Custom Query (1173 matches)


Show under each result:

Results (46 - 48 of 1173)

Ticket Resolution Summary Owner Reporter
#649 fixed Use instead of request.form['field'] Hans Lo Elrond

After submitting a form, our code needs to fetch the data from the form and put it to good use (update the db!).

Our current code uses:

  form = EditForm(request.form)
  if ... and form.validate():
    some_object.one_field = request.form.get('one_field')
    some_object_two_field = request.form['two_field']

This works mostly, but doesn't benefit from all the validation and cleanup that wtforms gives us. So this should be rewrittn to:

  form = EditForm(request.form)
  if ... and form.validate():
    some_object.one_field =
    some_object_two_field =

This can be done in small chunks on a file by file basis, or whatever fits someone wanting to work on this. No need to do all at once. Small changes are easier to review anyway.

#51 FIXED Handing of bad media types (html!) Jakob Kramer Elrond
Currently you can try to upload a html file.

What happens currebtly? It sticks in the queue, because celery goes
crazy on it.
The good news: It does not end up in a public place.

What should NEVER, ever happen: The file being put in a public
place. It's the best XSS attack to come up with.

Rating this high, because this needs to be right for security

#296 FIXED No way to change your password without going through "forgot password" Jakob Kramer Christopher Allan Webber
It should be possible for users to change their passwords from the
"edit profile" page.

Pretty simply, this should work like:
- Supply your current password
- Supply your new password
- Supply it again

This should be pretty easy to implement.

Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.