paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
897476d4fb21c672da091bcee1d3b61ed5ec40b0
zulip/zerver/views
History
Anders Kaseorg c9f6830ba6 CVE-2022-31168: Fix authorization check for changing bot roles. 
Due to an incorrect authorization check in Zulip Server 5.4 and
earlier, a member of an organization could craft an API call that
grants organization administrator privileges to one of their bots.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-21 20:09:02 -04:00
..
development
actions: Split out zerver.actions.realm_settings.
2022-04-15 10:08:19 -07:00
__init__.py
alert_words.py
actions: Split out zerver.actions.alert_words.
2022-04-15 10:08:19 -07:00
attachments.py
actions: Split out zerver.actions.uploads.
2022-04-15 10:08:19 -07:00
auth.py
create_preregistration_user: Add additional hardening assertion.
2022-02-25 14:02:24 -08:00
compatibility.py
backend: Add request as parameter to json_success.
2022-02-04 15:16:56 -08:00
custom_profile_fields.py
actions: Split out zerver.actions.custom_profile_fields.
2022-04-15 10:08:19 -07:00
digest.py
mypy: Fix most AnonymousUser type errors.
2021-07-24 14:55:46 -07:00
documentation.py
docs: Fix many spelling mistakes.
2022-02-07 18:51:06 -08:00
drafts.py
backend: Add request as parameter to json_success.
2022-02-04 15:16:56 -08:00
email_mirror.py
backend: Add request as parameter to json_success.
2022-02-04 15:16:56 -08:00
events_register.py
validator: Replace converter=int with json_validator=check_int.
2022-03-15 13:02:02 -07:00
home.py
actions: Split out zerver.actions.user_settings.
2022-04-15 10:08:19 -07:00
hotspots.py
actions: Split out zerver.actions.hotspots.
2022-04-15 10:08:19 -07:00
invite.py
actions: Split out zerver.actions.invites.
2022-04-15 10:08:19 -07:00
message_edit.py
actions: Split out zerver.actions.message_edit.
2022-04-15 10:08:19 -07:00
message_fetch.py
actions: Split out zerver.lib.recipient_users.
2022-04-15 10:08:19 -07:00
message_flags.py
actions: Split out zerver.actions.message_flags.
2022-04-15 10:08:19 -07:00
message_send.py
actions: Split out zerver.actions.message_send.
2022-04-15 10:08:19 -07:00
muting.py
actions: Split out zerver.actions.muted_users.
2022-04-15 10:08:19 -07:00
portico.py
portico: Add a self-hosting page.
2022-02-17 12:43:13 -08:00
presence.py
actions: Split out zerver.actions.presence.
2022-04-15 10:08:19 -07:00
push_notifications.py
backend: Add request as parameter to json_success.
2022-02-04 15:16:56 -08:00
reactions.py
actions: Split out zerver.actions.reactions.
2022-04-15 10:08:19 -07:00
realm_domains.py
actions: Split out zerver.actions.realm_domains.
2022-04-15 10:08:19 -07:00
realm_emoji.py
actions: Split out zerver.actions.realm_emoji.
2022-04-15 10:08:19 -07:00
realm_export.py
actions: Split out zerver.actions.realm_export.
2022-04-15 10:08:19 -07:00
realm_icon.py
actions: Split out zerver.actions.realm_icon.
2022-04-15 10:08:19 -07:00
realm_linkifiers.py
actions: Split out zerver.actions.realm_linkifiers.
2022-04-15 10:08:19 -07:00
realm_logo.py
actions: Split out zerver.actions.realm_logo.
2022-04-15 10:08:19 -07:00
realm_playgrounds.py
actions: Split out zerver.actions.realm_playgrounds.
2022-04-15 10:08:19 -07:00
realm.py
actions: Split out zerver.actions.create_realm.
2022-04-15 10:08:19 -07:00
registration.py
actions: Split out zerver.actions.create_realm.
2022-04-15 10:08:19 -07:00
report.py
report: Strengthen report_csp_violations type using WildValue.
2022-03-15 13:02:02 -07:00
storage.py
backend: Add request as parameter to json_success.
2022-02-04 15:16:56 -08:00
streams.py
actions: Split out zerver.actions.message_edit.
2022-04-15 10:08:19 -07:00
submessage.py
actions: Split out zerver.actions.submessage.
2022-04-15 10:08:19 -07:00
thumbnail.py
upload: Allow rate limited access to spectators for uploaded files.
2022-03-24 10:50:00 -07:00
tutorial.py
backend: Add request as parameter to json_success.
2022-02-04 15:16:56 -08:00
typing.py
actions: Split out zerver.actions.typing.
2022-04-15 10:08:19 -07:00
unsubscribe.py
actions: Split out zerver.actions.user_settings.
2022-04-15 10:08:19 -07:00
upload.py
upload: Allow rate limited access to spectators for uploaded files.
2022-03-24 10:50:00 -07:00
user_groups.py
actions: Split out zerver.actions.user_groups.
2022-04-15 10:08:19 -07:00
user_settings.py
actions: Split out zerver.actions.user_settings.
2022-04-15 10:08:19 -07:00
users.py
CVE-2022-31168: Fix authorization check for changing bot roles.
2022-07-21 20:09:02 -04:00
video_calls.py
actions: Split out zerver.actions.video_calls.
2022-04-15 10:08:19 -07:00
zephyr.py
backend: Add request as parameter to json_success.
2022-02-04 15:16:56 -08:00