  • 338ca6ba5c Merge pull request #1361 from ilvalle/py3_fixes_step2 mdipierro 2016-06-18 07:48:39 -05:00
  • ce3e314360 Merge pull request #1360 from ilvalle/master mdipierro 2016-06-18 07:48:14 -05:00
  • 6bb255286a repeats via cronline expression niphlod 2016-06-15 20:26:09 +02:00
  • 2aeb063890 enabled test_appadmin, fix markmin2html, fix main.py ilvalle 2016-06-14 20:31:41 +02:00
  • 0f648eee56 enabled pg8000 pymysql ilvalle 2016-06-14 18:01:12 +02:00
  • 11fec25927 Don't truncate texts on SQLFORM.grid HTML Export Oscar Fonts 2016-06-14 11:06:14 +02:00
  • 48209f5bdf fix compileapp ilvalle 2016-06-12 13:22:34 +02:00
  • 34f753be56 fix languages ilvalle 2016-06-11 20:12:30 +02:00
  • a27f6f88ef fix serializers, websocket_messaging ilvalle 2016-06-11 15:45:27 +02:00
  • ab2cdd595b fix utils ilvalle 2016-06-11 15:26:15 +02:00
  • 7259516627 fix tools ilvalle 2016-06-11 14:54:02 +02:00
  • 180ada57da fix request.json, close #1337 ilvalle 2016-06-13 18:00:14 +02:00
  • 8fdedb7018 Add maxtextlenth option to SQLFORM.grid HTML exporter Oscar Fonts 2016-06-13 12:17:45 +02:00
  • a18e0e489f why is session.forget not callable in tests? mdipierro 2016-06-12 21:08:33 -05:00
  • dfb0129f09 do not forget a missing session mdipierro 2016-06-12 20:55:16 -05:00
  • cadb130518 fixed expose tests mdipierro 2016-06-12 20:27:20 -05:00
  • a830f95f70 Merge branch 'ilvalle-py3_fixes' mdipierro 2016-06-12 20:00:10 -05:00
  • f4a353960b merged conflicts mdipierro 2016-06-12 19:59:58 -05:00
  • c5bafa16dd Merge pull request #1357 from chenl/master mdipierro 2016-06-12 19:56:40 -05:00
  • 3c2ee85295 Merge branch 'issue_1261' Chen Rotem Levy 2016-06-11 12:38:21 +03:00
  • 9877ad5155 fix in_base for base='/' Chen Rotem Levy 2016-06-11 12:19:16 +03:00
  • e020395bdc apply pull request #1313 Chen Rotem Levy 2016-06-11 11:20:23 +03:00
  • 1f013d76f3 minor few fix ilvalle 2016-06-08 19:30:13 +02:00
  • 3103226686 revert fcgi changes ilvalle 2016-06-09 17:32:49 +02:00
  • 15a26c00b1 Merge pull request #1352 from zvolsky/_revert_wiki mdipierro 2016-06-07 20:36:52 -05:00
  • df9928d69c Merge pull request #1349 from zvolsky/_represent_none mdipierro 2016-06-07 20:36:01 -05:00
  • fd850ab46f fix validators, updated gluon/contrib/ipaddr ilvalle 2016-06-04 20:59:10 +02:00
  • 225a286162 revert wiki to earlier (properly working) state zvolsky 2016-06-07 15:10:03 +02:00
  • 876508a227 grid: custom representation of None value, in view zvolsky 2016-06-06 12:43:11 +02:00
  • 0c52f2a561 grid: custom representation of None value zvolsky 2016-06-06 12:25:06 +02:00
  • 92374741ff fix rewrite, enabled test_router & test_routes ilvalle 2016-06-04 17:42:36 +02:00
  • 71ba0e515f updated portalocker, few py3 syntax/import fix ilvalle 2016-06-04 14:07:42 +02:00
  • dcd24cf88c Updated fpdf to the last version (py3 compatible), fix contrib/appconfig ilvalle 2016-06-04 09:11:29 +02:00
  • 2f7d76769c typo in globals ilvalle 2016-06-03 23:44:45 +02:00
  • 154073c3a6 Merge pull request #1341 from nextghost/master mdipierro 2016-06-03 10:04:00 -05:00
  • 14ac911ce7 Merge pull request #1344 from michele-comitini/jwt-renew-fix mdipierro 2016-06-03 10:02:41 -05:00
  • 1554a29f5f Merge pull request #1345 from niphlod/fix/codecov mdipierro 2016-06-03 10:02:09 -05:00
  • 97eb013831 fix test_html and test_template for py3 ilvalle 2016-06-03 10:56:08 +02:00
  • db8306b5c4 fix iteritems, enabled test_cache & test_dal for 3.5 ilvalle 2016-06-02 17:21:36 +02:00
  • 707330accd Enabled 3.5 on travis ilvalle 2016-06-02 14:57:48 +02:00
  • a1fd92b7f8 updated imports in tests ilvalle 2016-06-02 10:46:02 +02:00
  • 01bab81432 manually adapt few imports ilvalle 2016-05-31 20:14:19 +02:00
  • 850d79c287 should turn off the codecov/changes report niphlod 2016-06-01 00:50:01 +02:00
  • 67f85fd631 allow token renewal with http authorization header. Michele Comitini 2016-05-31 23:55:58 +02:00
  • aa2bf4134e introduced _compact from pydal ilvalle 2016-05-31 20:12:50 +02:00
  • 48e10a3793 running libfuturize.fixes.fix_print_with_import ilvalle 2016-05-30 21:09:52 +02:00
  • 36ca754c77 running libfuturize.fixes.fix_raise ilvalle 2016-05-29 08:46:31 +02:00
  • d74413bc16 running lib2to3.fixes.fix_methodattrs ilvalle 2016-05-29 08:32:36 +02:00
  • 02e0cd187a running lib2to3.fixes.fix_has_key ilvalle 2016-05-29 08:26:35 +02:00
  • 9588ba690c running lib2to3.fixes.fix_tuple_params ilvalle 2016-05-29 08:22:38 +02:00
  • a5599f3eab running lib2to3.fixes.fix_idioms ilvalle 2016-05-29 08:20:18 +02:00
  • 9b9ed0ad0f running lib2to3.fixes.fix_funcattrs ilvalle 2016-05-29 08:13:53 +02:00
  • 8074927191 running lib2to3.fixes.fix_renames ilvalle 2016-05-29 08:06:09 +02:00
  • 35900da19b running lib2to3.fixes.fix_except ilvalle 2016-05-29 08:00:04 +02:00
  • 14830e8906 running lib2to3.fixes.fix_standarderror ilvalle 2016-05-27 15:27:41 +02:00
  • d22222ebea running lib2to3.fixes.fix_reduce ilvalle 2016-05-27 15:25:09 +02:00
  • ec8ea53917 running lib2to3.fixes.fix_apply ilvalle 2016-05-27 15:03:56 +02:00
  • 40b8a4d75d Whitespace fix Martin Doucha 2016-05-28 22:25:58 +02:00
  • 54e443dfad Ignore internal attributes when checking whether new session was changed Martin Doucha 2016-05-28 21:54:24 +02:00
  • 8d213a5b87 fix local import in __init__.py ilvalle 2016-05-27 14:42:22 +02:00
  • 95c1a734d1 fix wrong reference to request out of current namespace Michele Comitini 2016-05-27 00:23:25 +02:00
  • cbd8c63b26 Merge pull request #1335 from zvolsky/_breadcrumb_divider mdipierro 2016-05-23 22:20:57 -05:00