Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
SRCT
go
Commits
57eeb7c1
Verified
Commit
57eeb7c1
authored
Apr 26, 2017
by
David Haynes
🙆
Browse files
2.2 Release
- Add in 2.2 CHANGELOG - Fix last minute bug with the CSRF check - Missed a spot in the footer
parent
2d68b9d7
Pipeline
#1330
passed with stages
in 3 minutes and 6 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
CHANGELOG
View file @
57eeb7c1
# Change Log
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
All notable changes to this project will be documented in this file. This
project adheres (to the best of our ability) to [Semantic Versioning](http://semver.org/).
## [2.2.0] - 2017-26-04
### Added
- LibreJS Compatible
- Current version of Go displayed in footer
- Warning model when interacting with /useradmin
- Can block users
- Blocked users may log in but cannot interact with the site
- Blocked users may be managed from /useradmin
- " " may be unblocked
- "New Link" button added to my_links view
- Python 3.4-3.6 support
- Django 1.11 upgrade
- Unit tests for all major Django components
- models
- views
- URLs
- forms
- random python files (cas_callbacks)
- Search bar in /useradmin
- Windows instructions in README
- Flake8 run on CI time
- Help text on the signup form
- Twitter card metadata
- Facebook/Opengraph metadata
### Changed
- Design consistency across error pages
- Project requirements follow two scoops style
- Go links cannot be rendered to itself
- Settings files inherit from one another
- Enviornment variables used instead of .template
- secret.py dropped
- local settings and prod settings
- Cache static pages
- Rate limit POST requests
- Homepage now defaults to my_links
- Imports are now explicit
- IE Compatible
- CSRF Protection for /delete
### Fixed
- Error pages are rendered correctly now
- HTTPS Go links displayed everywhere
- All content is served with HTTPS
- Dependecies are checked at CI time for updates
- Standardization of fonts
### Removed
- .template files
- secret.py
- LDAP support
## [2.1.1] - 2017-01-07
### Added
...
...
go/go/templates/layouts/footer.html
View file @
57eeb7c1
...
...
@@ -6,7 +6,7 @@
<a
href=
"http://srct.gmu.edu/"
>
GMU
<strong>
SRCT
</strong></a>
. |
Read and contribute to our
<a
href=
"https://git.gmu.edu/srct/go/"
>
source code
</a>
. |
Freely-licensed under
<a
href=
"http://www.apache.org/licenses/LICENSE-2.0"
>
Apache 2.0
</a>
. |
Go Version 2.
1.1
Go Version 2.
2.0
</span>
</div>
...
...
go/go/views.py
View file @
57eeb7c1
...
...
@@ -314,6 +314,7 @@ def edit(request, short):
# do not allow them to edit
raise
PermissionDenied
()
@
login_required
def
delete
(
request
,
short
):
"""
...
...
@@ -329,15 +330,29 @@ def delete(request, short):
url
=
get_object_or_404
(
URL
,
short__iexact
=
short
)
# If the RegisteredUser is the owner of the URL
if
url
.
owner
==
request
.
user
.
registereduser
and
request
.
META
[
'HTTP_REFERER'
]
==
request
.
META
[
'HTTP_HOST'
]:
# remove the URL
url
.
delete
()
# redirect to my_links
return
redirect
(
'my_links'
)
if
url
.
owner
==
request
.
user
.
registereduser
:
# There are some instances where this request header does not exist, in
# this case we fallback to the insecure method
if
request
.
META
.
get
(
'HTTP_REFERER'
)
is
not
None
:
# Make sure that the requestee is from the same domain (go.gmu.edu)
if
request
.
META
.
get
(
'HTTP_REFERER'
)
==
request
.
META
.
get
(
'HTTP_HOST'
):
# remove the URL
url
.
delete
()
# redirect to my_links
return
redirect
(
'my_links'
)
else
:
raise
PermissionDenied
()
# Fallback and delete
else
:
# remove the URL
url
.
delete
()
# redirect to my_links
return
redirect
(
'my_links'
)
else
:
# do not allow them to delete
raise
PermissionDenied
()
@
login_required
def
signup
(
request
):
"""
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment