Sachi King
0652471164
Sanitize user input on markdown fields
...
This is an XSS vulnribilitiy.
This also blocks a number of MD attributes that a user might attempt to
use.
The following are the allowed attributes.
['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li',
'ol', 'p', 'pre', 'strong', 'ul']
I belive this to be acceptable, as honeslty, a speaker using H1 is going
to stomp all over the page and make it harder for the reviewer to parse.
UX wise, it's less than great. A user can do # title and be left with
<h1> in the sanitized output.
2017-04-29 15:47:08 +10:00
Sachi King
298b162be6
Flake8 Fixes
...
Mostly whitespace fixes
Some unicode fixes
Fixed up CSV writer. str is not bytes and all.
2017-04-17 22:51:48 +10:00
Sachi King
ecf14b514d
Remove print statements.
...
I was originally going to switch to print function, but frankly I can't
see any reason to keep these. I don't know what data it's leaking into
the logs, but it certainly doesn't seem useful
StringIO is not in Py3. And it's not used at all, so removing that
import. Seems to work with Py3 now. More testing is required.
2017-04-17 15:47:10 +10:00
Sachi King
de08802d5b
If user does not exist, catch exception
...
User = None
2017-04-02 22:07:26 +10:00
Sachi King
8621bdb8fe
Use django to do lookups. Removes dj-user-accounts
2017-03-26 12:33:27 +11:00
Sachi King
d5986de870
Use django's login_required decorator
...
This only seems to be here to have some custom login_url used bypassing
django's model. Well as we want to use django's model, this just won't
do. So lets move to using django's model.
2017-03-26 12:32:32 +11:00
Joel Addison
155f841afa
Generate ical description dynamically
...
Use method instead of class attribute for ical feed description.
This allows the class to be instantiated without a database being
available (eg. during migrate).
2017-01-29 22:08:49 +10:00
Scott Bragg
37dd7dd15b
Fixed recording release to default false
2017-01-15 15:39:44 +11:00
Scott Bragg
8cf4bf3490
Add twitter to json
2017-01-15 09:55:53 +11:00
Scott Bragg
4e22717639
Add description to ICal feed to help Giggety app identify conference
2017-01-14 09:47:14 +11:00
Christopher Neugebauer
2dbf020a81
Unbreaks URLs
2017-01-13 09:05:47 +11:00
Scott Bragg
46ca912f7c
Give all ical events a unique uid and remove shortbreaks
2017-01-12 20:21:47 +11:00
James Polley
3d626e8420
Handle slots with no Proposal
...
* Use the item kind for a title if there's no proposal
* Use the content_override for the description if there's no proposal
2017-01-12 16:58:26 +11:00
James Polley
710d377016
Include author details in iCal event description
2017-01-12 16:01:10 +11:00
Christopher Neugebauer
34e250322c
Adds chair() method to sessions so that templates can easily determine who the chair is.
2017-01-10 21:23:07 +11:00
Christopher Neugebauer
b783901e98
Volunteers need to have a ticket before they can apply to volunteer.
2017-01-10 21:23:07 +11:00
Scott Bragg
dbb4ebbb70
Add a permission to view speaker contact details in conference.json
2016-12-30 19:21:36 +11:00
Scott Bragg
765e80765c
Added Track model for schedule headings
2016-12-24 17:55:11 +11:00
Scott Bragg
7ae022d2c4
Added track name to room, added day option to conference schedule view
2016-12-24 15:24:31 +11:00
Scott Bragg
d6ac7edc5d
Added timezone to start/end datetimes
2016-12-23 20:12:38 +11:00
Scott Bragg
a37d620afb
Adds an ical feed
2016-12-22 12:00:23 +11:00
Scott Bragg
cdec6e2258
Slot name needs to be looooooonger
2016-12-10 17:37:01 +11:00
Scott Bragg
de38ffac9e
Needs an additional migration to merge two 0003 migrations in schedule.
2016-12-10 17:07:38 +11:00
Christopher Neugebauer
5e372be5f6
Fixes issue with conference.json view
2016-12-10 14:48:30 +11:00
Christopher Neugebauer
4838adf775
Adds “exclusive” field to slots, so that you don’t need to add every single room to exclusive events (like keynotes)
2016-12-10 08:30:51 +11:00
Scott Bragg
02d7066c44
Increase slot name since it's made up of room names and our room names are long.
2016-11-13 15:31:08 +11:00
Scott Bragg
42372791d5
Don't notify everyone when a proposal changes, only the admins
2016-09-27 19:21:57 +10:00
Christopher Neugebauer
2aa0074bdc
Removes speaker assistance options from the profile form.
2016-09-26 11:18:05 +10:00
Christopher Neugebauer
699b32b938
Adds “publish changes” behaviour to views so that we can publish edits to abstracts.
2016-09-18 15:52:45 +10:00
Christopher Neugebauer
f42766beef
Respects unpublishing in lists.
2016-09-18 15:52:45 +10:00
Christopher Neugebauer
970e002157
Do not show a presentation if it is unpublished
2016-09-18 15:52:45 +10:00
Christopher Neugebauer
3b4a51e6d4
Adds “unpublish” option to presentations (to temporarily hide from the schedule and from view by non-staff)
2016-09-18 15:52:45 +10:00
Scott Bragg
50ee66d200
Merge branch 'chrisjrn/better_mailer' of https://github.com/lca2017/symposion into chrisjrn/better_mailer
...
Conflicts:
symposion/utils/mail.py
2016-09-18 12:40:45 +10:00
Christopher Neugebauer
96683b6d7d
Refactors to be a bit less obtuse
2016-09-18 12:37:08 +10:00
Christopher Neugebauer
d54d47487e
send_mail is no longer hardwired to point at symposion/emails (who does that?!)
2016-09-18 12:37:08 +10:00
Scott Bragg
433a99a402
All the migrations seem fixed now
2016-09-17 15:53:47 +10:00
Christopher Neugebauer
6fadca1773
Removes BCC amendment to mail.py
2016-09-07 12:01:34 +10:00
Scott Bragg
da56226732
Changed var name
2016-09-03 15:06:01 +10:00
Scott Bragg
c7608fb0d5
Added ResultNotification to admin, fixed subject as template
2016-09-03 13:16:05 +10:00
Scott Bragg
420d8ec870
Remove description from Presentation, add fields to proposal for notification template.
2016-09-03 12:48:31 +10:00
Christopher Neugebauer
d9b1583dfe
Adds more fields to the reviews CSV
2016-08-25 10:40:21 +10:00
Christopher Neugebauer
b6b6c51cc1
Refactors to be a bit less obtuse
2016-08-21 15:31:09 +10:00
Christopher Neugebauer
565a353375
send_mail is no longer hardwired to point at symposion/emails (who does that?!)
2016-08-21 15:28:22 +10:00
Christopher Neugebauer
efd6ff88f8
"Random selection" change
...
Reduces the frequency with which controversial proposals are brought to the front of the review queue.
2016-08-19 10:29:04 +10:00
Christopher Neugebauer
d56bcea2e6
Makes the “reviewer’s reviews” page filter by section
2016-08-17 08:09:21 +10:00
Christopher Neugebauer
5735c7745e
The “free for all” random reviews should now direct reviewers to under-reviewed proposals more generally.
2016-08-17 07:44:28 +10:00
Christopher Neugebauer
07198b2ecf
Direct reviewers to the controversial talks instead of the indifferent talks
2016-08-17 07:35:46 +10:00
Christopher Neugebauer
7b6843ca1e
all-reviews CSV now includes the proposal type rather than the proposal section
2016-08-17 07:27:32 +10:00
Christopher Neugebauer
32c2d697b0
PEBACK 3
2016-08-16 09:35:34 +10:00
Christopher Neugebauer
20ad44236b
PEBCAK 2 removed
2016-08-16 09:34:04 +10:00