Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
Also a minor tweak to getting the search filter.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
classes instead
|
|
|
|
|
|
|
|
parameter
use type-strict comparison when validating CSRF token on the backend
|
|
|
|
silently stripped on save because of clean())
|
|
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CSS file
|
|
2. hide/show relevant counter nodes using css
3. cleanup some counter-related code
4. compile default css into light theme to prevent cache-related issues
|
|
1. prevent layout breakage when using an authenticator which doesn't allow changing passwords
2. show explanatory messages when OTP or password changing is not available
3. allow app (API) passwords when using any auth module
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
update and shorten some other message templates
|
|
|
|
|
|
|
|
|