Commit message
Age
Author
Refs
r2181:0bf8e4db
pull-requests: security, prevent from injecting comments to other pull requests users
don't have access to.
Thu, 19 Oct 2017 06:56:32
r2180:d1b66400
repo-settings: ensure deletion on repo settings model validate
the settings id against the initialized model repo.
- prevents from malicious deletions of settings by forgin IDs
Wed, 18 Oct 2017 10:16:40
r2179:a3d55bf9
select2: always escape .text attributes to prevent XSS via
vcs references.
Wed, 18 Oct 2017 09:21:18
r2178:34dda1ab
templates: rename base.mako into summary_base.mako. The previous naming
wasn't optimal for search and code discovery.
Wed, 18 Oct 2017 07:59:28
r2177:4abf28f1
pull-requests: security double check permissions on injected forms of source and target repositories.
Tue, 17 Oct 2017 18:32:59
r2176:d21fb0df
db: prevent empty IN queries that generally are performance problem, and triggers sql warnings.
Tue, 17 Oct 2017 18:32:23
r2175:ea878558
repo-groups: moved to pyramid
Tue, 17 Oct 2017 12:06:51
r2174:b234a120
tests: change name of test module of auth-modules to prevent
pytest complaining about it.
Tue, 17 Oct 2017 13:01:00
r2173:d100eea4
repo-forks: security, check for access to fork_id parameter to prevent
resource discovery.
Sun, 15 Oct 2017 17:40:57
r2172:f94ee74b
repo-forks: security, fix issue when forging fork_repo_id could allow reading
other people forks.
Sun, 15 Oct 2017 16:54:52