Commit Graph

2337 Commits

Author SHA1 Message Date
Garret Wassermann
2a8c1511ef
Merge pull request #990 from auto-mat/preset
Undo PR #989
2022-01-27 07:56:15 -05:00
Timothy Hobbs
17a1e064e6 Undo PR #989 2022-01-27 10:27:49 +01:00
Benbb96
a2782c07f4 Show active page in sidebar depending on the request path url 2022-01-27 09:51:00 +01:00
Garret Wassermann
e6fddd154e
Merge pull request #989 from jrenaut/patch-1
Fix Javascript typo in tickets.html
2022-01-26 19:07:15 -05:00
Jon Renaut
7ac8d20cbe
Fix Javascript typo
This fix enables uploading new attachments to an existing ticket
2022-01-26 14:26:52 -05:00
Garret Wassermann
3695cfa19d
Remove comma in staff.py to address #988 2022-01-04 11:47:31 -05:00
Garret Wassermann
09494e961e
Merge pull request #987 from wheelert/email-attachment-settings
updated validate_file_extension() to look for defined VALID_EXTENSIONS
2021-12-31 22:22:45 -05:00
Garret Wassermann
ae73fec2a0
Spellchecking in validators.py 2021-12-31 22:21:28 -05:00
Thomas Wheeler
345a713777 updated validate_file_extension() to look for defined VALID_EXTENTIONS in settings.py so its configurable 2021-12-31 14:59:37 -08:00
Garret Wassermann
916ffe750c Update azure pipelines for new branch names 2021-11-21 23:52:46 -05:00
Garret Wassermann
dee21a7727 Merge in 0.3.2 bugfix release 2021-11-21 23:40:20 -05:00
Garret Wassermann
94902ec44f Bump version to 0.3.2 for bugfix 2021-11-21 23:37:25 -05:00
Garret Wassermann
e7de309159 Update CONTRIBUTING for the new branch naming scheme 2021-11-21 23:36:17 -05:00
Garret Wassermann
0d79b6266d Backport patch for #985 2021-11-21 23:25:54 -05:00
Garret Wassermann
f73651f8f9
Merge pull request #985 from noobpk/noobpk-fix-xss-markdown
Add URL schemes that are allowed within links
2021-11-21 23:16:16 -05:00
noobpk
a22eb0673f Update pattern 2021-11-19 23:11:33 +07:00
noobpk
7097c9c4c0 Update pattern and code check 2021-11-19 18:54:34 +07:00
noobpk
4a2ca815fd update pattern fix issue multi-line in text can be bypass 2021-11-19 15:24:40 +07:00
noobpk
c54b89f143 Add URL schemes that are allowed within links
Fix bug Stored XSS via markdown
Disclosure: https://huntr.dev/bounties/be7f211d-4bfd-44fd-91e8-682329906fbd/
2021-11-19 13:00:03 +07:00
Garret Wassermann
ffcc83f91d Sync master with 0.3 2021-11-19 00:37:23 -05:00
Garret Wassermann
96338bd73f Bump version to 0.3.1 2021-11-19 00:34:21 -05:00
Garret Wassermann
44abb19712 Backport #980, #981, #984 to 0.3 2021-11-19 00:30:20 -05:00
Garret Wassermann
b78f89c3ef
Merge pull request #984 from noobpk/noobpk-patch-validators
Add `att.full_clean()` before saving to address file validators not working on email attachments
2021-11-18 02:55:39 -05:00
lethanhphuc
04483bdac3
Add att.full_clean() before saving
Fix issue https://github.com/django-helpdesk/django-helpdesk/issues/983
Also, fix bug stored XSS disclosure: https://huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e/
2021-11-18 10:42:02 +07:00
Garret Wassermann
73787bd245
Merge pull request #981 from GibbsConsulting/master
Update task registration in line with Celery changes
2021-11-17 12:14:56 -05:00
Gibbs Consulting
fedcca42ad
Update tasks.py
Following https://docs.celeryproject.org/en/stable/internals/deprecation.html the importing of the celery task decorator needs to be updated for use with the current version of the celery package.
2021-11-12 11:56:22 -08:00
Garret Wassermann
91b37f6d73
Merge pull request #980 from noobpk/noobpk-fix-xss
Add function `htmlEntities` into template ticket_list.html
2021-11-12 12:02:19 -05:00
lethanhphuc
2c7065e0c4
Add function htmlEntities
`htmlentities()` is a function which converts special characters. This allows you to show to display the string without the browser reading it as HTML.
2021-11-11 17:32:09 +07:00
Garret Wassermann
e016e6699d fix minutes representation in models.py, see #978 2021-10-20 08:11:08 -04:00
Garret Wassermann
3f245871ac
Merge pull request #978 from AmatorAVG/master
Fix minutes representation in format_time_spent in models.py
2021-10-20 08:09:02 -04:00
AmatorAVG
5538985fe1
Update models.py
fix minutes representation in format_time_spent
2021-10-20 14:18:38 +07:00
Garret Wassermann
7a4046b237 azure does not yet support python 3.10 2021-10-19 04:41:56 -04:00
Garret Wassermann
08c41b7206 Really fix azure pipeline testing 2021-10-19 03:31:22 -04:00
Garret Wassermann
8e632830de Fix azure pipeline testing 2021-10-19 02:54:52 -04:00
Garret Wassermann
d0bbb6905a Merge fixes from branch '0.3' 2021-10-18 23:05:38 -04:00
Garret Wassermann
914e751a6d Fix quicktest and update azure config 2021-10-18 23:05:03 -04:00
Garret Wassermann
e6d14b1d3d Update README with azure build status 2021-10-18 22:31:43 -04:00
Garret Wassermann
5ca1f39c23 Update versions and copyrights to begin the 0.4 release dev cycle 2021-10-18 01:16:39 -04:00
Garret Wassermann
266694509f Update CONTRIBUTING to reference the new 0.3 release branch 2021-10-18 01:02:55 -04:00
Garret Wassermann
ec96538a54 Set end date for official 0.2 support, update license copyright years 2021-10-18 00:57:31 -04:00
Garret Wassermann
122d8f7b6a Update documentation for 0.3.0 release, restrict support to python 3.8+ because earlier pythons are no longer supported upstream anyway 2021-10-17 23:49:16 -04:00
Garret Wassermann
0be0e279b7 Update azure pipelines config to test all versions of django supported 2021-10-17 23:34:23 -04:00
Garret Wassermann
751459e5c5 Set max 1 parallel 2021-10-15 02:33:25 -04:00
Garret Wassermann
2d839df7a0 Parallel testing isn't free automatically so skip for now 2021-10-15 02:22:45 -04:00
Garret Wassermann
36e5370a7d Set up CI with Azure Pipelines
[skip ci]
2021-10-15 02:20:40 -04:00
Garret Wassermann
558318f352 Remove old py2 import from setup 2021-10-05 06:28:13 -04:00
Garret Wassermann
aff67184d4 Add attachment validator when uploading attachment to tickets 2021-10-05 06:25:42 -04:00
Garret Wassermann
a5f801bb52 use csrf tokens in all forms 2021-10-04 23:13:38 -04:00
Garret Wassermann
02bdaea76a Add security warning to comments of demodesk about using secure cookies 2021-09-27 23:19:06 -04:00
Garret Wassermann
166d552fba Turn on secure cookie support if the server os environment expects to use secure connections 2021-09-27 22:12:32 -04:00