Custom Query (1173 matches)
Results (46 - 48 of 1173)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #649 | fixed | Use form.field.data instead of request.form['field'] | ||
| Description |
After submitting a form, our code needs to fetch the data from the form and put it to good use (update the db!). Our current code uses: form = EditForm(request.form)
if ... and form.validate():
some_object.one_field = request.form.get('one_field')
some_object_two_field = request.form['two_field']
This works mostly, but doesn't benefit from all the validation and cleanup that wtforms gives us. So this should be rewrittn to: form = EditForm(request.form)
if ... and form.validate():
some_object.one_field = form.one_field.data
some_object_two_field = form.two_field.data
This can be done in small chunks on a file by file basis, or whatever fits someone wanting to work on this. No need to do all at once. Small changes are easier to review anyway. |
|||
| #51 | FIXED | Handing of bad media types (html!) | ||
| Description |
Currently you can try to upload a html file. What happens currebtly? It sticks in the queue, because celery goes crazy on it. The good news: It does not end up in a public place. What should NEVER, ever happen: The file being put in a public place. It's the best XSS attack to come up with. Rating this high, because this needs to be right for security reasons. |
|||
| #296 | FIXED | No way to change your password without going through "forgot password" | ||
| Description |
It should be possible for users to change their passwords from the "edit profile" page. Pretty simply, this should work like: - Supply your current password - Supply your new password - Supply it again This should be pretty easy to implement. |
|||
Note:
See TracQuery
for help on using queries.
