tobias/radicale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,808 Commits 2 Branches 0 Tags
6b46b01fcb5e9468a998676390295b949456a2a5
Commit Graph

1808 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Unrud
780cecc0f2 Always sanitize request URI 
Do no rely on the HTTP server
 2015-12-24 14:32:21 +01:00
Unrud
ee095a463d Improve URI sanitation 
The old implementation failed to sanitize URIs
like ".", "..", "../.." or "//"
 2015-12-24 14:32:21 +01:00
Guillaume Ayoub
c217e5d2ff Merge pull request #342 from Unrud/handler 
Introduce naming scheme for request handlers
 2015-12-24 10:21:13 +01:00
Unrud
592537e37c Introduce naming scheme for request handlers 
The do_ prefix and upper case name allows easy
distinction between methods that handle requests
and other methods.
Without this distinction an attacker could
call arbitrary methods.
Currently there is no method that matches the
argument count, but that's easy to miss when new
methods are added.
 2015-12-24 07:22:55 +01:00
Guillaume Ayoub
1109973a92 Merge pull request #341 from Unrud/patch-4 
Prevent "regex injection"
 2015-12-23 12:09:00 +01:00
Unrud
4bfe7c9f79 Prevent "regex injection" 
If an attacker is able to authenticate with a user name like .* he can bypass limitations imposed by "owner_write" and "owner_only".
 2015-12-23 07:05:20 +01:00
Guillaume Ayoub
c7fe4777b1 Merge pull request #340 from Unrud/patch-3 
Improve regex for Well-Known URIs
 2015-12-22 15:01:21 +01:00
Unrud
7cb31fe22b Improve regex for Well-Known URIs 
Example to show the problem:
/Xwell-known/carddavXX
 2015-12-22 12:44:19 +01:00
Unrud
367ca6fcbf Replace standard file descriptors of daemon 
Overwriting ```sys.stdout``` and ```sys.stderr``` is not sufficient.
(e.g. the logger still uses the old file descriptors)
 2015-12-22 08:50:16 +01:00
Unrud
ecb8ad747e Decouple the daemon from its parent environment 2015-12-22 08:50:16 +01:00
Unrud
3a9238f670 Check and create PID file in a race-free manner 2015-12-22 08:50:16 +01:00
Unrud
0a09804821 Close PID file 2015-12-22 08:49:58 +01:00
Guillaume Ayoub
53c3113b44 Merge pull request #337 from Unrud/patch-1 
Assign new items to correct key
 2015-12-10 11:05:59 +01:00
Unrud
80ecae40cb Assign new items to correct key 2015-12-10 09:46:38 +01:00
Guillaume Ayoub
e807c3d35b Use the first matching section for getting rights 2015-12-03 15:22:12 +01:00
Guillaume Ayoub
9875db9a6c Add md5 and bcrypt as available encryptions methods for htpasswd in config file 2015-10-21 02:09:11 +02:00
Guillaume Ayoub
7b82121c12 Encode message and committer for git commits (fix #313) 2015-09-22 11:01:33 +02:00
Guillaume Ayoub
6babebd315 Version 1.0.1 2015-09-21 12:14:51 +02:00
Guillaume Ayoub
231cdec476 Update development status 2015-09-14 11:55:49 +02:00
Guillaume Ayoub
377762e23c Version 1.0 2015-09-14 11:49:34 +02:00
Guillaume Ayoub
f112a9b390 Merge pull request #305 from untitaker/database-props 
Don't discard PROPPATCH on empty collections.
 2015-08-28 11:26:10 +02:00
Markus Unterwaditzer
57b1ccdea5 Fix crash on empty values 2015-08-21 20:11:44 +02:00
Markus Unterwaditzer
213cb40480 Don't discard PROPPATCH on empty collections. 2015-08-21 20:08:56 +02:00
Guillaume Ayoub
90f4b48f98 Merge pull request #236 from untitaker/multifilesystem_fixes 
Improve errorhandling in multifilesystem
 2015-08-21 16:58:26 +02:00
Markus Unterwaditzer
d300949fe8 Improve errorhandling in multifilesystem 
If the collection doesn't exist yet, OSError(2, 'No such file or
directory') is raised.

https://travis-ci.org/untitaker/vdirsyncer/jobs/42540595
 2015-08-21 16:17:00 +02:00
Guillaume Ayoub
ce9fd74d98 Merge pull request #260 from deronnax/not_found_instead_of_gone 
change GET response from GONE to NOT FOUND when item is not found
 2015-08-21 15:34:59 +02:00
Guillaume Ayoub
634c3c6e3e Merge pull request #304 from singpolyma/pam-service 
Use PAM service
 2015-08-12 10:27:55 +02:00
Stephen Paul Weber
2de4f53fc3 Use PAM service 
This allows authentication types to be customised for radicale.
 2015-08-11 16:46:46 -05:00
Guillaume Ayoub
b4438d25f7 Cosmetics in htpasswd 2015-07-29 14:00:49 +02:00
Guillaume Ayoub
3b520a966b Merge pull request #297 from jgehrcke/feature/md5apr1bcrypt 
Implement MD5-APR1 and BCRYPT for htpasswd auth
 2015-07-29 13:52:57 +02:00
Jan-Philip Gehrcke
3abbdcf671 htpasswd.py: add optional MD5-APR1 and BCRYPT support via passlib. 
- Update docstring for optional MD5-APR1/BCRYPT support via passlib.
- Support the "md5" and "bcrypt" htpasswd_encryption config values.
- Conditionally import the required passlib components if either
  "md5" or "bcrypt" is requested in the configuration file.
- Test bcrypt backend availability upon import.
- First define verification functions, then conditionally import
  external dependencies.
- Consolidate: use context manager for reading credential file.
- Consolidate: save one call to strip() while parsing.
- Consolidate: break long lines, clarify comments and docstrings.
- Consolidate: use verification function mapping for improving maintainability.
 2015-07-29 13:12:18 +02:00
Guillaume Ayoub
1c39c75c6b Remove Pypy from travis 2015-07-24 16:28:43 +02:00
Guillaume Ayoub
3f3d0e8945 Remove Pypy from tox 2015-07-24 16:25:01 +02:00
Guillaume Ayoub
22a356bd06 Merge branch 'master' of github.com:Kozea/radicale 2015-07-24 16:01:38 +02:00
Guillaume Ayoub
8604593512 Fix many tests and database storage 2015-07-24 16:01:03 +02:00
Guillaume Ayoub
459b02c9a4 Fix some tests 2015-07-24 14:23:11 +02:00
Guillaume Ayoub
79e5403cac Remove coveralls from .travis.yml 2015-07-17 18:11:22 +02:00
Guillaume Ayoub
765aa2e142 Add dulwich in .travis.yml 2015-07-17 18:05:35 +02:00
Guillaume Ayoub
48a7d5d9c3 Create .travis.yml 2015-07-17 17:56:06 +02:00
Giel van Schijndel
a06e4ef075 PROPFIND: correctly handle 'propall' and 'propnames' 
* Handle both the explicit <propall/> and its implicit variants
  - the missing request-body case was already handled
  - the empty request-body case wasn't
  - the explicit (a request-body containing <propall/>) wasn't either
 * <propnames/> now lists all retrievable properties

Signed-off-by: Giel van Schijndel <me@mortis.eu>
 2015-06-26 13:33:10 +02:00
Hadley Rich
54d71355d1 Change xmlutils propfind to return readonly calendars 2015-06-04 11:23:01 +12:00
Guillaume Ayoub
519a40d714 Merge pull request #288 from l1am9111/tag_typo 
Fix typo which results in error
 2015-05-15 16:14:50 +02:00
Liam
ba5d38d09b Fix typo 2015-05-15 13:47:44 +01:00
Guillaume Ayoub
b1ce0fcfd3 Fix Daniel's name in NEWS 2015-05-06 15:00:58 +02:00
Guillaume Ayoub
18b3a7540d Merge pull request #284 from mmonaco/master 
Use path for git commit message
 2015-05-05 08:27:37 +02:00
Matthew Monaco
bf96d4a1fa Use path for git commit message 
The hard-coded message isn't very helpful, and that info is shown by the
author when looking at single line logs.
 2015-05-04 13:33:52 -06:00
Guillaume Ayoub
ced7e76ba0 Small style fixes 2015-05-01 10:31:25 +02:00
Guillaume Ayoub
675f9d1f87 Merge pull request #255 from jspricke/fix_FutureWarning 
Fix FutureWarning, explicitly test prop_element for None
 2015-05-01 10:22:38 +02:00
Guillaume Ayoub
c3df08277b Merge pull request #223 from cloudfleet/dockerfile 
Create Dockerfile
 2015-04-29 19:36:21 +02:00
Guillaume Ayoub
ba514d7bc2 Merge pull request #249 from jspricke/setuptools 
Change distutils to setuptools
 2015-04-29 19:35:24 +02:00