VladPolskiy/postgres-web
1
0
Fork 0
mirror of https://github.com/postgres/pgweb.git synced 2025-08-03 15:38:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
78de94d17cc4820a41f0e579c05a93526bbbba4d
postgres-web/pgweb
History
Magnus Hagander 78de94d17c Update community authentication to pass an arbitrary datablock instead of url 
This makes it possible to pass URLs that will fail when they end up being double
escaped in some cases, since they contain non-url-safe characters. Instead, they'd
be base64-encoded, and thus safe.

Also update the django community auth provider to do just this, including encrypting
the data with the site secret key to make sure it can't be changed/injected by
tricking the user to go directly to the wrong URL.
2013-06-20 15:16:47 +02:00
..
account
Update community authentication to pass an arbitrary datablock instead of url
2013-06-20 15:16:47 +02:00
contributors
All purge_urls must be rooted, since we add ^ at the beginning
2011-11-27 13:31:20 +01:00
core
Switch to using the new feeds framework
2013-06-16 16:35:20 +02:00
docs
Allow doc comment filtering by approval status
2013-01-30 11:45:31 +01:00
downloads
Exclude the ftp info upload page from CSRF checks
2013-06-16 18:32:30 +02:00
events
Switch to using the new feeds framework
2013-06-16 16:35:20 +02:00
featurematrix
add 9.3 to the feature matrix so that thom can start updating it
2013-05-26 12:34:47 -04:00
legacyurl
Add redirects as required to deal with legacy urls, for all the stuff
2010-06-22 11:17:49 +02:00
lists
Make the mailinglist subscription form csrf exempt, so it works again
2012-11-11 16:12:09 +01:00
misc
Exclude CSRF token and check for the bug submission form
2012-11-07 18:34:47 +01:00
news
Switch to using the new feeds framework
2013-06-16 16:35:20 +02:00
profserv
One more spot missed when renaming organisation field
2012-06-29 14:13:03 +02:00
pugs
Proper appending of pug list
2013-05-08 16:37:06 -04:00
pwn
Switch to using the new feeds framework
2013-06-16 16:35:20 +02:00
quotes
Include missing slash in URL to purge for quotes
2011-11-27 12:29:50 +01:00
search
Encode list search queries with UTF-8
2013-01-15 08:47:06 +01:00
sponsors
Set shorter cache on the sponsor page, so they rotate faster
2012-09-19 11:12:31 -05:00
survey
Enable CSRF protection by default
2012-11-05 14:10:39 +01:00
util
Fix creation of new objects with notifications that have ManyToMany relationships
2013-06-20 12:29:27 +02:00
__init__.py
.gitignore
load_initial_data.sh
Initial data must not live in initial_data.yaml, that will cause the data that's currently
2009-09-16 13:16:04 +02:00
manage.py
settings.py
Revert to SHA1 hashing for stored passwords
2013-06-20 11:40:13 +02:00
urls.py
Switch to using staticfiles app for serving, well, static files
2013-06-16 16:35:21 +02:00