1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-22 17:34:21 +01:00
Commit Graph

622 Commits

Author SHA1 Message Date
John Thiltges
c6cce54d5f Escape form values with markupsafe
- Use markupsafe to format escaped HTML fragments
- Correct the formatting problems introduced with the XSS fixes
2019-01-03 13:12:53 -06:00
Carpentier Pierre-Francois
1f79648d57
Update ChangeLog.rst 2019-01-02 23:59:03 +01:00
Carpentier Pierre-Francois
636400b75f
Merge pull request #16 from jthiltges/escape
Protect against XSS vulnerabilities in URL redirection
2019-01-02 23:54:42 +01:00
John Thiltges
6f98076281 Protect against XSS vulnerabilities in URL redirection
- Switch from base64 to URL encoding for the passing the URL, using the built-in Mako filtering
- Apply HTML filtering to Mako output by default
- Disable HTML filtering for nested templates in adduser, modify, and selfmodify
2019-01-02 14:31:10 -06:00
Carpentier Pierre-Francois
1ed654c91b
Update README.rst 2018-02-07 19:54:23 +01:00
Carpentier Pierre-Francois
c329e53811
Update README.rst 2018-02-07 19:52:29 +01:00
Carpentier Pierre-Francois
05e3a0d665 Update README.rst 2017-10-26 10:08:16 +02:00
kakwa
4bd6314b3b remove useless tests 2017-06-12 19:50:42 +02:00
kakwa
c5dae7039a remove duplicated import in docs conf.py 2017-06-12 19:47:43 +02:00
kakwa
ca1f78173f better documenation 2017-06-09 23:40:23 +02:00
kakwa
9ed6007b02 including fastcgi configuration example in the documentation 2017-06-09 23:25:58 +02:00
kakwa
4d696a29ef adding example for unix socket in defautl conf 2017-06-09 23:24:20 +02:00
kakwa
45d64120ae adding an nginx configuration exmaple for fastcgi 2017-06-09 23:09:11 +02:00
kakwa
00a4d22dd9 remove pip install method 2017-04-06 21:53:58 +02:00
kakwa
32c513f96e change install method (pip install just doesn't work) 2017-04-06 21:37:02 +02:00
kakwa
7019cc2348 fix setup.py 2017-04-06 20:58:20 +02:00
kakwa
a404cf0b39 add auto message for tagging script 2017-04-06 20:57:42 +02:00
kakwa
9649803dd6 changelog 2017-04-06 20:52:55 +02:00
kakwa
eecccac106 fix import of version in docs/conf.py and setup.py 2017-04-06 20:46:58 +02:00
kakwa
f357adcd9a put version in standalone file
this way, it avoids error due to missing imports
2017-04-06 20:34:32 +02:00
kakwa
e7998ced78 adding a simple tagging script 2017-04-06 20:28:44 +02:00
kakwa
8270988ed4 changelog + version bump + factorize version 2017-04-06 20:21:31 +02:00
kakwa
2e2453f309 fix camelcase 2017-04-06 01:26:54 +02:00
kakwa
bbb13454bf more warning removal 2017-04-06 01:21:57 +02:00
kakwa
3378822d2e fix some warnings 2017-04-06 01:20:51 +02:00
kakwa
6e526b6f15 hack to have a cleaner resize 2017-04-06 00:32:24 +02:00
kakwa
5b1803cb05 changelog + version bump 2017-04-05 23:48:08 +02:00
kakwa
de5f760c37 removing duplicate option in form select fields 2017-04-05 23:37:41 +02:00
kakwa
a33a46e8b8 add dynamic resizing to align input-group-addon
* add class to identify the 2 form columns
* add a js that calculate max width and resize all input-group-addon
spans
* load the js in the base template
2017-04-05 23:24:19 +02:00
kakwa
eb36830845 fixes 2017-03-16 03:03:59 +01:00
kakwa
3fd6dcee82 fix issue related to python-ldap returning lists
Before, no particular treatment was done on the user attributes.
This caused some issues because python-ldap systematically returns
the attribute value as a list (even if it's mono-valuated).

Now we recover the attributes used in the group attr templates,
and we "normalize" the user attributes before using it in add_to_groups
and del_from_groups.

By normalize, we mean, transforming the list to it's unique value.
In case the attribute doesn't exist or is multi-valuated, it raises an
error.
2017-03-16 02:45:23 +01:00
kakwa
55ce2bec5e small cleaning 2017-03-16 02:40:23 +01:00
kakwa
e02a1a7f28 adding posixGroups in test ldap 2017-03-16 02:39:41 +01:00
kakwa
f9a3051328 Merge branch 'master' of https://github.com/kakwa/ldapcherry 2017-03-12 17:46:49 +01:00
kakwa
e4effc64ec fixing log errors in auth "none" mode
replacing None by unknown as a default value in order to avoid
error in generating log msg because None is not a string
2017-03-12 17:45:01 +01:00
Carpentier Pierre-Francois
b3a361afee remove broken download stats badge 2017-03-10 00:43:51 +01:00
kakwa
a802ce772a adding documention of textfielf and better documenation for other types 2017-03-07 23:21:27 +01:00
kakwa
3a1966324d adding more try catch for template debugging 2017-03-07 22:34:05 +01:00
kakwa
819e575a28 pep8ification 2017-03-07 22:23:11 +01:00
Carpentier Pierre-Francois
12bb597903 Merge pull request #6 from rooty0/feat/template-parse-error
adding support for display template parse error
2017-03-07 22:19:15 +01:00
Carpentier Pierre-Francois
7afe6c0ca7 Merge pull request #5 from rooty0/feat/add-textarea
adding textarea
2017-03-07 22:14:18 +01:00
Stan Rudenko
e1a27aa0a7 adding support for display template parse error 2017-03-02 19:06:54 -08:00
Stan Rudenko
f7f72c7e11 adding textarea 2017-03-02 18:47:49 -08:00
kakwa
e37b88dbda fix some errors in unused code 2017-01-31 20:59:49 +01:00
kakwa
d7303da85f fix test configuration 2017-01-24 03:06:48 +01:00
kakwa
44024dbd02 trying to add test on AD/DC for travis 2017-01-24 02:52:16 +01:00
kakwa
5a45a24055 proper exception in ldap backend
adding proper management of none existant user in group function
if user doesn't exist.
2016-08-01 19:57:51 +02:00
kakwa
0a4db74f1f version bump 2016-07-31 13:14:31 +02:00
kakwa
f747252585 add changelog 2016-07-31 12:30:54 +02:00
kakwa
7f00264e32 improve robustness if user dn attribute contains something like ,cn= 2016-07-31 12:21:26 +02:00