kakwa
2df56d2de2
fix template over-escaping + python 3 support
...
The templates were html escaping the generated js code for the
autofill and the role management. This was breaking these features.
It's okay to not escape these as they are coming from a trusted source
(configuration file).
Also make the templates python3 compatible (not need to import Set in
python 3)
2019-02-06 21:38:11 +01:00
Carpentier Pierre-Francois
5b0c72a572
Merge pull request #17 from jthiltges/escfix
...
Escape form values with markupsafe
2019-01-03 23:39:53 +01:00
John Thiltges
c6cce54d5f
Escape form values with markupsafe
...
- Use markupsafe to format escaped HTML fragments
- Correct the formatting problems introduced with the XSS fixes
2019-01-03 13:12:53 -06:00
Carpentier Pierre-Francois
1f79648d57
Update ChangeLog.rst
2019-01-02 23:59:03 +01:00
Carpentier Pierre-Francois
636400b75f
Merge pull request #16 from jthiltges/escape
...
Protect against XSS vulnerabilities in URL redirection
2019-01-02 23:54:42 +01:00
John Thiltges
6f98076281
Protect against XSS vulnerabilities in URL redirection
...
- Switch from base64 to URL encoding for the passing the URL, using the built-in Mako filtering
- Apply HTML filtering to Mako output by default
- Disable HTML filtering for nested templates in adduser, modify, and selfmodify
2019-01-02 14:31:10 -06:00
Carpentier Pierre-Francois
1ed654c91b
Update README.rst
2018-02-07 19:54:23 +01:00
Carpentier Pierre-Francois
c329e53811
Update README.rst
2018-02-07 19:52:29 +01:00
Carpentier Pierre-Francois
05e3a0d665
Update README.rst
2017-10-26 10:08:16 +02:00
kakwa
4bd6314b3b
remove useless tests
2017-06-12 19:50:42 +02:00
kakwa
c5dae7039a
remove duplicated import in docs conf.py
2017-06-12 19:47:43 +02:00
kakwa
ca1f78173f
better documenation
2017-06-09 23:40:23 +02:00
kakwa
9ed6007b02
including fastcgi configuration example in the documentation
2017-06-09 23:25:58 +02:00
kakwa
4d696a29ef
adding example for unix socket in defautl conf
2017-06-09 23:24:20 +02:00
kakwa
45d64120ae
adding an nginx configuration exmaple for fastcgi
2017-06-09 23:09:11 +02:00
kakwa
00a4d22dd9
remove pip install method
2017-04-06 21:53:58 +02:00
kakwa
32c513f96e
change install method (pip install just doesn't work)
2017-04-06 21:37:02 +02:00
kakwa
7019cc2348
fix setup.py
2017-04-06 20:58:20 +02:00
kakwa
a404cf0b39
add auto message for tagging script
2017-04-06 20:57:42 +02:00
kakwa
9649803dd6
changelog
2017-04-06 20:52:55 +02:00
kakwa
eecccac106
fix import of version in docs/conf.py and setup.py
2017-04-06 20:46:58 +02:00
kakwa
f357adcd9a
put version in standalone file
...
this way, it avoids error due to missing imports
2017-04-06 20:34:32 +02:00
kakwa
e7998ced78
adding a simple tagging script
2017-04-06 20:28:44 +02:00
kakwa
8270988ed4
changelog + version bump + factorize version
2017-04-06 20:21:31 +02:00
kakwa
2e2453f309
fix camelcase
2017-04-06 01:26:54 +02:00
kakwa
bbb13454bf
more warning removal
2017-04-06 01:21:57 +02:00
kakwa
3378822d2e
fix some warnings
2017-04-06 01:20:51 +02:00
kakwa
6e526b6f15
hack to have a cleaner resize
2017-04-06 00:32:24 +02:00
kakwa
5b1803cb05
changelog + version bump
2017-04-05 23:48:08 +02:00
kakwa
de5f760c37
removing duplicate option in form select fields
2017-04-05 23:37:41 +02:00
kakwa
a33a46e8b8
add dynamic resizing to align input-group-addon
...
* add class to identify the 2 form columns
* add a js that calculate max width and resize all input-group-addon
spans
* load the js in the base template
2017-04-05 23:24:19 +02:00
kakwa
eb36830845
fixes
2017-03-16 03:03:59 +01:00
kakwa
3fd6dcee82
fix issue related to python-ldap returning lists
...
Before, no particular treatment was done on the user attributes.
This caused some issues because python-ldap systematically returns
the attribute value as a list (even if it's mono-valuated).
Now we recover the attributes used in the group attr templates,
and we "normalize" the user attributes before using it in add_to_groups
and del_from_groups.
By normalize, we mean, transforming the list to it's unique value.
In case the attribute doesn't exist or is multi-valuated, it raises an
error.
2017-03-16 02:45:23 +01:00
kakwa
55ce2bec5e
small cleaning
2017-03-16 02:40:23 +01:00
kakwa
e02a1a7f28
adding posixGroups in test ldap
2017-03-16 02:39:41 +01:00
kakwa
f9a3051328
Merge branch 'master' of https://github.com/kakwa/ldapcherry
2017-03-12 17:46:49 +01:00
kakwa
e4effc64ec
fixing log errors in auth "none" mode
...
replacing None by unknown as a default value in order to avoid
error in generating log msg because None is not a string
2017-03-12 17:45:01 +01:00
Carpentier Pierre-Francois
b3a361afee
remove broken download stats badge
2017-03-10 00:43:51 +01:00
kakwa
a802ce772a
adding documention of textfielf and better documenation for other types
2017-03-07 23:21:27 +01:00
kakwa
3a1966324d
adding more try catch for template debugging
2017-03-07 22:34:05 +01:00
kakwa
819e575a28
pep8ification
2017-03-07 22:23:11 +01:00
Carpentier Pierre-Francois
12bb597903
Merge pull request #6 from rooty0/feat/template-parse-error
...
adding support for display template parse error
2017-03-07 22:19:15 +01:00
Carpentier Pierre-Francois
7afe6c0ca7
Merge pull request #5 from rooty0/feat/add-textarea
...
adding textarea
2017-03-07 22:14:18 +01:00
Stan Rudenko
e1a27aa0a7
adding support for display template parse error
2017-03-02 19:06:54 -08:00
Stan Rudenko
f7f72c7e11
adding textarea
2017-03-02 18:47:49 -08:00
kakwa
e37b88dbda
fix some errors in unused code
2017-01-31 20:59:49 +01:00
kakwa
d7303da85f
fix test configuration
2017-01-24 03:06:48 +01:00
kakwa
44024dbd02
trying to add test on AD/DC for travis
2017-01-24 02:52:16 +01:00
kakwa
5a45a24055
proper exception in ldap backend
...
adding proper management of none existant user in group function
if user doesn't exist.
2016-08-01 19:57:51 +02:00
kakwa
0a4db74f1f
version bump
2016-07-31 13:14:31 +02:00