TouchInstinct
/
Radicale
306
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
781 Commits 1 Branch 0 Tags 3 MiB
Commit Graph

566 Commits

Author SHA1 Message Date
Guillaume Ayoub 2ea35a2fc3 Merge pull request #209 from vuntz/no-autocreate-multifilesystem 
Do not autocreate .props files for multifilesystem backend
 2016-03-10 18:48:29 +01:00
Guillaume Ayoub 3a4184d1ab Merge pull request #351 from Unrud/patch-6 
Quick fix for multifilesystem
 2016-01-15 10:54:47 +01:00
Guillaume Ayoub 060d265129 Merge branch 'master' of github.com:Kozea/radicale 2016-01-15 10:51:24 +01:00
Guillaume Ayoub 9a2668e425 Fix the Collection._parse docstring 2016-01-15 10:50:36 +01:00
Unrud a55cff8eb6 Also remove items from the collections itself 2016-01-15 01:13:18 +01:00
Unrud 5081fcbcd1 Use component names to filter duplicates 2016-01-15 01:09:43 +01:00
Unrud 6be7dab03f Correct function name 2016-01-14 23:07:53 +01:00
Guillaume Ayoub f8b068e9fe Version 1.1.1 2016-01-07 23:31:19 +01:00
Guillaume Ayoub 83304c1378 Stupid me, that was PEP 20 (fix 347 for Python 2 too) 2016-01-06 21:44:20 +01:00
Guillaume Ayoub 620d9f8316 Readability counts - PEP8™ (fix #347) 2016-01-06 20:19:12 +01:00
Guillaume Ayoub e47b50421e Version 1.1 2015-12-31 12:51:23 +01:00
Guillaume Ayoub e7ce00d54f Style 2015-12-31 12:49:41 +01:00
Guillaume Ayoub b484d42547 Merge pull request #335 from Kozea/permissions 
Use the first matching section for getting rights
 2015-12-31 11:30:29 +01:00
Guillaume Ayoub 20960bee84 Merge pull request #339 from Unrud/patch-2 
Improve daemonization
 2015-12-24 16:00:39 +01:00
Unrud eed37792ae Convert filesystem paths safely to paths 
This only becomes a problem if the OS/filesystem
allows / in filenames or . respectively
.. as filenames.
 2015-12-24 14:39:29 +01:00
Unrud bcaf452e51 Convert component names safely to filenames 
Component names are controlled by the user and
without this checks access to arbitrary files is
possible if the multifilesystem backend is used.
 2015-12-24 14:39:29 +01:00
Unrud b4b3d51f33 Convert paths safely to file system paths 
With the old implementation on Windows a path like
"/c:/file/ignore" got converted to "c:\file" and
allowed access to files outside of FOLDER
 2015-12-24 14:39:29 +01:00
Unrud 6b7e79a368 Use sanitize_path instead of normpath 
See a7b47f075499a1e1b40539bc1fa872a3ab77a204
The check for "." is now needless because the sane
path is always absolute.
```path.replace(os.sep, "/")``` is only relevant
for the (multi)filesystem backend and should be
there.
 2015-12-24 14:39:24 +01:00
Unrud 1ad994cadf Move sanitize_path into pathutils.py 2015-12-24 14:39:15 +01:00
Unrud ed44830447 Error message if path not starting with prefix 
Before the program crashed implicitly
 2015-12-24 14:32:21 +01:00
Unrud 780cecc0f2 Always sanitize request URI 
Do no rely on the HTTP server
 2015-12-24 14:32:21 +01:00
Unrud ee095a463d Improve URI sanitation 
The old implementation failed to sanitize URIs
like ".", "..", "../.." or "//"
 2015-12-24 14:32:21 +01:00
Unrud 592537e37c Introduce naming scheme for request handlers 
The do_ prefix and upper case name allows easy
distinction between methods that handle requests
and other methods.
Without this distinction an attacker could
call arbitrary methods.
Currently there is no method that matches the
argument count, but that's easy to miss when new
methods are added.
 2015-12-24 07:22:55 +01:00
Unrud 4bfe7c9f79 Prevent "regex injection" 
If an attacker is able to authenticate with a user name like .* he can bypass limitations imposed by "owner_write" and "owner_only".
 2015-12-23 07:05:20 +01:00
Unrud 7cb31fe22b Improve regex for Well-Known URIs 
Example to show the problem:
/Xwell-known/carddavXX
 2015-12-22 12:44:19 +01:00
Unrud 367ca6fcbf Replace standard file descriptors of daemon 
Overwriting ```sys.stdout``` and ```sys.stderr``` is not sufficient.
(e.g. the logger still uses the old file descriptors)
 2015-12-22 08:50:16 +01:00
Unrud ecb8ad747e Decouple the daemon from its parent environment 2015-12-22 08:50:16 +01:00
Unrud 3a9238f670 Check and create PID file in a race-free manner 2015-12-22 08:50:16 +01:00
Unrud 0a09804821 Close PID file 2015-12-22 08:49:58 +01:00
Unrud 80ecae40cb Assign new items to correct key 2015-12-10 09:46:38 +01:00
Guillaume Ayoub e807c3d35b Use the first matching section for getting rights 2015-12-03 15:22:12 +01:00
Guillaume Ayoub 7b82121c12 Encode message and committer for git commits (fix #313) 2015-09-22 11:01:33 +02:00
Guillaume Ayoub 6babebd315 Version 1.0.1 2015-09-21 12:14:51 +02:00
Guillaume Ayoub 377762e23c Version 1.0 2015-09-14 11:49:34 +02:00
Guillaume Ayoub f112a9b390 Merge pull request #305 from untitaker/database-props 
Don't discard PROPPATCH on empty collections.
 2015-08-28 11:26:10 +02:00
Markus Unterwaditzer 57b1ccdea5 Fix crash on empty values 2015-08-21 20:11:44 +02:00
Markus Unterwaditzer 213cb40480 Don't discard PROPPATCH on empty collections. 2015-08-21 20:08:56 +02:00
Markus Unterwaditzer d300949fe8 Improve errorhandling in multifilesystem 
If the collection doesn't exist yet, OSError(2, 'No such file or
directory') is raised.

https://travis-ci.org/untitaker/vdirsyncer/jobs/42540595
 2015-08-21 16:17:00 +02:00
Guillaume Ayoub ce9fd74d98 Merge pull request #260 from deronnax/not_found_instead_of_gone 
change GET response from GONE to NOT FOUND when item is not found
 2015-08-21 15:34:59 +02:00
Stephen Paul Weber 2de4f53fc3 Use PAM service 
This allows authentication types to be customised for radicale.
 2015-08-11 16:46:46 -05:00
Guillaume Ayoub b4438d25f7 Cosmetics in htpasswd 2015-07-29 14:00:49 +02:00
Jan-Philip Gehrcke 3abbdcf671 htpasswd.py: add optional MD5-APR1 and BCRYPT support via passlib. 
- Update docstring for optional MD5-APR1/BCRYPT support via passlib.
- Support the "md5" and "bcrypt" htpasswd_encryption config values.
- Conditionally import the required passlib components if either
  "md5" or "bcrypt" is requested in the configuration file.
- Test bcrypt backend availability upon import.
- First define verification functions, then conditionally import
  external dependencies.
- Consolidate: use context manager for reading credential file.
- Consolidate: save one call to strip() while parsing.
- Consolidate: break long lines, clarify comments and docstrings.
- Consolidate: use verification function mapping for improving maintainability.
 2015-07-29 13:12:18 +02:00
Guillaume Ayoub 22a356bd06 Merge branch 'master' of github.com:Kozea/radicale 2015-07-24 16:01:38 +02:00
Guillaume Ayoub 8604593512 Fix many tests and database storage 2015-07-24 16:01:03 +02:00
Liam ba5d38d09b Fix typo 2015-05-15 13:47:44 +01:00
Matthew Monaco bf96d4a1fa Use path for git commit message 
The hard-coded message isn't very helpful, and that info is shown by the
author when looking at single line logs.
 2015-05-04 13:33:52 -06:00
Guillaume Ayoub ced7e76ba0 Small style fixes 2015-05-01 10:31:25 +02:00
Guillaume Ayoub 675f9d1f87 Merge pull request #255 from jspricke/fix_FutureWarning 
Fix FutureWarning, explicitly test prop_element for None
 2015-05-01 10:22:38 +02:00
Guillaume Ayoub 4cbabd2840 Merge pull request #259 from untitaker/issue258 
Fully fix #258
 2015-04-29 19:13:25 +02:00
Guillaume Ayoub c249e080af Merge pull request #273 from untitaker/issue117 
Fix another instance of #117
 2015-04-29 19:09:38 +02:00