Files @ ae947de541d5
Branch filter:

Location: kallithea/docs/api/models.rst

ae947de541d5 632 B text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw
Mads Kiilerich
auth: check CSRF protection token when authenticating

Use pylons secure_form to get CSRF protection on all authenticated POSTs. This
fixes CVE-2015-0276.

GETs should not have any side effects and do thus not need CSRF protection.

Reported by Paul van Empelen.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
.. _models:

========================
The :mod:`models` Module
========================

.. automodule:: kallithea.model
   :members:

.. automodule:: kallithea.model.comment
   :members:

.. automodule:: kallithea.model.notification
   :members:

.. automodule:: kallithea.model.permission
   :members:

.. automodule:: kallithea.model.repo_permission
   :members:

.. automodule:: kallithea.model.repo
   :members:

.. automodule:: kallithea.model.repo_group
   :members:

.. automodule:: kallithea.model.scm
   :members:

.. automodule:: kallithea.model.user
   :members:

.. automodule:: kallithea.model.user_group
   :members:
Server instance: clio-20513 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support