Unrud
780cecc0f2
Always sanitize request URI
...
Do no rely on the HTTP server
2015-12-24 14:32:21 +01:00
Unrud
ee095a463d
Improve URI sanitation
...
The old implementation failed to sanitize URIs
like ".", "..", "../.." or "//"
2015-12-24 14:32:21 +01:00
Guillaume Ayoub
c217e5d2ff
Merge pull request #342 from Unrud/handler
...
Introduce naming scheme for request handlers
2015-12-24 10:21:13 +01:00
Unrud
592537e37c
Introduce naming scheme for request handlers
...
The do_ prefix and upper case name allows easy
distinction between methods that handle requests
and other methods.
Without this distinction an attacker could
call arbitrary methods.
Currently there is no method that matches the
argument count, but that's easy to miss when new
methods are added.
2015-12-24 07:22:55 +01:00
Guillaume Ayoub
1109973a92
Merge pull request #341 from Unrud/patch-4
...
Prevent "regex injection"
2015-12-23 12:09:00 +01:00
Unrud
4bfe7c9f79
Prevent "regex injection"
...
If an attacker is able to authenticate with a user name like .* he can bypass limitations imposed by "owner_write" and "owner_only".
2015-12-23 07:05:20 +01:00
Guillaume Ayoub
c7fe4777b1
Merge pull request #340 from Unrud/patch-3
...
Improve regex for Well-Known URIs
2015-12-22 15:01:21 +01:00
Unrud
7cb31fe22b
Improve regex for Well-Known URIs
...
Example to show the problem:
/Xwell-known/carddavXX
2015-12-22 12:44:19 +01:00
Guillaume Ayoub
53c3113b44
Merge pull request #337 from Unrud/patch-1
...
Assign new items to correct key
2015-12-10 11:05:59 +01:00
Unrud
80ecae40cb
Assign new items to correct key
2015-12-10 09:46:38 +01:00
Guillaume Ayoub
9875db9a6c
Add md5 and bcrypt as available encryptions methods for htpasswd in config file
2015-10-21 02:09:11 +02:00
Guillaume Ayoub
7b82121c12
Encode message and committer for git commits ( fix #313 )
2015-09-22 11:01:33 +02:00
Guillaume Ayoub
6babebd315
Version 1.0.1
2015-09-21 12:14:51 +02:00
Guillaume Ayoub
231cdec476
Update development status
2015-09-14 11:55:49 +02:00
Guillaume Ayoub
377762e23c
Version 1.0
2015-09-14 11:49:34 +02:00
Guillaume Ayoub
f112a9b390
Merge pull request #305 from untitaker/database-props
...
Don't discard PROPPATCH on empty collections.
2015-08-28 11:26:10 +02:00
Markus Unterwaditzer
57b1ccdea5
Fix crash on empty values
2015-08-21 20:11:44 +02:00
Markus Unterwaditzer
213cb40480
Don't discard PROPPATCH on empty collections.
2015-08-21 20:08:56 +02:00
Guillaume Ayoub
90f4b48f98
Merge pull request #236 from untitaker/multifilesystem_fixes
...
Improve errorhandling in multifilesystem
2015-08-21 16:58:26 +02:00
Markus Unterwaditzer
d300949fe8
Improve errorhandling in multifilesystem
...
If the collection doesn't exist yet, OSError(2, 'No such file or
directory') is raised.
https://travis-ci.org/untitaker/vdirsyncer/jobs/42540595
2015-08-21 16:17:00 +02:00
Guillaume Ayoub
ce9fd74d98
Merge pull request #260 from deronnax/not_found_instead_of_gone
...
change GET response from GONE to NOT FOUND when item is not found
2015-08-21 15:34:59 +02:00
Guillaume Ayoub
634c3c6e3e
Merge pull request #304 from singpolyma/pam-service
...
Use PAM service
2015-08-12 10:27:55 +02:00
Stephen Paul Weber
2de4f53fc3
Use PAM service
...
This allows authentication types to be customised for radicale.
2015-08-11 16:46:46 -05:00
Guillaume Ayoub
b4438d25f7
Cosmetics in htpasswd
2015-07-29 14:00:49 +02:00
Guillaume Ayoub
3b520a966b
Merge pull request #297 from jgehrcke/feature/md5apr1bcrypt
...
Implement MD5-APR1 and BCRYPT for htpasswd auth
2015-07-29 13:52:57 +02:00
Jan-Philip Gehrcke
3abbdcf671
htpasswd.py: add optional MD5-APR1 and BCRYPT support via passlib.
...
- Update docstring for optional MD5-APR1/BCRYPT support via passlib.
- Support the "md5" and "bcrypt" htpasswd_encryption config values.
- Conditionally import the required passlib components if either
"md5" or "bcrypt" is requested in the configuration file.
- Test bcrypt backend availability upon import.
- First define verification functions, then conditionally import
external dependencies.
- Consolidate: use context manager for reading credential file.
- Consolidate: save one call to strip() while parsing.
- Consolidate: break long lines, clarify comments and docstrings.
- Consolidate: use verification function mapping for improving maintainability.
2015-07-29 13:12:18 +02:00
Guillaume Ayoub
1c39c75c6b
Remove Pypy from travis
2015-07-24 16:28:43 +02:00
Guillaume Ayoub
3f3d0e8945
Remove Pypy from tox
2015-07-24 16:25:01 +02:00
Guillaume Ayoub
22a356bd06
Merge branch 'master' of github.com:Kozea/radicale
2015-07-24 16:01:38 +02:00
Guillaume Ayoub
8604593512
Fix many tests and database storage
2015-07-24 16:01:03 +02:00
Guillaume Ayoub
459b02c9a4
Fix some tests
2015-07-24 14:23:11 +02:00
Guillaume Ayoub
79e5403cac
Remove coveralls from .travis.yml
2015-07-17 18:11:22 +02:00
Guillaume Ayoub
765aa2e142
Add dulwich in .travis.yml
2015-07-17 18:05:35 +02:00
Guillaume Ayoub
48a7d5d9c3
Create .travis.yml
2015-07-17 17:56:06 +02:00
Guillaume Ayoub
519a40d714
Merge pull request #288 from l1am9111/tag_typo
...
Fix typo which results in error
2015-05-15 16:14:50 +02:00
Liam
ba5d38d09b
Fix typo
2015-05-15 13:47:44 +01:00
Guillaume Ayoub
b1ce0fcfd3
Fix Daniel's name in NEWS
2015-05-06 15:00:58 +02:00
Guillaume Ayoub
18b3a7540d
Merge pull request #284 from mmonaco/master
...
Use path for git commit message
2015-05-05 08:27:37 +02:00
Matthew Monaco
bf96d4a1fa
Use path for git commit message
...
The hard-coded message isn't very helpful, and that info is shown by the
author when looking at single line logs.
2015-05-04 13:33:52 -06:00
Guillaume Ayoub
ced7e76ba0
Small style fixes
2015-05-01 10:31:25 +02:00
Guillaume Ayoub
675f9d1f87
Merge pull request #255 from jspricke/fix_FutureWarning
...
Fix FutureWarning, explicitly test prop_element for None
2015-05-01 10:22:38 +02:00
Guillaume Ayoub
c3df08277b
Merge pull request #223 from cloudfleet/dockerfile
...
Create Dockerfile
2015-04-29 19:36:21 +02:00
Guillaume Ayoub
ba514d7bc2
Merge pull request #249 from jspricke/setuptools
...
Change distutils to setuptools
2015-04-29 19:35:24 +02:00
Guillaume Ayoub
4cbabd2840
Merge pull request #259 from untitaker/issue258
...
Fully fix #258
2015-04-29 19:13:25 +02:00
Guillaume Ayoub
c249e080af
Merge pull request #273 from untitaker/issue117
...
Fix another instance of #117
2015-04-29 19:09:38 +02:00
Guillaume Ayoub
a0fc07a894
Allow content-types with ';' in charset, fix #279
2015-04-29 19:08:20 +02:00
Guillaume Ayoub
e69bec1272
Don't rely on case-sensitive imports, fix #282
...
We should burn PEP 235, bicameral scripts, encodings, Python2/3 compatibility,
Windows, MacOS X, filenames, unicode (including composite characters), and the
whole world. And LF/CR too, of course.
Let's recreate a language relying on only two characters. Anyone interested?
2015-04-29 18:55:56 +02:00
Guillaume Ayoub
85826fcb74
Merge pull request #281 from untitaker/pam
...
Fix compatibility for PAM auth
2015-04-25 15:11:58 +02:00
Markus Unterwaditzer
baa958c81f
Fix compatibility for PAM auth
...
PR #280 invoked `pam.authenticate().authenticate()` for older versions
of python-pam. Also, this version avoids monkeypatching the PAM module.
2015-04-25 11:14:04 +02:00
Guillaume Ayoub
ab77f62bf4
Merge pull request #280 from fatlotus/patch-1
...
Add compatibility patch for .authenticate() in PAM authentication module
2015-04-20 10:27:16 +02:00