Commit Graph

322 Commits

Author SHA1 Message Date
Martin Zimmermann
f50b0b0ffb Back to development: 0.5.3 2013-12-08 00:41:39 +01:00
Martin Zimmermann
793f2dcb7f Preparing release 0.5.2 2013-12-08 00:41:39 +01:00
Martin Zimmermann
3fcf079ed1 use el.getAttribute instead of el.dataset to support IE10 m( 2013-12-08 00:41:39 +01:00
Martin Zimmermann
6c06b69dc5 another approach to fix #40 (return 403 on false Content-Type)
When an attacker uses a <form> to downvote a comment, the browser
*should* add a `Content-Type: ...` header with three possible values:

    * application/x-www-form-urlencoded
    * multipart/form-data
    * text/plain

If the header is not sent or requests `application/json`, the
request is not forged (XHR is restricted by CORS separately).
2013-12-08 00:33:13 +01:00
Martin Zimmermann
580f63606e Back to development: 0.5.2 2013-11-21 10:34:58 +01:00
Martin Zimmermann
9541f61900 Preparing release 0.5.1 2013-11-21 10:34:48 +01:00
Martin Zimmermann
30edf6ca28 add route for comment activation 2013-11-21 10:34:21 +01:00
Martin Zimmermann
a43ac60552 translate deletion and activation links 2013-11-21 10:34:16 +01:00
Martin Zimmermann
f9507a3eec Preparing release 0.5 2013-11-17 15:54:20 +01:00
Martin Zimmermann
8196f3f465 remove unnecessary imports 2013-11-17 15:49:25 +01:00
Martin Zimmermann
17aa3e6fc5 use english text for mail notifications 2013-11-17 15:44:40 +01:00
Martin Zimmermann
97cc894d8c update changelog 2013-11-17 12:20:03 +01:00
Martin Zimmermann
60d15e0f41 fix unittest 2013-11-17 11:57:48 +01:00
Martin Zimmermann
b9158a660c move SocketHTTPServer to isso/wsgi.py 2013-11-17 11:57:41 +01:00
Martin Zimmermann
96f29e1cc5 add query parameter to build status to hopefully avoid caching 2013-11-17 11:31:51 +01:00
Martin Zimmermann
9c94e66702 add fr.js to i18n module, appendum to #38 2013-11-17 11:28:24 +01:00
Martin Zimmermann
aeb7c35d8f override useragent's language with data-isso-lang 2013-11-17 11:27:48 +01:00
Martin Zimmermann
2e9c21db15 add X-Origin to GET requests, so isso.dispatch works on a single host 2013-11-17 11:16:46 +01:00
Martin Zimmermann
8a408aea1d reST is hard 2013-11-17 00:43:01 +01:00
Martin Zimmermann
6f66960df8 add an isso.dispatch module to support multiple sites, #34 2013-11-17 00:35:32 +01:00
Martin Zimmermann
b21e216b06 mv app/fancy to /app/lib/fancy 2013-11-16 23:41:52 +01:00
Martin Zimmermann
edafc5f88f client configuration for reply-to-self
also: move data-isso-* configuration to app/config
2013-11-16 22:21:00 +01:00
Martin Zimmermann
64c0d770c6 remove edit and remove buttons when comment is marked as deleted 2013-11-16 21:42:11 +01:00
Martin Zimmermann
519112a8fc add some documentation 2013-11-16 21:41:54 +01:00
Martin Zimmermann
320cb7313f upgrade notifications for old configuration values 2013-11-16 20:54:21 +01:00
Martin Zimmermann
0d3d5e4f94 update changelog 2013-11-16 20:43:21 +01:00
Martin Zimmermann
2446e6ac6a Merge pull request #38 from sploinga/master
French translation
2013-11-16 11:36:56 -08:00
Sploinga
5a20a4a4bf French translation 2013-11-16 20:32:21 +01:00
Martin Zimmermann
5e7ee3dffd use <link> tag to extract the relative post url, fixes #37
The <id> tag does not necessarily contains the full URL, but also
relative URLs:

    <id>http://example.com/foo/bar.html</id>
    <id>/foo/bar.html</id>
    <id>foo/bar.html</id>
2013-11-16 20:30:48 +01:00
Martin Zimmermann
89ffe98106 add Jenkins CI build status 2013-11-14 22:57:28 +01:00
Martin Zimmermann
0be3c69e1d Merge branch 'fix/spam-guard' 2013-11-13 21:30:23 +01:00
Martin Zimmermann
4367e56734 fix Python 3.3 2013-11-13 21:30:18 +01:00
Martin Zimmermann
d4e7ee134d add option reply-to-self, defaults to false 2013-11-13 21:20:32 +01:00
Martin Zimmermann
70b426d770 add unittest for spam guard 2013-11-13 20:43:00 +01:00
Martin Zimmermann
9f2062a900 fix #35
Also add an option `direct-reply` to control the number of comments
on a thread without referencing a child (to avoid a simple while loop
that `curl -XPOST ...` the url).

Defaults to 3, that means a /24 (or /48 for IPv6) address can only post
3 direct responses on a thread at all.
2013-11-13 20:42:56 +01:00
Martin Zimmermann
6ed9cb02c5 update changelog 2013-11-13 20:27:10 +01:00
Martin Zimmermann
5cbda11158 Merge branch 'fix/bloomfilter' 2013-11-13 20:08:08 +01:00
Martin Zimmermann
6178e93348 add database migration
Clear voters bloomfilter and initialize with an (almost) empty one.
2013-11-13 20:07:23 +01:00
Martin Zimmermann
58645ca945 do not reference bytearray in a method definition, fixes #5
This is a severe issue which makes the current voters bloomfilter
completely useless. Functions are first-class objects in Python, which
lead to interesting "issues" like:

    >>> def foo(x=[]):
    ...     x.append(1)
    ...     print x
    ...

    >>> foo()
    [1]

    >>> foo()
    [1, 1]

For Isso, this means the bloomfilter, which is usually only initialized
with the author's IP address, is now initialized with pretty much all
ip addresses from previous authors, thus makes it impossible for the
author to vote on other's people comments.
2013-11-13 20:07:18 +01:00
Martin Zimmermann
f0ee0a18b1 move unittest helpers into a separate file 2013-11-13 14:25:05 +01:00
Martin Zimmermann
ba19900406 yet another location where I forgot MIT 2013-11-13 08:39:15 +01:00
Martin Zimmermann
1e7a4d43b2 add Changelog for 0.5 (so far) 2013-11-11 12:44:44 +01:00
Martin Zimmermann
6356ce800e add various init scripts 2013-11-11 12:18:10 +01:00
Martin Zimmermann
6aad11c291 mention #isso channel on Freenode 2013-11-11 12:13:01 +01:00
Martin Zimmermann
dfed955f23 Merge branch 'feature/migration' 2013-11-11 12:10:42 +01:00
Martin Zimmermann
d4f2123b58 Merge branch 'tmp/refactorization'
Conflicts:
	isso/utils/__init__.py
2013-11-11 12:10:29 +01:00
Martin Zimmermann
6e85c54a2e refactor views and introduce an API for notifications
Keep Isso modular, not monolithic. Make it easy to integrate a
web interface or add XMPP notifications.

This refactorization includes minor bugfixes and changes:

* CORS middleware did not work properly due to wrong unit tests
* more type checks on JSON input
* new detection for origin and public url, closes #28
* new activation and delete url (no redirect for old urls, but you can
  convert the old urls: copy hash after `/activate/` (or delete) and
  open `/id/<id of comment>/activate/<hash>`
* move crypto.py to utils/

With this commit, SMTP is no longer automatically configured: add
`notify = smtp` to the `[general]` section to use SMTP.
2013-11-11 12:09:19 +01:00
Martin Zimmermann
162fe78aa6 ask to continue import if DB is not empty 2013-11-11 12:02:49 +01:00
Martin Zimmermann
5ca3137ddd add --dry-run option to import command 2013-11-11 11:57:31 +01:00
Martin Zimmermann
a8cd418b5e remove website todo, not a high priority 2013-11-11 11:45:12 +01:00