Commit c5a581c9 authored by David Haynes's avatar David Haynes 🙆

Merge branch 'master' of git.gmu.edu:srct/go

parents 2e4e23e5 77256145
Pipeline #1533 failed with stages
in 1 minute and 28 seconds
......@@ -2,6 +2,12 @@
All notable changes to this project will be documented in this file. This
project adheres (to the best of our ability) to [Semantic Versioning](http://semver.org/).
## [2.2.2] - 2017-21-08
### Removed
- Removed CSRF check on delete function
## [2.2.1] - 2017-13-05
### Fixed
......
"""
go/forms.py
"""
# Future Imports
from __future__ import (absolute_import, division, print_function,
unicode_literals)
# Python stdlib Imports
from datetime import datetime, timedelta
from six.moves import urllib
# Django Imports
from django.core.exceptions import ValidationError
......@@ -26,7 +24,7 @@ from bootstrap3_datetime.widgets import DateTimePicker
from crispy_forms.bootstrap import (Accordion, AccordionGroup, PrependedText,
StrictButton)
from crispy_forms.helper import FormHelper
from crispy_forms.layout import HTML, Div, Field, Fieldset, Layout, Submit
from crispy_forms.layout import HTML, Div, Field, Fieldset, Layout
class URLForm(ModelForm):
......@@ -40,22 +38,9 @@ class URLForm(ModelForm):
"""
Prevent redirect loop links
"""
# get the entered target link
target = self.cleaned_data.get('target')
try:
final_url = urllib.request.urlopen(target).geturl()
# if visiting the provided url results in an HTTP error, or redirects
# to a page that results in an HTTP error
except urllib.error.URLError as e:
# to permit users to enter sites that return most errors, but
# prevent them from entering sites that result in an HTTP 300 error
if any(int(str(e)[11:14]) == errorNum for errorNum in range(300, 308)):
raise ValidationError("Link results in a 300 error")
else:
final_url = ""
# Commented out as this check cannont properly be tested since we cannot
# dynamically generate request.META.get('HTTP_HOST')
......
......@@ -6,7 +6,7 @@
<a href="http://srct.gmu.edu/">GMU<strong> SRCT</strong></a>. |
Read and contribute to our <a href="https://git.gmu.edu/srct/go/">source code</a>. |
Freely-licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache 2.0</a>. |
Go Version 2.2.1
Go Version 2.2.2
</span>
</div>
......@@ -21,7 +21,7 @@
Freely-licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache 2.0</a>.
</div>
<div class="col-sm-4 text-muted">
Go Version 2.2.1
Go Version 2.2.2
</div>
</div>
</footer>
......@@ -321,7 +321,6 @@ def delete(request, short):
This view deletes a URL if you have the permission to. User must be
logged in and registered, and must also be the owner of the URL.
"""
# Do not allow unapproved users to delete links
if not request.user.registereduser.approved:
return render(request, 'not_registered.html')
......@@ -331,28 +330,14 @@ def delete(request, short):
# If the RegisteredUser is the owner of the URL
if url.owner == request.user.registereduser:
# There are some instances where this request header does not exist, in
# this case we fallback to the insecure method
if request.META.get('HTTP_REFERER') is not None:
# Make sure that the requestee is from the same domain (go.gmu.edu)
if request.META.get('HTTP_REFERER') == request.META.get('HTTP_HOST'):
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else:
raise PermissionDenied()
# Fallback and delete
else:
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else:
# do not allow them to delete
raise PermissionDenied()
@login_required
def signup(request):
"""
......
......@@ -7,8 +7,8 @@ git+https://github.com/kstateome/django-cas.git
git+https://github.com/dhaynespls/django-bootstrap3-datetimepicker.git
hashids==1.2.0
mysqlclient
redis==2.10.5
requests==2.14.2
simplejson==3.10.0
redis==2.10.6
requests==2.18.4
simplejson==3.11.1
six
setuptools==35.0.2
\ No newline at end of file
setuptools==36.2.7
\ No newline at end of file
-r base.txt
flake8==3.3.0
flake8==3.4.1
pep8==1.7.0
pyflakes==1.5.0
pyflakes==1.6.0
coverage
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment