Google Git
Sign in
apache/allura/HEAD
  1. 1fc0675 enforce text limits for all markdown rendering paths by Dave Brondsema · 2 days ago master
  2. f84206a [#8606] Implement field level encryption for EmailAddress email field by Carlos Cruz · 4 weeks ago
  3. 77dc646 update httpbin testing domain again by Dave Brondsema · 8 days ago
  4. 9635e2f bump webob 1.8.9 -> 1.8.10 by Guillermo Cruz · 8 days ago
  5. c6f48a4 [#8607] lock down get_markdown content type and only to those who could use it to update anyway by Dave Brondsema · 9 days ago
  6. 2a81793 [#8607] another perm check for MRs by Dave Brondsema · 9 days ago
  7. b8de78d [#8606] Add encrypted field for email from the EmailAddress model by Carlos Cruz · 4 weeks ago
  8. f2d93d1 autopep8 by Dave Brondsema · 9 days ago
  9. 481b202 [#8607] scoping checks for ForgeChat by Dave Brondsema · 11 days ago
  10. 3e63f3b [#8607] add explicit perm check on project rest controller by Dave Brondsema · 11 days ago
  11. 2c8e26f [#8607] harden git operations by Dave Brondsema · 14 days ago
  12. 160216b [#11645] Fix email subject text for authentication link test by Carlos Cruz · 10 days ago
  13. 1a0e24b [#11645] Use jQuery cookie plugin to get CSRF token by Carlos Cruz · 10 days ago
  14. 5009819 [#11645] Restore Authentication Link text in email subject by Carlos Cruz · 10 days ago
  15. 3c97522 [#11645] Force /auth/logout to go through a POST request by Carlos Cruz · 2 weeks ago
  16. 0640949 [#8607] solr: syntax problems deserve an escaped retry; don't expose underlying error messages by Dave Brondsema · 3 weeks ago
  17. e0de4b3 [#8607] solr: strip local-params syntax by Dave Brondsema · 3 weeks ago
  18. 38b68f9 [#8607] solr: move **kw to specific params for all other tools using common search_app helper by Dave Brondsema · 3 weeks ago
  19. 27f7a69 [#8607] solr: change ticket searches from **kw passthru to explicit by Dave Brondsema · 3 weeks ago
  20. 13675be [#8607] ./run_tests QoL: show final message, allow trailing slash for tab-complete of suites by Dave Brondsema · 3 weeks ago
  21. 08db853 [#8607] remove useless try/except/raise by Dave Brondsema · 3 weeks ago
  22. d4b5031 [#8607] remove potential info disclosure by Dave Brondsema · 3 weeks ago
  23. ea0aa7f [#8607] svn tarball path safety by Dave Brondsema · 3 weeks ago
  24. 5f8dca2 [#8607] be extra safe with display names by Dave Brondsema · 3 weeks ago
  25. 4a1ac65 [#8607] various has_access improvements by Dave Brondsema · 3 weeks ago
  26. c17f5cb [#8607] check activity nbhd by Dave Brondsema · 3 weeks ago
  27. ca1ac59 [#8607] check subproject parent by Dave Brondsema · 3 weeks ago
  28. a23ae35 [#8607] replace last pickle usage with our own bit of compatible code by Dave Brondsema · 3 weeks ago
  29. 717a0f1 [#8607] remove old pickle-based session support by Dave Brondsema · 4 weeks ago
  30. 281e56b [#8607] add X-Content-Type-Options header by Dave Brondsema · 3 weeks ago
  31. 4f58190 [#8607] harden attachment upload by Dave Brondsema · 4 weeks ago
  32. e53e9e3 [#8607] test for save_attachments (export) path handling by Dave Brondsema · 4 weeks ago
  33. 36c6133 [#8607] check client_id when making bearer token by Dave Brondsema · 4 weeks ago
  34. bb89bba [#8607] perm checks in markdown_to_html and fix wiki tool check by Dave Brondsema · 4 weeks ago
  35. 2a6733f [#8607] safer pwd comparison by Dave Brondsema · 4 weeks ago
  36. c57d710 [#8607] replace random with secrets in some places by Dave Brondsema · 4 weeks ago
  37. b983158 [#8607] check subscribe here too by Dave Brondsema · 4 weeks ago
  38. 5a99493 [#8607] check before mailbox sub too by Dave Brondsema · 4 weeks ago
  39. b763ed7 [#8607] check mailbox owner by Dave Brondsema · 4 weeks ago
  40. 13d1f75 [#8607] check project when loading role_id inputs by Dave Brondsema · 4 weeks ago
  41. da78898 [#8607] move |safe to be directly on the string source by Dave Brondsema · 4 weeks ago
  42. a3d4086 [#8607] check app_config_id in update_forums by Dave Brondsema · 4 weeks ago
  43. 120de2c [#8607] add comments, add test by Dave Brondsema · 4 weeks ago
  44. b8d1b43 [#8607] test for zipdir symlink handling by Dave Brondsema · 4 weeks ago
  45. 3d9cc03 [#8607] move webhook send from requests to urlopen so our NoInternal handlers run automatically including on redirects by Dave Brondsema · 4 weeks ago
  46. 01d6fe7 [#8607] test for oembed output security by Dave Brondsema · 4 weeks ago
  47. 3d53e1e [#8607] check for email code mode when verifying email link by Dave Brondsema · 4 weeks ago
  48. ff11615 [#8607] escape html in a few places by Dave Brondsema · 4 weeks ago
  49. 4bb6a49 [#8605] Use C.UTF-8 locale instead of en_US.UTF-8 for SVN export by Dillon Walls · 4 weeks ago
  50. 6f41f01 add & update some mongo indexes by Dave Brondsema · 2 weeks ago
  51. 25fb538 fixup! [#8608] precommit pin dependencies and updates by Guillermo Cruz · 3 weeks ago
  52. 4eef6f1 [#8608] precommit pin dependencies and updates by Guillermo Cruz · 3 weeks ago
  53. 8dd8d20 [#8609] include geo information that could be available for the html template by Guillermo Cruz · 3 weeks ago gc/8609
  54. 9efd8e8 bump idna 3.11 -> 3.15 by Guillermo Cruz · 3 weeks ago
  55. 32aa4dc form-action change from self to base_url to avoid proxied sites by Daniel Castillo · 3 weeks ago
  56. 1f9e0de [#11526] form-action from self to base_url by Daniel Castillo · 5 weeks ago
  57. 61b040c make with_trailing_slash and without_trailing_slash apply to HEAD requests too by Dave Brondsema · 4 weeks ago
  58. 3ba29f3 another fix for clone task validation: move validation down into init_as_clone and do file path and URL validation separately based on which is used by Dave Brondsema · 4 weeks ago
  59. 82a94e6 fix scheme/protocol checking in clone task by Dave Brondsema · 4 weeks ago
  60. 006ae25 change httpbin domain we use, so redirect-to tests keep working by Dave Brondsema · 4 weeks ago
  61. 719ec40 Set up default protection ruleset for default and release branches by The Apache Software Foundation · 4 weeks ago
  62. 6754e9c [#8603] check multifactor login mode by Dave Brondsema · 4 weeks ago
  63. 68b8d44 [#8603] validate URLs on clone tasks too (e.g. if task delayed from form usage, and DNS changes) by Dave Brondsema · 5 weeks ago
  64. bb66149 [#8603] use Markup in SxsOutputGenerator by Dave Brondsema · 5 weeks ago
  65. 8e96d70 [#8603] NonPrivateUrl checks all host=>IP resolutions not just one by Dave Brondsema · 5 weeks ago
  66. b7d28e8 [#8603] escape regexes in tag search by Dave Brondsema · 5 weeks ago
  67. 4fe4e28 [#8603] only permit local access to /auth/repo_permissions by Dave Brondsema · 5 weeks ago
  68. 7013d35 [#8603] use _verify_return_to in pwd_expired_change by Dave Brondsema · 5 weeks ago
  69. 46cb8e6 [#8603] change AlluraUserProperty User reference so that ShortUrl doesn't error strangely on shorturl.create_user = c.user._id (tests were always passing too, weird) by Dave Brondsema · 6 weeks ago
  70. bc0c96d [#8603] add @require_post to a few endpoints by Dave Brondsema · 6 weeks ago
  71. e154040 [#8603] test to know forgeblog/main.py setattr loop is ok by Dave Brondsema · 6 weeks ago
  72. bbd1d71 [#8603] urlopen_allow_internal_hostnames setting should work for webhook and importer forms by Dave Brondsema · 6 weeks ago
  73. 6defa33 [#8603] use NonPrivateUrl on webhooks (does allow for IP addrs now also) by Dave Brondsema · 6 weeks ago
  74. 56e69cb [#8603] disable trac importers by default by Dave Brondsema · 6 weeks ago
  75. 06d41c2 [#8603] don't follow redirects on trac import by Dave Brondsema · 6 weeks ago
  76. 640a285 bumping urllib3 2.6.3 -> 2.7.0 and gitpython 3.1.47 -> 3.1.50 by Guillermo Cruz · 5 weeks ago
  77. 32b897e [#8601] avoid flash samesite cookie issues by showing error on the page directly by Dave Brondsema · 6 weeks ago
  78. b715604 [#8601] Do email verification for untrusted logins even if they did multifactor (protects against MITM attacks) by Dave Brondsema · 7 weeks ago
  79. 6cdda14 [#8601] use full domain in link for plaintext mail version to be better by Dave Brondsema · 7 weeks ago
  80. 32cf99f [#8601] update precommit hook for .md.jinja2 and update hook to published version now by Dave Brondsema · 7 weeks ago
  81. f39d573 [#8601] consistent file extension for mail templates by Dave Brondsema · 7 weeks ago
  82. ee1b878 [#8601] remove very old and not helpful showbrowser() on test assertion failures by Dave Brondsema · 8 weeks ago
  83. b14f36c [#8601] use link instead of code for email auth, and longer code by Dave Brondsema · 8 weeks ago
  84. fd129f6 [#8602] increment bugfix_rev to invalidate template cache by Dillon Walls · 6 weeks ago
  85. 93fa027 [#8602] do not treat periods in text as external urls to be displayed as warnings by Dillon Walls · 7 weeks ago
  86. bc5f3c3 [#11283] Remove plaintext author username field from from_username query by Carlos Cruz · 8 weeks ago
  87. 4650550 encrypt snapshot author nested fields by Carlos Cruz · 3 months ago
  88. 83e27e4 bump gitpython 3.1.46 -> 3.1.47 by Guillermo Cruz · 7 weeks ago
  89. 31840bd remove pygments optimization no longer needed by Dave Brondsema · 7 weeks ago
  90. d38f637 add limit option to convert_encrypted_field.py by Dave Brondsema · 7 weeks ago
  91. 72a3189 Fix convert plaintext to encrypted script to support nested fields by Carlos Cruz · 8 weeks ago
  92. ba211a8 [#8600] Upgrade lxml 6.0.4 -> 6.1.0 by Daniel Castillo · 7 weeks ago dc/8600
  93. 4d4137f [#8600] Upgrade boto3 1.42.89 -> no upgrade by Daniel Castillo · 7 weeks ago
  94. 89f7f8b [#8600] Upgrade setuptools 81.0.0 -> no upgrade by Daniel Castillo · 7 weeks ago
  95. 86aae54 [#8600] Upgrade pre_commit 4.5.1 -> no upgrade by Daniel Castillo · 7 weeks ago
  96. 0834a0b [#8600] Upgrade gunicorn 25.3.0 -> no upgrade by Daniel Castillo · 7 weeks ago
  97. 86ddacd [#8600] Upgrade pytest-sugar 1.1.1 -> no upgrade by Daniel Castillo · 7 weeks ago
  98. 3c97e99 [#8600] Upgrade pytest-xdist 3.8.0 -> no upgrade by Daniel Castillo · 7 weeks ago
  99. b32067a [#8600] Upgrade pytest 9.0.3 -> no upgrade by Daniel Castillo · 7 weeks ago
  100. 5a0ca11 [#8600] Upgrade ruff 0.15.10 -> no upgrade by Daniel Castillo · 7 weeks ago