Adrien Di Mascio <Adrien.DiMascio@logilab.fr> [Thu, 22 Oct 2009 11:07:05 +0200] rev 3784
[javascript] handle cases where vid parameter is hijacked by parameter-injection
Adrien Di Mascio <Adrien.DiMascio@logilab.fr> [Thu, 22 Oct 2009 11:02:50 +0200] rev 3783
[views] consider fallbackvid request parameter in ViewController
Adrien Di Mascio <Adrien.DiMascio@logilab.fr> [Thu, 22 Oct 2009 11:01:50 +0200] rev 3782
[cleanup] reorder cubicweb namespace attributes declaration
Adrien Di Mascio <Adrien.DiMascio@logilab.fr> [Thu, 22 Oct 2009 09:30:10 +0200] rev 3781
[javascript] asURL now escapes request arguments
I can't see no good reason for not escaping parameters. The two main
locations where asURL is used are :
- edition view: here, the change should have no effect
- facets: escaping is clearly needed in that case
Aurelien Campeas <aurelien.campeas@logilab.fr> [Wed, 21 Oct 2009 19:32:53 +0200] rev 3780
merge
Aurelien Campeas <aurelien.campeas@logilab.fr> [Wed, 21 Oct 2009 19:31:28 +0200] rev 3779
remove obsolete caveat
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 21 Oct 2009 17:37:58 +0200] rev 3778
so bad tests hasn't find that one...
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 21 Oct 2009 17:32:20 +0200] rev 3777
backport stable branch
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 21 Oct 2009 17:12:58 +0200] rev 3776
Added tag cubicweb-debian-version-3.5.5-1 for changeset aad818d9d9b6
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 21 Oct 2009 17:12:58 +0200] rev 3775
Added tag cubicweb-version-3.5.5 for changeset 1eca47d59fd9
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 21 Oct 2009 15:13:07 +0200] rev 3774
on precommit / rollback of schema update op, clear order_relations cache of entity schemas
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 21 Oct 2009 15:12:29 +0200] rev 3773
don't allow that even with cow powers