paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b27ec9faecf6455b997e9f39a32071ea703b7c7
zulip/zerver/views
History
Mateusz Mandera 551b387164 CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath. 
A confirmation link takes a user to the check_prereg_key_and_redirect
endpoint, before getting redirected to POST to /accounts/register/. The
problem was that validation was happening in the check_prereg_key_and_redirect
part and not in /accounts/register/ - meaning that one could submit an
expired confirmation key and be able to register.

We fix this by moving validation into /accouts/register/.
2021-12-01 23:13:11 +00:00
..
development
docs: Fix capitalization mistakes.
2021-05-10 09:57:26 -07:00
__init__.py
alert_words.py
request: Rename validator parameter of REQ to json_validator.
2021-04-07 14:13:06 -07:00
archive.py
archive: Use access_web_public_stream helper.
2021-04-14 12:37:34 -07:00
attachments.py
python: Reformat with Black, except quotes.
2021-02-12 13:11:19 -08:00
auth.py
docs: Update links for other repository branch renames.
2021-09-07 13:56:41 -07:00
compatibility.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
custom_profile_fields.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
digest.py
python: Normalize quotes with Black.
2021-02-12 13:11:19 -08:00
documentation.py
python: Normalize quotes with Black.
2021-02-12 13:11:19 -08:00
drafts.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
email_mirror.py
python: Normalize quotes with Black.
2021-02-12 13:11:19 -08:00
events_register.py
mypy: Don’t use Iterable for values iterated multiple times.
2021-04-29 16:06:17 -07:00
home.py
version: Display Zulip version in About Zulip dialog.
2021-05-13 11:36:12 -07:00
hotspots.py
api: Fix encoding of strings in hotspot endpoint.
2021-05-07 11:45:25 -07:00
invite.py
invites: Allow user to be invited as a moderator.
2021-04-30 15:57:09 -07:00
message_edit.py
backend: Extract check_update_message from update_message_backend.
2021-05-09 20:44:04 -07:00
message_fetch.py
models: Replace __id syntax with _id where possible.
2021-04-22 14:53:00 -07:00
message_flags.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
message_send.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
muting.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
portico.py
python: Normalize quotes with Black.
2021-02-12 13:11:19 -08:00
presence.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
push_notifications.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
reactions.py
reactions: Extract check_add_reaction from add_reaction.
2021-04-28 09:11:08 -07:00
realm_domains.py
api: Fix encoding of strings in realm domain endpoint.
2021-05-07 14:06:54 -07:00
realm_emoji.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
realm_export.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
realm_icon.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
realm_linkifiers.py
linkifiers: Add an API to support the editing of linkifier.
2021-04-19 18:01:45 -07:00
realm_logo.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
realm_playgrounds.py
docs: Capitalize “Markdown” consistently.
2021-04-26 09:31:08 -07:00
realm.py
settings: Add new setting for controlling who can move msgs to stream.
2021-04-16 15:10:39 -07:00
registration.py
CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath.
2021-12-01 23:13:11 +00:00
report.py
docs: Fix capitalization mistakes.
2021-05-10 09:57:26 -07:00
storage.py
storage: Fix get_storage and remove_storage with empty keys list.
2021-04-13 08:53:03 -07:00
streams.py
api: Fix encoding of strings in streams endpoint.
2021-05-10 10:29:22 -07:00
submessage.py
widgets: Validate todo data on the backend.
2021-07-01 15:15:11 -07:00
thumbnail.py
requirements: Remove Thumbor.
2021-05-06 20:07:32 -07:00
tutorial.py
api: Fix encoding of strings in tutorial endpoint.
2021-05-07 14:06:54 -07:00
typing.py
typing: Support sending stream/topic typing status.
2021-04-27 20:52:21 -07:00
unsubscribe.py
send_email: Change clear_scheduled_emails to only take one user.
2021-10-18 17:06:11 -07:00
upload.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
user_groups.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
user_settings.py
api: Fix encoding of strings in display settings endpoint.
2021-05-10 10:03:32 -07:00
users.py
python: Convert deprecated Django ugettext alias to gettext.
2021-04-15 18:01:34 -07:00
video_calls.py
api: Fix encoding of strings in video calls endpoint.
2021-05-07 14:11:48 -07:00
zephyr.py
docs: Add missing space to compound verbs “log in”, “set up”, etc.
2021-04-26 09:31:08 -07:00