Commit graph

576 commits

Author SHA1 Message Date
Sachi King
0652471164 Sanitize user input on markdown fields
This is an XSS vulnribilitiy.

This also blocks a number of MD attributes that a user might attempt to
use.

The following are the allowed attributes.

['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li',
'ol', 'p', 'pre', 'strong', 'ul']

I belive this to be acceptable, as honeslty, a speaker using H1 is going
to stomp all over the page and make it harder for the reviewer to parse.

UX wise, it's less than great.  A user can do # title and be left with
<h1> in the sanitized output.
2017-04-29 15:47:08 +10:00
Sachi King
298b162be6 Flake8 Fixes
Mostly whitespace fixes
Some unicode fixes
Fixed up CSV writer.  str is not bytes and all.
2017-04-17 22:51:48 +10:00
Sachi King
ecf14b514d Remove print statements.
I was originally going to switch to print function, but frankly I can't
see any reason to keep these.  I don't know what data it's leaking into
the logs, but it certainly doesn't seem useful

StringIO is not in Py3.  And it's not used at all, so removing that
import.  Seems to work with Py3 now.  More testing is required.
2017-04-17 15:47:10 +10:00
Sachi King
de08802d5b If user does not exist, catch exception
User = None
2017-04-02 22:07:26 +10:00
Sachi King
8621bdb8fe Use django to do lookups. Removes dj-user-accounts 2017-03-26 12:33:27 +11:00
Sachi King
d5986de870 Use django's login_required decorator
This only seems to be here to have some custom login_url used bypassing
django's model.  Well as we want to use django's model, this just won't
do.  So lets move to using django's model.
2017-03-26 12:32:32 +11:00
Joel Addison
155f841afa Generate ical description dynamically
Use method instead of class attribute for ical feed description.
This allows the class to be instantiated without a database being
available (eg. during migrate).
2017-01-29 22:08:49 +10:00
Scott Bragg
37dd7dd15b Fixed recording release to default false 2017-01-15 15:39:44 +11:00
Scott Bragg
8cf4bf3490 Add twitter to json 2017-01-15 09:55:53 +11:00
Scott Bragg
4e22717639 Add description to ICal feed to help Giggety app identify conference 2017-01-14 09:47:14 +11:00
Christopher Neugebauer
2dbf020a81 Unbreaks URLs 2017-01-13 09:05:47 +11:00
Scott Bragg
46ca912f7c Give all ical events a unique uid and remove shortbreaks 2017-01-12 20:21:47 +11:00
James Polley
3d626e8420 Handle slots with no Proposal
* Use the item kind for a title if there's no proposal
* Use the content_override for the description if there's no proposal
2017-01-12 16:58:26 +11:00
James Polley
710d377016 Include author details in iCal event description 2017-01-12 16:01:10 +11:00
Christopher Neugebauer
34e250322c Adds chair() method to sessions so that templates can easily determine who the chair is. 2017-01-10 21:23:07 +11:00
Christopher Neugebauer
b783901e98 Volunteers need to have a ticket before they can apply to volunteer. 2017-01-10 21:23:07 +11:00
Scott Bragg
dbb4ebbb70 Add a permission to view speaker contact details in conference.json 2016-12-30 19:21:36 +11:00
Scott Bragg
765e80765c Added Track model for schedule headings 2016-12-24 17:55:11 +11:00
Scott Bragg
7ae022d2c4 Added track name to room, added day option to conference schedule view 2016-12-24 15:24:31 +11:00
Scott Bragg
d6ac7edc5d Added timezone to start/end datetimes 2016-12-23 20:12:38 +11:00
Scott Bragg
a37d620afb Adds an ical feed 2016-12-22 12:00:23 +11:00
Scott Bragg
cdec6e2258 Slot name needs to be looooooonger 2016-12-10 17:37:01 +11:00
Scott Bragg
de38ffac9e Needs an additional migration to merge two 0003 migrations in schedule. 2016-12-10 17:07:38 +11:00
Christopher Neugebauer
5e372be5f6 Fixes issue with conference.json view 2016-12-10 14:48:30 +11:00
Christopher Neugebauer
4838adf775 Adds “exclusive” field to slots, so that you don’t need to add every single room to exclusive events (like keynotes) 2016-12-10 08:30:51 +11:00
Scott Bragg
02d7066c44 Increase slot name since it's made up of room names and our room names are long. 2016-11-13 15:31:08 +11:00
Scott Bragg
42372791d5 Don't notify everyone when a proposal changes, only the admins 2016-09-27 19:21:57 +10:00
Christopher Neugebauer
2aa0074bdc Removes speaker assistance options from the profile form. 2016-09-26 11:18:05 +10:00
Christopher Neugebauer
699b32b938 Adds “publish changes” behaviour to views so that we can publish edits to abstracts. 2016-09-18 15:52:45 +10:00
Christopher Neugebauer
f42766beef Respects unpublishing in lists. 2016-09-18 15:52:45 +10:00
Christopher Neugebauer
970e002157 Do not show a presentation if it is unpublished 2016-09-18 15:52:45 +10:00
Christopher Neugebauer
3b4a51e6d4 Adds “unpublish” option to presentations (to temporarily hide from the schedule and from view by non-staff) 2016-09-18 15:52:45 +10:00
Scott Bragg
50ee66d200 Merge branch 'chrisjrn/better_mailer' of https://github.com/lca2017/symposion into chrisjrn/better_mailer
Conflicts:
	symposion/utils/mail.py
2016-09-18 12:40:45 +10:00
Christopher Neugebauer
96683b6d7d Refactors to be a bit less obtuse 2016-09-18 12:37:08 +10:00
Christopher Neugebauer
d54d47487e send_mail is no longer hardwired to point at symposion/emails (who does that?!) 2016-09-18 12:37:08 +10:00
Scott Bragg
433a99a402 All the migrations seem fixed now 2016-09-17 15:53:47 +10:00
Christopher Neugebauer
6fadca1773 Removes BCC amendment to mail.py 2016-09-07 12:01:34 +10:00
Scott Bragg
da56226732 Changed var name 2016-09-03 15:06:01 +10:00
Scott Bragg
c7608fb0d5 Added ResultNotification to admin, fixed subject as template 2016-09-03 13:16:05 +10:00
Scott Bragg
420d8ec870 Remove description from Presentation, add fields to proposal for notification template. 2016-09-03 12:48:31 +10:00
Christopher Neugebauer
d9b1583dfe Adds more fields to the reviews CSV 2016-08-25 10:40:21 +10:00
Christopher Neugebauer
b6b6c51cc1 Refactors to be a bit less obtuse 2016-08-21 15:31:09 +10:00
Christopher Neugebauer
565a353375 send_mail is no longer hardwired to point at symposion/emails (who does that?!) 2016-08-21 15:28:22 +10:00
Christopher Neugebauer
efd6ff88f8 "Random selection" change
Reduces the frequency with which controversial proposals are brought to the front of the review queue.
2016-08-19 10:29:04 +10:00
Christopher Neugebauer
d56bcea2e6 Makes the “reviewer’s reviews” page filter by section 2016-08-17 08:09:21 +10:00
Christopher Neugebauer
5735c7745e The “free for all” random reviews should now direct reviewers to under-reviewed proposals more generally. 2016-08-17 07:44:28 +10:00
Christopher Neugebauer
07198b2ecf Direct reviewers to the controversial talks instead of the indifferent talks 2016-08-17 07:35:46 +10:00
Christopher Neugebauer
7b6843ca1e all-reviews CSV now includes the proposal type rather than the proposal section 2016-08-17 07:27:32 +10:00
Christopher Neugebauer
32c2d697b0 PEBACK 3 2016-08-16 09:35:34 +10:00
Christopher Neugebauer
20ad44236b PEBCAK 2 removed 2016-08-16 09:34:04 +10:00