Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/views
History
Alex Vandiver 23894fc9a3 uploads: Set Content-Type and -Disposition from Django for local files. 
Similar to the previous commit, Django was responsible for setting the
Content-Disposition based on the filename, whereas the Content-Type
was set by nginx based on the filename.  This difference is not
exploitable, as even if they somehow disagreed with Django's expected
Content-Type, nginx will only ever respond with Content-Types found in
`uploads.types` -- none of which are unsafe for user-supplied content.

However, for consistency, have Django provide both Content-Type and
Content-Disposition headers.
 		2023-02-07 17:12:02 +00:00
..
development ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
__init__.py
alert_words.py actions: Split out zerver.actions.alert_words. 2022-04-14 17:14:31 -07:00
attachments.py actions: Split out zerver.actions.uploads. 2022-04-14 17:14:32 -07:00
auth.py registration: Track create organization page in GA. 2023-02-05 10:24:32 -08:00
compatibility.py django: Use HttpRequest.headers. 2022-05-13 20:42:20 -07:00
custom_profile_fields.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
digest.py mypy: Fix most AnonymousUser type errors. 2021-07-24 14:55:46 -07:00
documentation.py api-docs: Move markdown files to top level directory. 2023-02-02 17:25:40 -08:00
drafts.py backend: Add request as parameter to json_success. 2022-02-04 15:16:56 -08:00
email_mirror.py backend: Add request as parameter to json_success. 2022-02-04 15:16:56 -08:00
events_register.py ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
home.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
hotspots.py actions: Split out zerver.actions.hotspots. 2022-04-14 17:14:31 -07:00
invite.py ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
message_edit.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
message_fetch.py ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
message_flags.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
message_send.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
presence.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
push_notifications.py backend: Add request as parameter to json_success. 2022-02-04 15:16:56 -08:00
reactions.py actions: Split out zerver.actions.reactions. 2022-04-14 17:14:35 -07:00
read_receipts.py read_receipts: Exclude muted users from read receipts. 2022-09-16 16:19:54 -07:00
realm.py ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
realm_domains.py realm_domains: Allow only owners to add, edit or delete domains. 2022-09-16 15:27:52 -07:00
realm_emoji.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
realm_export.py realm_export: Add transaction.atomic to export_realm. 2023-01-26 10:49:19 -08:00
realm_icon.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
realm_linkifiers.py realm: Create RealmAuditLog entry when removing realm linkifiers. 2022-07-31 18:32:28 -07:00
realm_logo.py upload: Add assertions before accessing uploaded files. 2022-06-23 22:09:05 -07:00
realm_playgrounds.py actions: Split out zerver.actions.realm_playgrounds. 2022-04-14 17:14:30 -07:00
registration.py registration: Track create organization page in GA. 2023-02-05 10:24:32 -08:00
report.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
storage.py backend: Add request as parameter to json_success. 2022-02-04 15:16:56 -08:00
streams.py streams: Allow setting can_remove_subscribers_group_id while creating streams. 2023-02-05 14:46:36 -08:00
submessage.py actions: Split out zerver.actions.submessage. 2022-04-14 17:14:30 -07:00
thumbnail.py docs: Remove some outdated references to thumbnailing.md doc. 2022-07-12 17:44:24 -07:00
tutorial.py backend: Add request as parameter to json_success. 2022-02-04 15:16:56 -08:00
typing.py actions: Split out zerver.actions.typing. 2022-04-14 17:14:30 -07:00
unsubscribe.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
upload.py uploads: Set Content-Type and -Disposition from Django for local files. 2023-02-07 17:12:02 +00:00
user_groups.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
user_mutes.py user_mutes: Rename 'muting.py' to 'user_mutes.py'. 2023-02-07 00:23:47 +05:30
user_settings.py ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
user_topics.py user_topics: Move topic muting functions to user_topics.py. 2023-02-07 00:23:47 +05:30
users.py ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
video_calls.py actions: Split out zerver.actions.video_calls. 2022-04-14 17:14:30 -07:00
zephyr.py ruff: Fix PLW0602 Using global but no assignment is done. 2023-01-04 16:25:07 -08:00