Conservancy/symposion_app
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
872 commits 2 branches 0 tags 57 MiB
Commit graph

872 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sachi King
0652471164 Sanitize user input on markdown fields 
This is an XSS vulnribilitiy.

This also blocks a number of MD attributes that a user might attempt to
use.

The following are the allowed attributes.

['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li',
'ol', 'p', 'pre', 'strong', 'ul']

I belive this to be acceptable, as honeslty, a speaker using H1 is going
to stomp all over the page and make it harder for the reviewer to parse.

UX wise, it's less than great.  A user can do # title and be left with
<h1> in the sanitized output.
 2017-04-29 15:47:08 +10:00
Sachi King
298b162be6 Flake8 Fixes 
Mostly whitespace fixes
Some unicode fixes
Fixed up CSV writer.  str is not bytes and all.
 2017-04-17 22:51:48 +10:00
Sachi King
ecf14b514d Remove print statements. 
I was originally going to switch to print function, but frankly I can't
see any reason to keep these.  I don't know what data it's leaking into
the logs, but it certainly doesn't seem useful

StringIO is not in Py3.  And it's not used at all, so removing that
import.  Seems to work with Py3 now.  More testing is required.
 2017-04-17 15:47:10 +10:00
Sachi King
de08802d5b If user does not exist, catch exception 
User = None
 2017-04-02 22:07:26 +10:00
Sachi King
0517c61542 Update django-model-utils to support Django 1.10 2017-04-01 17:38:47 +11:00
Sachi King
f9e3603373 Support Django 1.10 with timezone upgrade 
Needed as SubfieldBase is depricated
 2017-03-30 23:16:25 +11:00
Sachi King
8621bdb8fe Use django to do lookups. Removes dj-user-accounts 2017-03-26 12:33:27 +11:00
Sachi King
d5986de870 Use django's login_required decorator 
This only seems to be here to have some custom login_url used bypassing
django's model.  Well as we want to use django's model, this just won't
do.  So lets move to using django's model.
 2017-03-26 12:32:32 +11:00
Sachi King
a8a5d3b5e8 django-sitetree >= 1.7.0 and not use version pin 
In the future, when we want to lock a package to a specific version, we
will do that via a constraints file in the master project.

Making it difficult to update deps is not okay.
 2017-03-26 11:36:11 +11:00
Scott Bragg
c5c272f7d9 Merge pull request #69 from joeladdison/lca2017-ical 
Generate ical description dynamically
 2017-02-14 21:53:31 +11:00
Joel Addison
155f841afa Generate ical description dynamically 
Use method instead of class attribute for ical feed description.
This allows the class to be instantiated without a database being
available (eg. during migrate).
 2017-01-29 22:08:49 +10:00
Scott Bragg
37dd7dd15b Fixed recording release to default false 2017-01-15 15:39:44 +11:00
Scott Bragg
8cf4bf3490 Add twitter to json 2017-01-15 09:55:53 +11:00
Scott Bragg
4e22717639 Add description to ICal feed to help Giggety app identify conference 2017-01-14 09:47:14 +11:00
Christopher Neugebauer
2dbf020a81 Unbreaks URLs 2017-01-13 09:05:47 +11:00
Scott Bragg
46ca912f7c Give all ical events a unique uid and remove shortbreaks 2017-01-12 20:21:47 +11:00
Scott Bragg
73f2cc1d1c Merge pull request #68 from jamezpolley/lca2017 
Handle slots with no Proposal
 2017-01-12 19:51:58 +11:00
James Polley
3d626e8420 Handle slots with no Proposal 
* Use the item kind for a title if there's no proposal
* Use the content_override for the description if there's no proposal
 2017-01-12 16:58:26 +11:00
Scott Bragg
b47cb32bdc Merge pull request #67 from jamezpolley/lca2017 
Include author details in event description
 2017-01-12 16:27:13 +11:00
James Polley
710d377016 Include author details in iCal event description 2017-01-12 16:01:10 +11:00
Scott Bragg
6458f4d436 Merge pull request #66 from lca2017/chrisjrn/session_chair 
Chrisjrn/session chair
 2017-01-10 21:30:57 +11:00
Christopher Neugebauer
34e250322c Adds chair() method to sessions so that templates can easily determine who the chair is. 2017-01-10 21:23:07 +11:00
Christopher Neugebauer
b783901e98 Volunteers need to have a ticket before they can apply to volunteer. 2017-01-10 21:23:07 +11:00
Scott Bragg
ae9f1e0b67 Merge pull request #65 from faulteh/speaker_deets_permission 
Add a permission to view speaker contact details in conference.json
 2017-01-08 13:37:21 +11:00
Scott Bragg
dbb4ebbb70 Add a permission to view speaker contact details in conference.json 2016-12-30 19:21:36 +11:00
Scott Bragg
72c3d623b4 Adds an ical feed and track name to room 2016-12-26 12:14:16 +11:00
Scott Bragg
765e80765c Added Track model for schedule headings 2016-12-24 17:55:11 +11:00
Scott Bragg
7ae022d2c4 Added track name to room, added day option to conference schedule view 2016-12-24 15:24:31 +11:00
Scott Bragg
d6ac7edc5d Added timezone to start/end datetimes 2016-12-23 20:12:38 +11:00
Scott Bragg
a37d620afb Adds an ical feed 2016-12-22 12:00:23 +11:00
Scott Bragg
cdec6e2258 Slot name needs to be looooooonger 2016-12-10 17:37:01 +11:00
Scott Bragg
cc05d09f26 Merge pull request #62 from lca2017/chrisjrn/20161210 
Adds “exclusive” field to slots,
 2016-12-10 17:10:56 +11:00
Scott Bragg
de38ffac9e Needs an additional migration to merge two 0003 migrations in schedule. 2016-12-10 17:07:38 +11:00
Christopher Neugebauer
5e372be5f6 Fixes issue with conference.json view 2016-12-10 14:48:30 +11:00
Christopher Neugebauer
4838adf775 Adds “exclusive” field to slots, so that you don’t need to add every single room to exclusive events (like keynotes) 2016-12-10 08:30:51 +11:00
Scott Bragg
b4356a1551 Merge pull request #61 from faulteh/lca2017 
Increase slot name since it's made up of room names and our room name…
 2016-11-13 15:32:55 +11:00
Scott Bragg
02d7066c44 Increase slot name since it's made up of room names and our room names are long. 2016-11-13 15:31:08 +11:00
Scott Bragg
42372791d5 Don't notify everyone when a proposal changes, only the admins 2016-09-27 19:21:57 +10:00
Christopher Neugebauer
2aa0074bdc Removes speaker assistance options from the profile form. 2016-09-26 11:18:05 +10:00
Scott Bragg
e96bce62ab Merge pull request #57 from lca2017/chrisjrn/september_rebase 
Symposion changes for schedule announcement
 2016-09-18 20:41:44 +10:00
Christopher Neugebauer
699b32b938 Adds “publish changes” behaviour to views so that we can publish edits to abstracts. 2016-09-18 15:52:45 +10:00
Christopher Neugebauer
f42766beef Respects unpublishing in lists. 2016-09-18 15:52:45 +10:00
Christopher Neugebauer
970e002157 Do not show a presentation if it is unpublished 2016-09-18 15:52:45 +10:00
Christopher Neugebauer
3b4a51e6d4 Adds “unpublish” option to presentations (to temporarily hide from the schedule and from view by non-staff) 2016-09-18 15:52:45 +10:00
Scott Bragg
5caedcc09f Merge pull request #53 from lca2017/chrisjrn/better_mailer 
Better send_mail function
 2016-09-18 12:41:33 +10:00
Scott Bragg
50ee66d200 Merge branch 'chrisjrn/better_mailer' of https://github.com/lca2017/symposion into chrisjrn/better_mailer 
Conflicts:
	symposion/utils/mail.py
 2016-09-18 12:40:45 +10:00
Christopher Neugebauer
96683b6d7d Refactors to be a bit less obtuse 2016-09-18 12:37:08 +10:00
Christopher Neugebauer
d54d47487e send_mail is no longer hardwired to point at symposion/emails (who does that?!) 2016-09-18 12:37:08 +10:00
Scott Bragg
433a99a402 All the migrations seem fixed now 2016-09-17 15:53:47 +10:00
Scott Bragg
aa70c5aeb2 Merge pull request #56 from lca2017/chrisjrn/universal_bcc 
Removes BCC amendment to mail.py
 2016-09-07 12:58:11 +10:00