paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-22 20:42:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4.x
zulip/confirmation
History
Mateusz Mandera 551b387164 CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath. 
A confirmation link takes a user to the check_prereg_key_and_redirect
endpoint, before getting redirected to POST to /accounts/register/. The
problem was that validation was happening in the check_prereg_key_and_redirect
part and not in /accounts/register/ - meaning that one could submit an
expired confirmation key and be able to register.

We fix this by moving validation into /accouts/register/.
2021-12-01 23:13:11 +00:00
..
management
Django 1.10: Remove cleanupconfirmation management command.
2016-11-26 15:04:20 -08:00
migrations
python: Normalize quotes with Black.
2021-02-12 13:11:19 -08:00
__init__.py
python: Normalize quotes with Black.
2021-02-12 13:11:19 -08:00
CHANGELOG.txt
LICENSE.txt
models.py
CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath.
2021-12-01 23:13:11 +00:00
README.txt
settings.py
python: Normalize quotes with Black.
2021-02-12 13:11:19 -08:00

README.txt 

===================
Django Confirmation
===================

This is a generic object confirmation system for Django applications.

For installation instructions, see the file "INSTALL.txt" in this
directory; for instructions on how to use this application, and on
what it provides, see the file "overview.txt" in the "docs/"
directory.