Verified Commit 57eeb7c1 authored by David Haynes's avatar David Haynes 🙆

2.2 Release

- Add in 2.2 CHANGELOG
- Fix last minute bug with the CSRF check
- Missed a spot in the footer
parent 2d68b9d7
Pipeline #1330 passed with stages
in 3 minutes and 6 seconds
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file. This
This project adheres to [Semantic Versioning](http://semver.org/). project adheres (to the best of our ability) to [Semantic Versioning](http://semver.org/).
## [2.2.0] - 2017-26-04
### Added
- LibreJS Compatible
- Current version of Go displayed in footer
- Warning model when interacting with /useradmin
- Can block users
- Blocked users may log in but cannot interact with the site
- Blocked users may be managed from /useradmin
- " " may be unblocked
- "New Link" button added to my_links view
- Python 3.4-3.6 support
- Django 1.11 upgrade
- Unit tests for all major Django components
- models
- views
- URLs
- forms
- random python files (cas_callbacks)
- Search bar in /useradmin
- Windows instructions in README
- Flake8 run on CI time
- Help text on the signup form
- Twitter card metadata
- Facebook/Opengraph metadata
### Changed
- Design consistency across error pages
- Project requirements follow two scoops style
- Go links cannot be rendered to itself
- Settings files inherit from one another
- Enviornment variables used instead of .template
- secret.py dropped
- local settings and prod settings
- Cache static pages
- Rate limit POST requests
- Homepage now defaults to my_links
- Imports are now explicit
- IE Compatible
- CSRF Protection for /delete
### Fixed
- Error pages are rendered correctly now
- HTTPS Go links displayed everywhere
- All content is served with HTTPS
- Dependecies are checked at CI time for updates
- Standardization of fonts
### Removed
- .template files
- secret.py
- LDAP support
## [2.1.1] - 2017-01-07 ## [2.1.1] - 2017-01-07
### Added ### Added
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
<a href="http://srct.gmu.edu/">GMU<strong> SRCT</strong></a>. | <a href="http://srct.gmu.edu/">GMU<strong> SRCT</strong></a>. |
Read and contribute to our <a href="https://git.gmu.edu/srct/go/">source code</a>. | Read and contribute to our <a href="https://git.gmu.edu/srct/go/">source code</a>. |
Freely-licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache 2.0</a>. | Freely-licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache 2.0</a>. |
Go Version 2.1.1 Go Version 2.2.0
</span> </span>
</div> </div>
......
...@@ -314,6 +314,7 @@ def edit(request, short): ...@@ -314,6 +314,7 @@ def edit(request, short):
# do not allow them to edit # do not allow them to edit
raise PermissionDenied() raise PermissionDenied()
@login_required @login_required
def delete(request, short): def delete(request, short):
""" """
...@@ -329,15 +330,29 @@ def delete(request, short): ...@@ -329,15 +330,29 @@ def delete(request, short):
url = get_object_or_404(URL, short__iexact=short) url = get_object_or_404(URL, short__iexact=short)
# If the RegisteredUser is the owner of the URL # If the RegisteredUser is the owner of the URL
if url.owner == request.user.registereduser and request.META['HTTP_REFERER'] == request.META['HTTP_HOST']: if url.owner == request.user.registereduser:
# remove the URL # There are some instances where this request header does not exist, in
url.delete() # this case we fallback to the insecure method
# redirect to my_links if request.META.get('HTTP_REFERER') is not None:
return redirect('my_links') # Make sure that the requestee is from the same domain (go.gmu.edu)
if request.META.get('HTTP_REFERER') == request.META.get('HTTP_HOST'):
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else:
raise PermissionDenied()
# Fallback and delete
else:
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else: else:
# do not allow them to delete # do not allow them to delete
raise PermissionDenied() raise PermissionDenied()
@login_required @login_required
def signup(request): def signup(request):
""" """
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment