Custom Query (1173 matches)
Results (46 - 48 of 1173)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#649 | fixed | Use form.field.data instead of request.form['field'] | ||
Description |
After submitting a form, our code needs to fetch the data from the form and put it to good use (update the db!). Our current code uses: form = EditForm(request.form) if ... and form.validate(): some_object.one_field = request.form.get('one_field') some_object_two_field = request.form['two_field'] This works mostly, but doesn't benefit from all the validation and cleanup that wtforms gives us. So this should be rewrittn to: form = EditForm(request.form) if ... and form.validate(): some_object.one_field = form.one_field.data some_object_two_field = form.two_field.data This can be done in small chunks on a file by file basis, or whatever fits someone wanting to work on this. No need to do all at once. Small changes are easier to review anyway. |
|||
#51 | FIXED | Handing of bad media types (html!) | ||
Description |
Currently you can try to upload a html file. What happens currebtly? It sticks in the queue, because celery goes crazy on it. The good news: It does not end up in a public place. What should NEVER, ever happen: The file being put in a public place. It's the best XSS attack to come up with. Rating this high, because this needs to be right for security reasons. |
|||
#296 | FIXED | No way to change your password without going through "forgot password" | ||
Description |
It should be possible for users to change their passwords from the "edit profile" page. Pretty simply, this should work like: - Supply your current password - Supply your new password - Supply it again This should be pretty easy to implement. |