Verified Commit 57eeb7c1 authored by David Haynes's avatar David Haynes 🙆

2.2 Release

- Add in 2.2 CHANGELOG
- Fix last minute bug with the CSRF check
- Missed a spot in the footer
parent 2d68b9d7
Pipeline #1330 passed with stages
in 3 minutes and 6 seconds
# Change Log
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
All notable changes to this project will be documented in this file. This
project adheres (to the best of our ability) to [Semantic Versioning](http://semver.org/).
## [2.2.0] - 2017-26-04
### Added
- LibreJS Compatible
- Current version of Go displayed in footer
- Warning model when interacting with /useradmin
- Can block users
- Blocked users may log in but cannot interact with the site
- Blocked users may be managed from /useradmin
- " " may be unblocked
- "New Link" button added to my_links view
- Python 3.4-3.6 support
- Django 1.11 upgrade
- Unit tests for all major Django components
- models
- views
- URLs
- forms
- random python files (cas_callbacks)
- Search bar in /useradmin
- Windows instructions in README
- Flake8 run on CI time
- Help text on the signup form
- Twitter card metadata
- Facebook/Opengraph metadata
### Changed
- Design consistency across error pages
- Project requirements follow two scoops style
- Go links cannot be rendered to itself
- Settings files inherit from one another
- Enviornment variables used instead of .template
- secret.py dropped
- local settings and prod settings
- Cache static pages
- Rate limit POST requests
- Homepage now defaults to my_links
- Imports are now explicit
- IE Compatible
- CSRF Protection for /delete
### Fixed
- Error pages are rendered correctly now
- HTTPS Go links displayed everywhere
- All content is served with HTTPS
- Dependecies are checked at CI time for updates
- Standardization of fonts
### Removed
- .template files
- secret.py
- LDAP support
## [2.1.1] - 2017-01-07
### Added
......
......@@ -6,7 +6,7 @@
<a href="http://srct.gmu.edu/">GMU<strong> SRCT</strong></a>. |
Read and contribute to our <a href="https://git.gmu.edu/srct/go/">source code</a>. |
Freely-licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache 2.0</a>. |
Go Version 2.1.1
Go Version 2.2.0
</span>
</div>
......
......@@ -314,6 +314,7 @@ def edit(request, short):
# do not allow them to edit
raise PermissionDenied()
@login_required
def delete(request, short):
"""
......@@ -329,15 +330,29 @@ def delete(request, short):
url = get_object_or_404(URL, short__iexact=short)
# If the RegisteredUser is the owner of the URL
if url.owner == request.user.registereduser and request.META['HTTP_REFERER'] == request.META['HTTP_HOST']:
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
if url.owner == request.user.registereduser:
# There are some instances where this request header does not exist, in
# this case we fallback to the insecure method
if request.META.get('HTTP_REFERER') is not None:
# Make sure that the requestee is from the same domain (go.gmu.edu)
if request.META.get('HTTP_REFERER') == request.META.get('HTTP_HOST'):
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else:
raise PermissionDenied()
# Fallback and delete
else:
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else:
# do not allow them to delete
raise PermissionDenied()
@login_required
def signup(request):
"""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment