Tue, 27 Nov 2012 14:48:03 +0100 [web] add a digital signature to error form (closes #2522526) stable
David Douard <david.douard@logilab.fr> [Tue, 27 Nov 2012 14:48:03 +0100] rev 8605
[web] add a digital signature to error form (closes #2522526) Simple (and quite weak) implementation of a digital signature of the content to be submited by email in the error report view generated by ErrorView. The signature is a simple hmac hash computed using a secret key (generated at repository startup) and the "secret" form content to be included in the notification email. The controller can then check this content has not been modified or forged by a malicious user.
Wed, 28 Nov 2012 11:44:15 +0100 [web/views] bugfix: the mime type is text/plain, not text/txt (closes #2526345) stable
Nicolas Chauvat <nicolas.chauvat@logilab.fr> [Wed, 28 Nov 2012 11:44:15 +0100] rev 8604
[web/views] bugfix: the mime type is text/plain, not text/txt (closes #2526345)
Tue, 27 Nov 2012 17:16:23 +0100 [doc] fix of personnal etc directory in book stable
Arthur Lutz <arthur.lutz@logilab.fr> [Tue, 27 Nov 2012 17:16:23 +0100] rev 8603
[doc] fix of personnal etc directory in book
Tue, 27 Nov 2012 12:24:56 +0100 [web] add a Forbidden exception stable
David Douard <david.douard@logilab.fr> [Tue, 27 Nov 2012 12:24:56 +0100] rev 8602
[web] add a Forbidden exception This is similar to the Unauthorized exception, but generates a 403 error instead of a 401 (Unauthorized)
Tue, 27 Nov 2012 11:38:03 +0100 [web] add a ``anonymize-jsonp-queries`` option in file configuration (closes #2465388) stable
Katia Saurfelt <katia.saurfelt@logilab.fr> [Tue, 27 Nov 2012 11:38:03 +0100] rev 8601
[web] add a ``anonymize-jsonp-queries`` option in file configuration (closes #2465388) This option controls connection anonymizing before executing any query for CSRF / safety reason.
Tue, 27 Nov 2012 11:27:49 +0100 [downloadable] fix filename in HTTP header (closes #2522325, #2522324) stable
Pierre-Yves David <pierre-yves.david@logilab.fr> [Tue, 27 Nov 2012 11:27:49 +0100] rev 8600
[downloadable] fix filename in HTTP header (closes #2522325, #2522324) Before this changeset we use the `filename` header with utf8 encoded filename all the time. However RFC6266 says: The parameters "filename" and "filename*" differ only in that "filename*" uses the encoding defined in [RFC5987], allowing the use of characters not present in the ISO-8859-1 character set ([ISO-8859-1]). Therefore, we alter the code to: 1. Use `filename` and `ascii` encoding whenever possible, 2. use `filename*` with `utf8` encoding otherwise (with a filename fallback for old browser) We also switch the `content-disposition` value to attachement if filename is specified, this will result as a mandatory download according to RFC6266. This mandatory download is the expected behavior. We changes the filename encoding to RFC5987 which is simpler, supported by all and modern browser (including IE from version 6) and does not suffer from the continuation issue. (see ticket #2522324 for details)
Tue, 27 Nov 2012 11:18:42 +0100 docstring typo stable
Sylvain Thénault <sylvain.thenault@logilab.fr> [Tue, 27 Nov 2012 11:18:42 +0100] rev 8599
docstring typo
(0) -3000 -1000 -300 -100 -30 -10 -7 +7 +10 +30 +100 +300 +1000 +3000 tip