[ckan-changes] [ckan/ckan] f50a3b: [#1532] Fix bug where url_for_static added leading...
GitHub
noreply at github.com
Thu Apr 10 16:16:06 UTC 2014
Branch: refs/heads/master
Home: https://github.com/ckan/ckan
Commit: f50a3b2ee5690fa49db8c38d4159c416dd3989c0
https://github.com/ckan/ckan/commit/f50a3b2ee5690fa49db8c38d4159c416dd3989c0
Author: Vitor Baptista <vitor at vitorbaptista.com>
Date: 2014-02-27 (Thu, 27 Feb 2014)
Changed paths:
M ckan/lib/helpers.py
A ckan/new_tests/lib/test_helpers.py
Log Message:
-----------
[#1532] Fix bug where url_for_static added leading slash in absolute urls
Commit: 9b9dbb8149f6b469278f32dcbfec9da0aef348e6
https://github.com/ckan/ckan/commit/9b9dbb8149f6b469278f32dcbfec9da0aef348e6
Author: Vitor Baptista <vitor at vitorbaptista.com>
Date: 2014-04-02 (Wed, 02 Apr 2014)
Changed paths:
M ckan/lib/helpers.py
M ckan/new_tests/lib/test_helpers.py
Log Message:
-----------
[#1532] url_for_static shouldn't work with external URLs. Revert f50a3b.
url_for_static shouldn't allow urls that aren't served in CKAN's static folder,
as this might lead to CSRF vulnerabilities if used with non-escaped user input.
Commit: 4d18dde8aacc4f7ef80c880811f583c0d1a36e1a
https://github.com/ckan/ckan/commit/4d18dde8aacc4f7ef80c880811f583c0d1a36e1a
Author: Vitor Baptista <vitor at vitorbaptista.com>
Date: 2014-04-02 (Wed, 02 Apr 2014)
Changed paths:
M ckan/config/environment.py
M ckan/lib/extract.py
M ckan/lib/helpers.py
M ckan/lib/jinja_extensions.py
M ckan/new_tests/lib/test_helpers.py
M ckan/templates/header.html
M ckan/templates_legacy/layout_base.html
M ckan/templates_legacy/snippets/data-viewer-embed-branded-link.html
M doc/contributing/frontend/templating.rst
Log Message:
-----------
[#1532] url_for_static doesn't accept external URLs and create url_for_static_or_external
The intent of the developer when using url_for_static() is to get the URL for
something that's served in the static folder inside CKAN. It should fail if
called with an external URL. This avoids a possible CSRF vulnerability, if we
allow user-provided input into url_for_static().
For the case when we want to either accept a static object's URL or an external
URL, for example when setting up the g.site_logo, I wrote the
url_for_static_or_external method. This makes it clearer what the user accepts.
Commit: 6ffa8d6d3d8e05ef327f9ff497168c6518d46228
https://github.com/ckan/ckan/commit/6ffa8d6d3d8e05ef327f9ff497168c6518d46228
Author: Vitor Baptista <vitor at vitorbaptista.com>
Date: 2014-04-02 (Wed, 02 Apr 2014)
Changed paths:
M ckan/new_tests/lib/test_helpers.py
Log Message:
-----------
[#1532] Fix PEP8 issues
Commit: 8614fb321702826d6e45d0015379f4f6897752b8
https://github.com/ckan/ckan/commit/8614fb321702826d6e45d0015379f4f6897752b8
Author: Vitor Baptista <vitor at vitorbaptista.com>
Date: 2014-04-02 (Wed, 02 Apr 2014)
Changed paths:
M MANIFEST.in
A __init__.py b/ckanext/example_theme/v20_pubsub/__init__.py
M ckan/config/deployment.ini_tmpl
A ckan/config/resource_formats.json
M ckan/controllers/package.py
M ckan/controllers/revision.py
M ckan/controllers/user.py
M ckan/controllers/util.py
M ckan/lib/cli.py
M ckan/lib/create_test_data.py
M ckan/lib/dictization/model_dictize.py
M ckan/lib/dictization/model_save.py
M ckan/lib/helpers.py
M ckan/lib/munge.py
M ckan/lib/plugins.py
M ckan/logic/__init__.py
M ckan/logic/action/create.py
M ckan/logic/action/get.py
M ckan/logic/action/update.py
M ckan/logic/schema.py
M ckan/logic/validators.py
M ckan/model/resource.py
M ckan/model/user.py
A ckan/new_tests/controllers/test_util.py
M ckan/new_tests/factories.py
M ckan/new_tests/logic/action/test_get.py
M ckan/new_tests/logic/test_validators.py
M ckan/plugins/interfaces.py
M ckan/plugins/toolkit.py
M ckan/templates/activity_streams/activity_stream_items.html
M ckan/templates/admin/index.html
M ckan/templates/group/snippets/group_item.html
M ckan/templates/group/snippets/group_list.html
M ckan/templates/group/snippets/info.html
M ckan/templates/header.html
M ckan/templates/home/snippets/search.html
M ckan/templates/macros/form.html
M ckan/templates/organization/snippets/organization_item.html
M ckan/templates/organization/snippets/organization_list.html
M ckan/templates/package/resource_read.html
M ckan/templates/package/search.html
M ckan/templates/package/snippets/info.html
M ckan/templates/package/snippets/package_form.html
M ckan/templates/package/snippets/package_metadata_form.html
M ckan/templates/package/snippets/resource_form.html
M ckan/templates/package/snippets/resource_item.html
M ckan/templates/package/snippets/resources.html
M ckan/templates/package/snippets/resources_list.html
M ckan/templates/page.html
M ckan/templates/snippets/facet_list.html
M ckan/templates/snippets/follow_button.html
M ckan/templates/snippets/group_item.html
M ckan/templates/snippets/license.html
M ckan/templates/snippets/organization.html
M ckan/templates/snippets/package_item.html
M ckan/templates/snippets/package_list.html
M ckan/templates/snippets/search_form.html
M ckan/templates/snippets/social.html
M ckan/templates/snippets/tag_list.html
M ckan/templates/user/login.html
M ckan/templates/user/new.html
M ckan/templates/user/new_user_form.html
M ckan/templates/user/perform_reset.html
M ckan/templates/user/read_base.html
M ckan/templates/user/request_reset.html
M ckan/templates/user/snippets/login_form.html
M ckan/tests/functional/api/base.py
M ckan/tests/functional/api/model/test_package.py
M ckan/tests/functional/test_user.py
M ckan/tests/lib/test_resource_search.py
M ckan/tests/logic/test_action.py
M ckanext/datastore/plugin.py
A ckanext/example_theme/v16_initialize_a_javascript_module/__init__.py
A ckanext/example_theme/v16_initialize_a_javascript_module/fanstatic/example_theme_popover.js
R ckanext/example_theme/v16_initialize_a_javascript_module/fanstatic/favorite.js
R ckanext/example_theme/v16_initialize_a_javascript_module/public
R ckanext/example_theme/v16_initialize_a_javascript_module/templates/home/index.html
M ckanext/example_theme/v16_initialize_a_javascript_module/templates/snippets/package_item.html
A ckanext/example_theme/v17_popover/__init__.py
A ckanext/example_theme/v17_popover/fanstatic/example_theme_popover.js
A ckanext/example_theme/v17_popover/plugin.py
A ckanext/example_theme/v17_popover/templates/snippets/package_item.html
A ckanext/example_theme/v18_snippet_api/__init__.py
A ckanext/example_theme/v18_snippet_api/fanstatic/example_theme_popover.css
A ckanext/example_theme/v18_snippet_api/fanstatic/example_theme_popover.js
A ckanext/example_theme/v18_snippet_api/plugin.py
A ckanext/example_theme/v18_snippet_api/templates/ajax_snippets/example_theme_popover.html
A ckanext/example_theme/v18_snippet_api/templates/snippets/package_item.html
A ckanext/example_theme/v19_01_error/__init__.py
A ckanext/example_theme/v19_01_error/fanstatic/example_theme_popover.css
A ckanext/example_theme/v19_01_error/fanstatic/example_theme_popover.js
A ckanext/example_theme/v19_01_error/plugin.py
A ckanext/example_theme/v19_01_error/templates
A ckanext/example_theme/v19_02_error_handling/__init__.py
A ckanext/example_theme/v19_02_error_handling/fanstatic/example_theme_popover.css
A ckanext/example_theme/v19_02_error_handling/fanstatic/example_theme_popover.js
A ckanext/example_theme/v19_02_error_handling/plugin.py
A ckanext/example_theme/v19_02_error_handling/templates
A ckanext/example_theme/v20_pubsub/fanstatic/example_theme_popover.css
A ckanext/example_theme/v20_pubsub/fanstatic/example_theme_popover.js
A ckanext/example_theme/v20_pubsub/plugin.py
A ckanext/example_theme/v20_pubsub/templates
A ckanext/example_theme/v21_custom_jquery_plugin/__init__.py
A ckanext/example_theme/v21_custom_jquery_plugin/fanstatic/example_theme_popover.css
A ckanext/example_theme/v21_custom_jquery_plugin/fanstatic/example_theme_popover.js
A ckanext/example_theme/v21_custom_jquery_plugin/fanstatic/jquery.greenify.js
A ckanext/example_theme/v21_custom_jquery_plugin/plugin.py
A ckanext/example_theme/v21_custom_jquery_plugin/templates/ajax_snippets
A ckanext/example_theme/v21_custom_jquery_plugin/templates/snippets/package_item.html
M doc/conf.py
A doc/images/example_theme_javascript_popover.png
A doc/images/example_theme_overlapping_popovers.png
M doc/images/manage_users.jpg
M doc/maintaining/configuration.rst
M doc/maintaining/filestore.rst
M doc/maintaining/paster.rst
M doc/sysadmin-guide.rst
M doc/theming/best-practices.rst
M doc/theming/index.rst
A doc/theming/javascript-api-client.rst
A doc/theming/javascript-module-objects-and-methods.rst
A doc/theming/javascript-sandbox.rst
M doc/theming/javascript.rst
A doc/theming/jquery-plugins.rst
M setup.py
Log Message:
-----------
Merge branch 'master' into 1532-bug-where-url-for-static-adds-leading-slash-for-absolute-urls
Conflicts:
ckan/templates/header.html
Commit: a153f1d8ee0e3f10907b8edc368cf6636232d312
https://github.com/ckan/ckan/commit/a153f1d8ee0e3f10907b8edc368cf6636232d312
Author: Vitor Baptista <vitor at vitorbaptista.com>
Date: 2014-04-08 (Tue, 08 Apr 2014)
Changed paths:
M ckan/config/environment.py
M ckan/lib/extract.py
M ckan/lib/jinja_extensions.py
M ckan/templates/header.html
M doc/contributing/frontend/templating.rst
Log Message:
-----------
[#1532] Use only {{ }}, not {% %}
We don't need multiple ways of calling the same method.
Commit: e396a516e1e1231f67763b29f535cddd49ba7717
https://github.com/ckan/ckan/commit/e396a516e1e1231f67763b29f535cddd49ba7717
Author: Ian Ward <ian at excess.org>
Date: 2014-04-10 (Thu, 10 Apr 2014)
Changed paths:
M ckan/lib/helpers.py
A ckan/new_tests/lib/test_helpers.py
M ckan/templates/header.html
M ckan/templates_legacy/layout_base.html
M ckan/templates_legacy/snippets/data-viewer-embed-branded-link.html
Log Message:
-----------
Merge branch '1532-bug-where-url-for-static-adds-leading-slash-for-absolute-urls'
Compare: https://github.com/ckan/ckan/compare/fa44f6b460c6...e396a516e1e1
More information about the ckan-changes
mailing list