oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-07-23 17:48:30 +00:00
Code Wiki Activity
773 commits 5 branches 81 tags 8.2 MiB
Commit graph

228 commits

Author SHA1 Message Date
Unrud
6be7dab03f Correct function name 2016-01-14 23:07:53 +01:00
Guillaume Ayoub
f8b068e9fe Version 1.1.1 2016-01-07 23:31:19 +01:00
Guillaume Ayoub
e47b50421e Version 1.1 2015-12-31 12:51:23 +01:00
Unrud
1ad994cadf Move sanitize_path into pathutils.py 2015-12-24 14:39:15 +01:00
Unrud
ed44830447 Error message if path not starting with prefix 
Before the program crashed implicitly
 2015-12-24 14:32:21 +01:00
Unrud
780cecc0f2 Always sanitize request URI 
Do no rely on the HTTP server
 2015-12-24 14:32:21 +01:00
Unrud
ee095a463d Improve URI sanitation 
The old implementation failed to sanitize URIs
like ".", "..", "../.." or "//"
 2015-12-24 14:32:21 +01:00
Unrud
592537e37c Introduce naming scheme for request handlers 
The do_ prefix and upper case name allows easy
distinction between methods that handle requests
and other methods.
Without this distinction an attacker could
call arbitrary methods.
Currently there is no method that matches the
argument count, but that's easy to miss when new
methods are added.
 2015-12-24 07:22:55 +01:00
Unrud
7cb31fe22b Improve regex for Well-Known URIs 
Example to show the problem:
/Xwell-known/carddavXX
 2015-12-22 12:44:19 +01:00
Guillaume Ayoub
6babebd315 Version 1.0.1 2015-09-21 12:14:51 +02:00
Guillaume Ayoub
377762e23c Version 1.0 2015-09-14 11:49:34 +02:00
Guillaume Ayoub
ce9fd74d98 Merge pull request #260 from deronnax/not_found_instead_of_gone 
change GET response from GONE to NOT FOUND when item is not found
 2015-08-21 15:34:59 +02:00
Guillaume Ayoub
c249e080af Merge pull request #273 from untitaker/issue117 
Fix another instance of #117
 2015-04-29 19:09:38 +02:00
Guillaume Ayoub
a0fc07a894 Allow content-types with ';' in charset, fix #279 2015-04-29 19:08:20 +02:00
Markus Unterwaditzer
78e203a2b9 Fix another instance of #117 2015-03-22 12:25:54 +01:00
deronnax
5b8333c2b0 change GET response from GONE to NOT FOUND when item is not found 2015-02-09 11:03:06 +01:00
Guillaume Ayoub
a7700f9805 Don't crash when getting unknown events (fix #258) 2015-02-08 17:11:29 +01:00
Guillaume Ayoub
2c4b335fad Clean the ical API 2015-02-07 17:26:20 +01:00
deronnax
240125aca7 don't pick timezones when asking for contacts 2015-02-07 14:11:43 +01:00
Guillaume Ayoub
7135367640 Version 0.10 2015-01-12 18:40:42 +01:00
Guillaume Ayoub
c932ba230e Fix Python 3 compatibility 2014-10-22 16:28:08 +02:00
Guillaume Ayoub
1f9c568720 Don't recreate the regular expression for each request 2014-10-22 11:32:25 +02:00
Guillaume Ayoub
2cf34a0d67 Cosmetic changes 2014-10-21 13:13:16 +02:00
Guillaume Ayoub
4e59d734a1 Merge pull request #225 from deronnax/well-known 
Support "well known" URLs
 2014-10-21 13:03:18 +02:00
deronnax
8ec00f08df throw 401 in case of failed variable substition for .well-known url 2014-10-21 12:30:14 +02:00
deronnax
f846f107e6 now with regex 2014-10-21 11:57:42 +02:00
deronnax
b863e8390e add ".well-known" addresses feature (closes #126) 2014-10-20 18:51:43 +02:00
deronnax
c180b4ace3 decode http resquest content later 2014-10-20 17:32:10 +02:00
Guillaume Ayoub
a6884492a2 Version 0.9 2014-08-13 13:12:19 +02:00
Guillaume Ayoub
9ad9c466e2 Add an option allowing requests without base_prefix 
Related to #147, patch proposed by jheidemann
 2014-08-06 11:51:11 +02:00
Guillaume Ayoub
a5c5f2494f New version 2014-07-28 13:03:06 +02:00
Guillaume Ayoub
a65f96fe41 Fix syntax error 2014-07-28 11:28:12 +02:00
Guillaume Ayoub
f92f9f5e7d Merge pull request #175 from Ede123/master 
Return "401 unauthorized" on unauthorized DELETE requests (fixes #125)
 2014-07-28 11:20:45 +02:00
Mathieu Dupuy
a94984b653 revert of 00674fe 2014-07-25 15:41:56 +02:00
Ede123
c9bd2d0135 Signed-off-by: Ede123 <Eduard.Braun2@gmx.de> 2014-06-21 15:34:22 +02:00
Guillaume Ayoub
6854cd0ee3 Use warning instead of warn for logging (fix #170) 2014-06-15 10:19:34 +02:00
Markus Kaiserswerth
0dee34b3a8 Add SSL ciphers argument only if supported, fixes Python 2.6 compat 2014-03-19 14:04:25 +01:00
Guillaume Ayoub
45f8e76643 Revert "Follow the depth in REPORT requests" 
This reverts commit 9556508b2a.
 2014-03-05 19:26:42 +01:00
Guillaume Ayoub
9556508b2a Follow the depth in REPORT requests 2014-03-04 01:37:14 +01:00
Guillaume Ayoub
066dffd614 Cut line 2014-03-04 01:08:56 +01:00
Guillaume Ayoub
3bd5b8f0fc Let's try to release 0.9 beta 1 2014-02-24 23:26:40 +01:00
Guillaume Ayoub
701df2d201 Use environ.get instead of try/except 2014-02-05 13:01:49 +01:00
Guillaume Ayoub
f7c7746643 Merge pull request #99 from horazont/fix-preauth 
Fix issues if authentication is done by web server
 2014-02-05 12:59:45 +01:00
Christoph Polcin
3aa992e518 Find collections if necessary 2014-01-19 20:11:47 +01:00
Christoph Polcin
90d82d044c Fix access to collections 
under certain conditions it was possible to pass the final access control
if-clause. the master branch granted access if:

    if ((read_allowed_items or write_allowed_items)
        and (not user or auth.is_authenticated(user, password))) or
        function == self.options or not items:

the easy-connect branch from pull request #95 adds:
    (is_authenticated and function == self.propfind) or

the last `or not items` condition levers out the previous authentication and
access control. that isn't that big secuity issue because in this case there
are no collection and items at all. but "bad" and anonymous users could gather
data and information which not destined for them.

this commit fixes and simplifies the if-clause.
 2014-01-19 20:04:37 +01:00
Christoph Polcin
83db27303f Respond to all authenticated PROPFIND requests 2014-01-19 19:35:46 +01:00
Jonas Wielicki
d9df9a36e1 Fix issues if authentication is done by web server 
This patch fixes `user` always being None if the authentication is
offloaded to the webserver, as it is suggested in the documentation.

For normal access, this is not a problem, but it becomes a problem if a
client wants to get the current-user-principal, for which the user name
is required.
 2014-01-14 20:46:47 +01:00
Sergey Fursov
dca10fa14e Different rights management backends 
Initially only one backend - regular expressions based
 2013-12-25 03:44:24 +04:00
Jean-Marc Martins
7ac971e022 Fix wrong syntax in config file and fix #58 2013-12-23 16:45:15 +01:00
Jean-Marc Martins
f377bd1356 Fix ssl protocol 2013-12-13 15:17:30 +01:00