noobpk
4a2ca815fd
update pattern fix issue multi-line in text can be bypass
2021-11-19 15:24:40 +07:00
noobpk
c54b89f143
Add URL schemes that are allowed within links
...
Fix bug Stored XSS via markdown
Disclosure: https://huntr.dev/bounties/be7f211d-4bfd-44fd-91e8-682329906fbd/
2021-11-19 13:00:03 +07:00
Garret Wassermann
ffcc83f91d
Sync master with 0.3
2021-11-19 00:37:23 -05:00
Garret Wassermann
96338bd73f
Bump version to 0.3.1
2021-11-19 00:34:21 -05:00
Garret Wassermann
44abb19712
Backport #980 , #981 , #984 to 0.3
2021-11-19 00:30:20 -05:00
Garret Wassermann
b78f89c3ef
Merge pull request #984 from noobpk/noobpk-patch-validators
...
Add `att.full_clean()` before saving to address file validators not working on email attachments
2021-11-18 02:55:39 -05:00
lethanhphuc
04483bdac3
Add att.full_clean()
before saving
...
Fix issue https://github.com/django-helpdesk/django-helpdesk/issues/983
Also, fix bug stored XSS disclosure: https://huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e/
2021-11-18 10:42:02 +07:00
Garret Wassermann
73787bd245
Merge pull request #981 from GibbsConsulting/master
...
Update task registration in line with Celery changes
2021-11-17 12:14:56 -05:00
Gibbs Consulting
fedcca42ad
Update tasks.py
...
Following https://docs.celeryproject.org/en/stable/internals/deprecation.html the importing of the celery task decorator needs to be updated for use with the current version of the celery package.
2021-11-12 11:56:22 -08:00
Garret Wassermann
91b37f6d73
Merge pull request #980 from noobpk/noobpk-fix-xss
...
Add function `htmlEntities` into template ticket_list.html
2021-11-12 12:02:19 -05:00
lethanhphuc
2c7065e0c4
Add function htmlEntities
...
`htmlentities()` is a function which converts special characters. This allows you to show to display the string without the browser reading it as HTML.
2021-11-11 17:32:09 +07:00
Garret Wassermann
e016e6699d
fix minutes representation in models.py, see #978
2021-10-20 08:11:08 -04:00
Garret Wassermann
3f245871ac
Merge pull request #978 from AmatorAVG/master
...
Fix minutes representation in format_time_spent in models.py
2021-10-20 08:09:02 -04:00
AmatorAVG
5538985fe1
Update models.py
...
fix minutes representation in format_time_spent
2021-10-20 14:18:38 +07:00
Garret Wassermann
7a4046b237
azure does not yet support python 3.10
2021-10-19 04:41:56 -04:00
Garret Wassermann
08c41b7206
Really fix azure pipeline testing
2021-10-19 03:31:22 -04:00
Garret Wassermann
8e632830de
Fix azure pipeline testing
2021-10-19 02:54:52 -04:00
Garret Wassermann
d0bbb6905a
Merge fixes from branch '0.3'
2021-10-18 23:05:38 -04:00
Garret Wassermann
914e751a6d
Fix quicktest and update azure config
2021-10-18 23:05:03 -04:00
Garret Wassermann
e6d14b1d3d
Update README with azure build status
2021-10-18 22:31:43 -04:00
Garret Wassermann
5ca1f39c23
Update versions and copyrights to begin the 0.4 release dev cycle
2021-10-18 01:16:39 -04:00
Garret Wassermann
266694509f
Update CONTRIBUTING to reference the new 0.3 release branch
2021-10-18 01:02:55 -04:00
Garret Wassermann
ec96538a54
Set end date for official 0.2 support, update license copyright years
2021-10-18 00:57:31 -04:00
Garret Wassermann
122d8f7b6a
Update documentation for 0.3.0 release, restrict support to python 3.8+ because earlier pythons are no longer supported upstream anyway
2021-10-17 23:49:16 -04:00
Garret Wassermann
0be0e279b7
Update azure pipelines config to test all versions of django supported
2021-10-17 23:34:23 -04:00
Garret Wassermann
751459e5c5
Set max 1 parallel
2021-10-15 02:33:25 -04:00
Garret Wassermann
2d839df7a0
Parallel testing isn't free automatically so skip for now
2021-10-15 02:22:45 -04:00
Garret Wassermann
36e5370a7d
Set up CI with Azure Pipelines
...
[skip ci]
2021-10-15 02:20:40 -04:00
Garret Wassermann
558318f352
Remove old py2 import from setup
2021-10-05 06:28:13 -04:00
Garret Wassermann
aff67184d4
Add attachment validator when uploading attachment to tickets
2021-10-05 06:25:42 -04:00
Garret Wassermann
a5f801bb52
use csrf tokens in all forms
2021-10-04 23:13:38 -04:00
Garret Wassermann
02bdaea76a
Add security warning to comments of demodesk about using secure cookies
2021-09-27 23:19:06 -04:00
Garret Wassermann
166d552fba
Turn on secure cookie support if the server os environment expects to use secure connections
2021-09-27 22:12:32 -04:00
Garret Wassermann
e8efa4d263
Merge remote-tracking branch 'upstream/master'
2021-09-27 18:59:31 -04:00
Garret Wassermann
3216ff0c55
Merge pull request #974 from passiv/master
...
fix: strip extraneous whitespace characters that are returned in the Message-ID and In-Reply-To fields from some email providers
2021-09-23 10:19:52 -04:00
Brendan Wood
6a0b367171
fix: strip extraneous whitespace characters that are returned in the Message-ID and In-Reply-To fields from some email providers
2021-09-23 10:07:12 -03:00
Garret Wassermann
66ed61ee6a
Set default autofield to be compatible for django 3.2
2021-09-17 10:09:20 -04:00
Garret Wassermann
f53ee1366d
Create SECURITY.md
2021-09-17 07:57:08 -04:00
Garret Wassermann
fc9002b2ac
Merge pull request #972 from auto-mat/kb-items-dashboard
...
Don't show kbitems on dashboard if there are no unassigned tickets in…
2021-09-15 17:16:30 -04:00
Timothy Hobbs
247fd2e26d
Don't show kbitems on dashboard if there are no unassigned tickets in them
2021-09-14 21:59:25 +02:00
Garret Wassermann
fe17124092
Merge pull request #970 from auto-mat/kb-base-iframe
...
Kb base iframe - fix query param syntax and wording.
2021-09-14 02:15:54 -04:00
Timothy Hobbs
650665b21e
Fix wording of iframe ticket creation buttons
2021-09-13 23:55:49 +02:00
Timothy Hobbs
92caf5f284
Change ; to & when separating query params
2021-09-13 23:42:03 +02:00
Garret Wassermann
00edddbaad
Update docs to recommend using django 3.2 LTS
2021-08-20 02:12:55 -04:00
Garret Wassermann
1559333993
Fix some docs and migrations in prep for 0.3 release, see #878
2021-08-20 02:05:21 -04:00
Garret Wassermann
8a40ceeddd
Merge pull request #967 from auto-mat/iframe-defaults-fix
...
Iframe defaults fix by ensuring queries use ampersands for parameters instead of semicolons
2021-08-19 16:09:35 -04:00
Timothy Hobbs
a9e5cfa52d
Fix hidden field query args
2021-08-19 22:00:18 +02:00
Timothy Hobbs
b708b786d4
Add failing test for hidden field query args
2021-08-19 22:00:06 +02:00
Timothy Hobbs
f4b7e899fa
Change query arg delimiter from ; to &
2021-08-19 22:00:01 +02:00
Garret Wassermann
610460dfd6
Merge pull request #965 from auto-mat/large-desk-performance
...
Fixes: performance and crash
2021-08-19 14:04:26 -04:00