Commit Graph

970 Commits

Author SHA1 Message Date
Jocelyn Delande
cbf63f5a4e default smtp to port=587 and security=starttls 2014-01-26 17:17:09 +01:00
Martin Zimmermann
aae07a3c24 Merge branch 'pr/57' 2014-01-25 22:57:04 +01:00
Martin Zimmermann
b94329fc66 also mention count.min.js 2014-01-25 22:56:55 +01:00
Jocelyn Delande
5cdab92a4b Documentation on comment counter. 2014-01-25 22:22:11 +01:00
Martin Zimmermann
baff120800 fix french pluralform 2014-01-25 22:19:59 +01:00
Martin Zimmermann
442cca5030 Merge pull request #56 from JocelynDelalande/patch-1
Update api.rst
2014-01-25 12:24:37 -08:00
JocelynDelalande
2e60fc7f68 Update api.rst
Added doc on count feature
2014-01-25 20:48:09 +01:00
Martin Zimmermann
cbd449dcd0 Merge branch 'transifex' 2014-01-16 12:01:04 +01:00
Martin Zimmermann
5f990e3697 link example cfg, fix markup errors and show content table, closes #52
and also reword a few paragraphs as suggested via mail.
2014-01-13 19:12:50 +01:00
Martin Zimmermann
3a1f92b8bd use html5lib's sanitizer, supersedes 3713d5e
Python's HTMLParser is smart enough to filter malicious tags but fails
to repair invalid, user-inputted HTML. Instead of re-inventing the
wheel, Isso now uses html5lib's HTMLSanitizer with a whitelist of all
tags generated by Sundown.

Disallowed tags are discarded from the output to match the previous
unittests. This feature is only available for html5lib 0.99(9) and
later. Earlier releases just escape disallowed tags.
2014-01-13 19:11:59 +01:00
Martin Zimmermann
3713d5e8ee allow raw HTML markup for a few (whitelisted) tags
To be compatible with comments from Disqus (and users unfamiliar with
Markdown), Misaka no longer disables user-inputted HTML, but the
generated HTML is now post-processed and all "unsafe" tags (not
possible with Markdown) are discarded.

Whitelist: p, a, pre, blockquote, h1-h6, em, sub, sup, del, ins, math,
           dl, ol, ul, li

This commit also removes an unnecessary newline generated by
Misaka/Sundown.
2014-01-12 14:44:39 +01:00
Martin Zimmermann
36d702c7bc proper use of Misaka's HTML render flags (fix malicious HTML injection)
This commit now sanitizes *all* HTML tags written by the user (also
prevents auto-link to "unsafe" web protocols and images) as intended.

Fortunately because of Sundown's typography support, it did not affect
JS injection, but custom style tags and iframes.

PS: thanks to the anonymous submitter of a comment including a style tag
for 24pt, red font ;-)
2014-01-12 12:58:24 +01:00
Martin Zimmermann
241b278863 whitelist external ipaddr package in tox configuration 2014-01-07 15:52:35 +01:00
Martin Zimmermann
dcd473967b Merge branch 'remove-q-lib' 2014-01-07 14:36:06 +01:00
Martin Zimmermann
6006a12778 fix wrong logic when vote counter stays at zero (e.g. self-vote) 2014-01-07 14:29:51 +01:00
Martin Zimmermann
306d2d9f9e log 5xx errors
Also, fix console.log usage.
2014-01-07 14:28:12 +01:00
Martin Zimmermann
a29393ee3f replace kriskowal/q with 50 LoC homebrew implementation, part of #51
As a result, it is no longer possible to chain promises
(then().then().then(etc.)), but that is actually not an issue for Isso.

The deferred/promise implementation is roughly based on
http://stackoverflow.com/a/17722683 and stackp/promisejs.
2014-01-07 14:28:10 +01:00
Martin Zimmermann
ebf6ca7a85 add Transifex translation to contributing guide 2014-01-06 18:38:16 +01:00
Martin Zimmermann
bfae158bde update translations from Transifex (initial pull) 2014-01-06 18:21:30 +01:00
Martin Zimmermann
4d530fb2f1 add Transifex project configuration file 2014-01-06 18:21:30 +01:00
Martin Zimmermann
055a20606a add tx-pull and tx-push FILE helper scripts
tx-pull fetches translations from Transifex to .tx/<ressource>/<lang>
and converts the JSON into an AMD module. Requires `transifex-client`
from PyPi.

tx-push FILE submits a AMD translation module to Transifex using `curl`
and credentials from ~/.transifexrc.
2014-01-06 18:21:27 +01:00
Martin Zimmermann
9dd066c6a6 reflect security = ... in docs and print warning if used 2014-01-01 22:20:00 +01:00
Martin Zimmermann
c50fe22eb1 fix port -> listen snippet 2014-01-01 22:07:16 +01:00
Martin Zimmermann
ab27ce5450 Merge pull request #48 from chimo/starttls
Adds STARTTLS support to SMTP notifications
2013-12-23 04:43:49 -08:00
Chimo
658e065f23 Adds STARTTLS support to SMTP notifications 2013-12-19 23:36:06 -05:00
Martin Zimmermann
85e637d017 simplify JSON response 2013-12-19 08:56:14 +01:00
Martin Zimmermann
905bd63eee CORS middleware must return bytes 2013-12-19 08:55:53 +01:00
Martin Zimmermann
82da63a81b check if hash is a base-16 string 2013-12-19 08:55:06 +01:00
Martin Zimmermann
e244227f41 convert proxy object to string before passing to urllib 2013-12-19 08:09:09 +01:00
Martin Zimmermann
d4f836fd65 add test for /check-ip 2013-12-18 19:27:36 +01:00
Martin Zimmermann
cbee3f7b2e clarify copyright headers 2013-12-18 16:21:35 +01:00
Martin Zimmermann
ecfaf9828e add faq.rst 2013-12-18 16:20:52 +01:00
Martin Zimmermann
1153b9cf6e extend API documentation 2013-12-18 14:14:37 +01:00
Martin Zimmermann
a728d3e32d add doctest for IPv6 mapped IPv4 addresses 2013-12-18 13:08:57 +01:00
Martin Zimmermann
26b9088c9d add coverage target to Makefile 2013-12-18 13:08:57 +01:00
Martin Zimmermann
2a86b46893 add test for disqus import 2013-12-18 13:08:54 +01:00
Martin Zimmermann
f81b955aa5 use SHA1 instead of MD5 to verify comment owner 2013-12-18 13:01:09 +01:00
Martin Zimmermann
29a825b575 remove unused utility functions 2013-12-18 13:01:05 +01:00
Martin Zimmermann
8bf9b1145a add link to supervisor init script, close #47 2013-12-18 11:59:49 +01:00
Martin Zimmermann
cc1ccfd70d change project status from alpha to beta 2013-12-17 13:43:02 +01:00
Martin Zimmermann
65f260d0ba show session-key on application startup
Maybe useful to see that it really changes if unset. Also reduced key
size to 16 bytes form /dev/urandom (cosmetic reason, still enough).
2013-12-17 13:40:32 +01:00
Martin Zimmermann
a4213e4304 update docstrings for isso.db 2013-12-17 13:30:37 +01:00
Martin Zimmermann
c99fe3d583 remove unused SQLite3.mode attribute 2013-12-17 13:18:43 +01:00
Martin Zimmermann
7255e01375 replace isso module with isso.run 2013-12-16 15:42:43 +01:00
Martin Zimmermann
fcd0a01de3 make_app uses threading.Lock now by default
Uses keyword arguments to use multiprocessing or uwsgi mixin. This
fixes an issue on exotic *BSDs such as NetBSD where Python comes not
with inter-process semaphores (issue 3307):

     mod_wsgi (pid=14365): Target WSGI script '/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi' cannot be loaded as Python module.
     mod_wsgi (pid=14365): Exception occurred processing WSGI script '/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi'.
     Traceback (most recent call last):
       File "/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi", line 8, in <module>
         application = make_app(Config.load("/var/www/vhosts/my.hostname.org/htdocs/isso.cfg"))
       File "/usr/pkg/lib/python2.7/site-packages/isso/__init__.py", line 155, in make_app
         isso = App(conf)
       File "/usr/pkg/lib/python2.7/site-packages/isso/__init__.py", line 91, in __init__
         super(Isso, self).__init__(conf)
       File "/usr/pkg/lib/python2.7/site-packages/isso/core.py", line 223, in __init__
         self.lock = multiprocessing.Lock()
       File "/usr/pkg/lib/python2.7/multiprocessing/__init__.py", line 175, in Lock
         from multiprocessing.synchronize import Lock
       File "/usr/pkg/lib/python2.7/multiprocessing/synchronize.py", line 59, in <module>
         " function, see issue 3770.")
     ImportError: This platform lacks a functioning sem_open implementation, therefore, the required synchronization primitives needed will not function, see issue 3770.
2013-12-16 15:40:18 +01:00
Martin Zimmermann
a7375e8016 Back to development: 0.7 2013-12-16 11:59:33 +01:00
Martin Zimmermann
0f39d17843 Preparing release 0.6 2013-12-16 11:59:29 +01:00
Martin Zimmermann
9db762ad5e italian translation by alzeco 2013-12-12 17:30:40 +01:00
Martin Zimmermann
525b2db6f1 fix french pluralization 2013-12-12 17:29:26 +01:00
Martin Zimmermann
150726df13 Merge branch 'feature/27', override thread id 2013-12-12 13:07:57 +01:00