Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
SRCT
go
Commits
77256145
Commit
77256145
authored
Aug 22, 2017
by
David Haynes
🙆
Browse files
Merge branch '2.2.2' into 'master'
2.2.2 See merge request
!102
parents
ff82252b
e4ed4f62
Pipeline
#1525
passed with stages
in 2 minutes and 29 seconds
Changes
6
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
CHANGELOG
View file @
77256145
...
...
@@ -2,6 +2,12 @@
All notable changes to this project will be documented in this file. This
project adheres (to the best of our ability) to [Semantic Versioning](http://semver.org/).
## [2.2.2] - 2017-21-08
### Removed
- Removed CSRF check on delete function
## [2.2.1] - 2017-13-05
### Fixed
...
...
go/go/forms.py
View file @
77256145
"""
go/forms.py
"""
# Future Imports
from
__future__
import
(
absolute_import
,
division
,
print_function
,
unicode_literals
)
# Python stdlib Imports
from
datetime
import
datetime
,
timedelta
from
six.moves
import
urllib
# Django Imports
from
django.core.exceptions
import
ValidationError
...
...
@@ -26,7 +24,7 @@ from bootstrap3_datetime.widgets import DateTimePicker
from
crispy_forms.bootstrap
import
(
Accordion
,
AccordionGroup
,
PrependedText
,
StrictButton
)
from
crispy_forms.helper
import
FormHelper
from
crispy_forms.layout
import
HTML
,
Div
,
Field
,
Fieldset
,
Layout
,
Submit
from
crispy_forms.layout
import
HTML
,
Div
,
Field
,
Fieldset
,
Layout
class
URLForm
(
ModelForm
):
...
...
@@ -40,22 +38,9 @@ class URLForm(ModelForm):
"""
Prevent redirect loop links
"""
# get the entered target link
target
=
self
.
cleaned_data
.
get
(
'target'
)
try
:
final_url
=
urllib
.
request
.
urlopen
(
target
).
geturl
()
# if visiting the provided url results in an HTTP error, or redirects
# to a page that results in an HTTP error
except
urllib
.
error
.
URLError
as
e
:
# to permit users to enter sites that return most errors, but
# prevent them from entering sites that result in an HTTP 300 error
if
any
(
int
(
str
(
e
)[
11
:
14
])
==
errorNum
for
errorNum
in
range
(
300
,
308
)):
raise
ValidationError
(
"Link results in a 300 error"
)
else
:
final_url
=
""
# Commented out as this check cannont properly be tested since we cannot
# dynamically generate request.META.get('HTTP_HOST')
...
...
go/go/templates/layouts/footer.html
View file @
77256145
...
...
@@ -6,7 +6,7 @@
<a
href=
"http://srct.gmu.edu/"
>
GMU
<strong>
SRCT
</strong></a>
. |
Read and contribute to our
<a
href=
"https://git.gmu.edu/srct/go/"
>
source code
</a>
. |
Freely-licensed under
<a
href=
"http://www.apache.org/licenses/LICENSE-2.0"
>
Apache 2.0
</a>
. |
Go Version 2.2.
1
Go Version 2.2.
2
</span>
</div>
...
...
@@ -21,7 +21,7 @@
Freely-licensed under
<a
href=
"http://www.apache.org/licenses/LICENSE-2.0"
>
Apache 2.0
</a>
.
</div>
<div
class=
"col-sm-4 text-muted"
>
Go Version 2.2.
1
Go Version 2.2.
2
</div>
</div>
</footer>
go/go/views.py
View file @
77256145
...
...
@@ -321,7 +321,6 @@ def delete(request, short):
This view deletes a URL if you have the permission to. User must be
logged in and registered, and must also be the owner of the URL.
"""
# Do not allow unapproved users to delete links
if
not
request
.
user
.
registereduser
.
approved
:
return
render
(
request
,
'not_registered.html'
)
...
...
@@ -331,28 +330,14 @@ def delete(request, short):
# If the RegisteredUser is the owner of the URL
if
url
.
owner
==
request
.
user
.
registereduser
:
# There are some instances where this request header does not exist, in
# this case we fallback to the insecure method
if
request
.
META
.
get
(
'HTTP_REFERER'
)
is
not
None
:
# Make sure that the requestee is from the same domain (go.gmu.edu)
if
request
.
META
.
get
(
'HTTP_REFERER'
)
==
request
.
META
.
get
(
'HTTP_HOST'
):
# remove the URL
url
.
delete
()
# redirect to my_links
return
redirect
(
'my_links'
)
else
:
raise
PermissionDenied
()
# Fallback and delete
else
:
# remove the URL
url
.
delete
()
# redirect to my_links
return
redirect
(
'my_links'
)
# remove the URL
url
.
delete
()
# redirect to my_links
return
redirect
(
'my_links'
)
else
:
# do not allow them to delete
raise
PermissionDenied
()
@
login_required
def
signup
(
request
):
"""
...
...
requirements/base.txt
View file @
77256145
...
...
@@ -7,8 +7,8 @@ git+https://github.com/kstateome/django-cas.git
git+https://github.com/dhaynespls/django-bootstrap3-datetimepicker.git
hashids==1.2.0
mysqlclient
redis==2.10.
5
requests==2.1
4.2
simplejson==3.1
0.0
redis==2.10.
6
requests==2.1
8.4
simplejson==3.1
1.1
six
setuptools==35.0.2
\ No newline at end of file
setuptools==36.2.7
\ No newline at end of file
requirements/ci.txt
View file @
77256145
-r base.txt
flake8==3.
3.0
flake8==3.
4.1
pep8==1.7.0
pyflakes==1.
5
.0
pyflakes==1.
6
.0
coverage
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment