zulip/zerver/lib
Anders Kaseorg 2d45308546 CVE-2020-10935: Fix XSS vulnerability in local link rewriting.
Make sure rewrite_local_links_to_relative does not accidentally change
the meaning of links.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-01 14:01:45 -07:00
..
bugdown CVE-2020-10935: Fix XSS vulnerability in local link rewriting. 2020-04-01 14:01:45 -07:00
url_preview url_preview: Fix parsing of open graph tags. 2019-12-12 15:24:38 -08:00
webhooks webhooks: Log unexpected webhook events separately. 2019-07-22 18:20:53 -07:00
__init__.py
actions.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
addressee.py addressee: Clean up type ignores. 2019-08-09 16:39:16 -07:00
alert_words.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
attachments.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
avatar.py avatars: Fix gravatar URLs with EMAIL_ADDRESS_VISIBILITY_ADMINS. 2019-11-05 12:33:20 -08:00
avatar_hash.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
bot_config.py mypy: Remove type ignores for python 3 stubs now present in typeshed. 2019-08-06 23:24:56 -07:00
bot_lib.py bots: Decouple user input from imported module. 2020-03-25 16:39:17 -07:00
bot_storage.py python: Stop importing Length from the wrong file. 2019-02-02 17:09:10 -08:00
bulk_create.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
cache.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
cache_helpers.py cache: Remove dead code for caching recipients. 2020-03-17 05:41:11 -07:00
camo.py camo: Clean up type ignores. 2019-08-09 16:39:16 -07:00
ccache.py docs: Convert many http URLs to https. 2020-03-26 21:35:32 -07:00
context_managers.py
create_user.py models: Add recipient foreign key in UserProfile and Stream. 2019-12-09 15:14:41 -08:00
db.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
debug.py docs: Convert many http URLs to https. 2020-03-26 21:35:32 -07:00
dev_ldap_directory.py ldap: Fix development environment configuration. 2019-11-08 14:00:24 -08:00
digest.py emails: Added placeholders strings in FormAddress. 2020-03-27 16:41:02 -07:00
display_recipient.py message perf: Streamline stream name lookups. 2020-03-27 17:20:34 +00:00
domains.py domains: Fix typing for validate_domain. 2019-07-29 15:18:24 -07:00
email_mirror.py email_mirror: also check for Envelope-To 2020-03-25 16:28:46 -07:00
email_mirror_helpers.py email_mirror: Add prefer-html and prefer-text address options. 2020-01-16 15:25:19 -08:00
email_notifications.py emails: Added placeholders strings in FormAddress. 2020-03-27 16:41:02 -07:00
email_validation.py invites: Fix regression w/email vs. delivery_email. 2020-03-12 10:13:08 -04:00
emoji.py emoji_codes: Replace JS module with JSON module. 2020-02-12 10:09:12 -08:00
error_notify.py error_notify: Use internal_send_stream_message(). 2020-02-11 12:20:53 -08:00
events.py events: Fix buggy apply_events handling of starred_messages. 2020-03-22 21:30:23 -07:00
exceptions.py exceptions: RateLimited shouldn't inherit from PermissionDenied. 2020-02-02 19:15:00 -08:00
export.py export: Harden s3 export against directory traversal. 2020-03-25 16:39:17 -07:00
external_accounts.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
fix_unreads.py logging: Switch various logging code paths to use user IDs. 2019-11-15 17:24:01 -08:00
generate_test_data.py generate_test_data: Remove some useless type annotations. 2019-12-13 11:52:23 -08:00
hotspots.py docs: Mention bug in ALWAYS_SEND_ALL_HOTSPOTS feature. 2019-02-27 10:21:30 -08:00
html_diff.py
html_to_text.py html_to_text: Add delimiters between text from different elements. 2019-05-01 17:35:20 -07:00
i18n.py i18n: Move static/locale back to locale. 2019-07-02 14:57:55 -07:00
import_realm.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
initial_password.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
integrations.py integrations: Add AlertManager webhook. 2020-02-14 17:43:15 -08:00
logging_util.py tornado: Log shard id in all logs coming from tornado processes. 2020-03-22 18:26:35 -07:00
management.py management: Fix password reset emails being sent to deactivated users. 2019-08-14 10:50:45 -07:00
mdiff.py zerver core: Remove unused imports. 2019-02-02 17:41:24 -08:00
mention.py bugdown: Store if message has wildcards in MentionData. 2019-12-02 12:12:35 -08:00
message.py messages: Return shallow copy of message object. 2020-03-29 15:12:27 -07:00
migrate.py migrate, create_large_indexes: Use CREATE INDEX IF NOT EXISTS. 2019-06-26 11:01:30 -07:00
mobile_auth_otp.py lint: Fix code that evaded our lint checks for string % non-tuple. 2019-04-23 15:21:37 -07:00
name_restrictions.py docs: Convert many http URLs to https. 2020-03-26 21:35:32 -07:00
narrow.py search: Add streams:public to search entire history of public streams. 2019-08-22 13:40:49 -07:00
onboarding.py api: Use new endpoint for handling reactions. 2019-08-16 14:36:15 -07:00
outgoing_webhook.py messages: Return shallow copy of message object. 2020-03-29 15:12:27 -07:00
parallel.py
presence.py presence: Use realm_id for UserPresence queries. 2020-02-11 13:11:58 -08:00
profile.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
push_notifications.py docs: Convert many http URLs to https. 2020-03-26 21:35:32 -07:00
queue.py queue: Update error callback signatures for Pika 1.1. 2019-11-20 17:23:48 -08:00
rate_limiter.py docs: Convert many http URLs to https. 2020-03-26 21:35:32 -07:00
realm_description.py html_to_text: Add delimiters between text from different elements. 2019-05-01 17:35:20 -07:00
realm_icon.py zerver core: Remove unused imports. 2019-02-02 17:41:24 -08:00
realm_logo.py realm_logo: Remove redundant `realm_logo_url` function. 2019-08-20 12:07:20 -07:00
redis_utils.py redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 21:40:15 -08:00
remote_server.py push_notifs: Handle more requests Exceptions in send_to_push_bouncer. 2019-12-04 09:58:22 -08:00
request.py has_request_variables: Remove query_params dict. 2020-02-15 11:37:18 -08:00
response.py exceptions: Move default json_unauthorized string to response.py. 2020-02-05 15:40:10 -08:00
rest.py tornado: Rewrite Django integration to duplicate less code. 2020-02-13 16:13:11 -08:00
retention.py retention: Update to account for the zulipinternal realm. 2020-02-14 17:15:26 -08:00
send_email.py emails: Added placeholders strings in FormAddress. 2020-03-27 16:41:02 -07:00
server_initialization.py server_initialization: Create Client objects for mobile/desktop. 2020-02-24 23:19:43 -08:00
sessions.py sessions: Implement the concept of expirable session variables. 2020-02-12 11:09:55 -08:00
soft_deactivation.py soft_deactivation: Fix incorrect logging function. 2020-01-28 17:17:43 -08:00
sqlalchemy_utils.py
statistics.py zerver core: Remove unused imports. 2019-02-02 17:41:24 -08:00
storage.py docs: Merge front-end-build-process with html-css. 2019-10-23 13:08:36 -07:00
stream_recipient.py stream_recipient: Eliminate unnecessary queries. 2020-01-08 14:34:43 -08:00
stream_subscription.py perf: Extract get_subscribed_stream_ids_for_user. 2020-03-01 22:38:03 -08:00
stream_topic.py zerver core: Remove unused imports. 2019-02-02 17:41:24 -08:00
streams.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
subdomains.py get_realm: raise DoesNotExist instead of returning None. 2019-05-06 21:58:16 -07:00
test_classes.py tests: Kill off find_one() helper. 2020-03-20 13:40:20 -07:00
test_data.source.txt
test_fixtures.py test_fixtures: Clean up interface for `template_database_status()`. 2020-02-12 11:07:10 -08:00
test_helpers.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_runner.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
tex.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
thumbnail.py is_safe_url: Use allowed_hosts instead of depreciated host argument. 2020-02-04 12:46:53 -08:00
timeout.py docs: Convert many http URLs to https. 2020-03-26 21:35:32 -07:00
timestamp.py
timezone.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
topic.py topic: Add recipient_id to fields for message edit saves. 2020-02-26 16:12:07 -08:00
topic_mutes.py models: Delete get_stream_recipient function and its uses. 2020-02-18 10:49:14 -08:00
transfer.py logging: Switch various logging code paths to use user IDs. 2019-11-15 17:24:01 -08:00
type_debug.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
types.py types: Consistently use DisplayRecipientT for display_recipient objects. 2019-08-20 12:15:30 -07:00
unminify.py unminify: Update for webpack chunk splitting. 2019-11-01 18:25:30 -07:00
upload.py docs: Convert many http URLs to https. 2020-03-26 21:35:32 -07:00
url_encoding.py redirects: Refactor redirect code to use central helper function. 2020-03-25 16:39:17 -07:00
user_agent.py user_agent: Compile the regular expression. 2020-02-14 10:26:37 -08:00
user_groups.py zerver core: Remove unused imports. 2019-02-02 17:41:24 -08:00
user_status.py user status: Add "status_text" support in the backend. 2019-01-24 09:46:35 -08:00
users.py /json/users: Use field.realm for realm lookup. 2020-02-09 22:04:02 -08:00
utils.py tests: Add uuid_get and uuid_post. 2020-03-11 14:18:29 -07:00
validator.py message: Validate propagate_mode parameters. 2020-03-24 12:36:45 -07:00
video_calls.py zoom: Fix handling of 201 status codes from zoom API. 2019-01-16 15:37:06 -08:00
widget.py zerver core: Remove unused imports. 2019-02-02 17:41:24 -08:00
zcommand.py zcommand: Fix broken switch mode message. 2018-08-08 11:29:49 -07:00
zephyr.py python: Remove now-unnecessary str_utils library. 2018-11-27 11:57:54 -08:00