zulip/zproject at 218eca14b889f76ecf8063af06fb0e217c2128eb - zulip - DHI Technical Services LLC - Private GIT

paulmataruso/zulip

mirror of https://github.com/zulip/zulip.git synced 2025-10-23 04:52:12 +00:00

Files

History

Mateusz Mandera 551b387164 CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath.

A confirmation link takes a user to the check_prereg_key_and_redirect
endpoint, before getting redirected to POST to /accounts/register/. The
problem was that validation was happening in the check_prereg_key_and_redirect
part and not in /accounts/register/ - meaning that one could submit an
expired confirmation key and be able to register.

We fix this by moving validation into /accouts/register/.

2021-12-01 23:13:11 +00:00

..

i18n: Pass language name with every response.

2021-04-24 13:00:27 -07:00

__init__.py

…

backends.py

saml: Don't raise AssertionError if no name is provided in SAMLResponse.

2021-10-26 16:48:23 -07:00

computed_settings.py

management: Rename the deliver_email command to deliver_scheduled_email.

2021-05-11 13:07:29 -07:00

config.py

python: Normalize quotes with Black.

2021-02-12 13:11:19 -08:00

configured_settings.py

python: Sort imports with isort.

2020-06-11 16:45:32 -07:00

default_settings.py

navbar: Add gear menu advertisement for sponsoring zulip.

2021-05-12 10:21:48 -07:00

dev_settings.py

requirements: Remove Thumbor.

2021-05-06 20:07:32 -07:00

dev_urls.py

docs: Fix capitalization mistakes.

2021-05-10 09:57:26 -07:00

email_backends.py

emails: Fix outgoing email handling inside the dev environment.

2021-04-28 18:00:37 -07:00

legacy_urls.py

python: Normalize quotes with Black.

2021-02-12 13:11:19 -08:00

prod_settings_template.py

saml: Add setting to skip the "continue to registration" page.

2021-07-08 15:21:40 -07:00

sentry.py

python: Normalize quotes with Black.

2021-02-12 13:11:19 -08:00

settings.py

python: Add noqa comments for the specific star imports we allow.

2020-06-11 15:36:43 -07:00

terms.md.template

docs: Capitalize Markdown consistently.

2020-08-11 10:23:06 -07:00

test_extra_settings.py

requirements: Remove Thumbor.

2021-05-06 20:07:32 -07:00

test_settings.py

test_settings: Use TEST_EXTERNAL_HOST to override ‘testserver’ default.

2020-12-17 13:07:59 -08:00

urls.py

CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath.

2021-12-01 23:13:11 +00:00

wsgi.py

python: Normalize quotes with Black.

2021-02-12 13:11:19 -08:00