paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 13:33:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
09319a1be03a569fc9dacab66ac4c27ac143bc74
zulip/zerver
History
Anders Kaseorg b12a5be4a0 CVE-2022-36048: Rewrite only specific local links to relative. 
Due to mismatches between the URL parsers in Python and browsers, it
was possible to hoodwink rewrite_local_links_to_relative into
generating links that browsers would interpret as absolute.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-24 13:07:42 -07:00
..
actions
CVE-2022-31017: Fix edit event exposure in protected-history streams.
2022-06-21 18:23:30 +00:00
data_import
mattermost: Run html2text as a subprocess.
2022-07-07 13:31:32 -07:00
integration_fixtures/nagios
lib
CVE-2022-36048: Rewrite only specific local links to relative.
2022-08-24 13:07:42 -07:00
management
compilemessages: Use a consistent ordering for the languages list.
2022-06-23 23:25:51 +00:00
migrations
upload: Replace boto3.Session with boto3.session.Session.
2022-08-23 15:25:01 -07:00
openapi
markdown: Rename preprocessor_priorities module to priorities.
2022-07-07 13:31:32 -07:00
tests
CVE-2022-36048: Rewrite only specific local links to relative.
2022-08-24 13:07:42 -07:00
tornado
tornado: Send request_started signal in Django thread.
2022-07-07 13:31:32 -07:00
views
CVE-2022-31168: Fix authorization check for changing bot roles.
2022-07-21 20:09:02 -04:00
webhooks
integrations: Satisfy Python-Markdown’s archaic 4-space requirement.
2022-07-07 13:31:32 -07:00
worker
preview: Use cache only as a non-durable cache, not an IPC.
2022-05-03 16:12:04 -07:00
__init__.py
apps.py
caching: Make sender type optional for flush_cache.
2021-07-26 14:48:07 -07:00
context_processors.py
home: Simplify and comment terms of service notice implementation.
2022-02-04 15:48:38 -08:00
decorator.py
decorator: Check Tornado secret with constant-time comparison.
2022-08-22 22:23:24 -07:00
filters.py
typing: Fix function signatures.
2021-08-20 05:54:19 -07:00
forms.py
actions: Move part into zerver.forms.
2022-04-15 10:08:19 -07:00
logging_handlers.py
python: Replace universal_newlines with text.
2022-01-23 22:16:01 -08:00
middleware.py
docs: Fix many spelling mistakes.
2022-02-07 18:51:06 -08:00
models.py
get_old_unclaimed_attachments: Add docstring explaining the logic.
2022-06-20 11:13:24 -07:00
signals.py
actions: Split out zerver.actions.video_calls.
2022-04-15 10:08:19 -07:00