vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
11119 commits 1 branch 0 tags 587 MiB
Commit graph

11119 commits

This branch
This branch
All branches
Author SHA1 Message Date
Rushabh Mehta
281d8a6481 [fix] for new doctype 2016-12-06 15:31:23 +05:30
Rushabh Mehta
9e7b174c76 [enhance] update fetch values on doctype save #2414 2016-12-06 15:20:50 +05:30
Rushabh Mehta
5f8b360123 [fix] #7130 2016-12-06 11:51:38 +05:30
Rushabh Mehta
d1a57e697a [fix] font-awesome for tree 2016-12-06 11:41:03 +05:30
Vladyslav Baidak
597a34cd5d Update site.py (#2306) 
* Update site.py

Fixed --db-name ignoring when creating new-site

* Update site.py

Fixed --db-name ignoring when creating new-site
 2016-12-05 18:22:59 +05:30
KanchanChauhan
054d0f663f Invalid language error on creation of Language (#2390) 2016-12-05 18:20:36 +05:30
Rushabh Mehta
593214c189 [fix] expand collapse buttons only for tree reports 2016-12-05 17:58:44 +05:30
Rushabh Mehta
72569d1313 [fix] file .zip upload; 2016-12-05 17:39:52 +05:30
Nabin Hait
8c7bd2f76f Merge pull request #2341 from rmehta/fetch-server-side 
[fix] fetch values server side for link fields
 2016-12-05 16:41:07 +05:30
Prateeksha Singh
45c8365438 Grid: Expand/Collapse all buttons (#2399) 
* Add disabling of buttons

* Commonify polar functions
 2016-12-05 15:12:10 +05:30
sbkolate
764cbfe217 added Bulk Upload from zip file feature #2055 (#2062) 
*  added  Bulk Upload from zip file feature #2055

* Added upload zip in file list

* Fix File URL

* Update file_list.js
 2016-12-05 15:09:17 +05:30
Revant Nandgaonkar
528ad7dc61 Update fullcalendar to v3.0.1 (#2408) 2016-12-05 14:59:26 +05:30
Rushabh Mehta
c67d3bfe01 Add attachment from email and copy attachments to Communication Record (#2412) 
* Carry over file attachments in email communications

* [fix] style
 2016-12-05 14:59:00 +05:30
robert schouten
d8a58de07c [hotfix] fix typo in #2401 (#2407) 2016-12-05 14:53:03 +05:30
Nabin Hait
9af61bbe79 Merge pull request #2388 from rmehta/merge-kb 
[feature] merge knowledge base in Frappe, fixes frappe/erpnext#6030
 2016-12-05 14:42:31 +05:30
OluyomiKay
71c7e177b7 Carry over file attachments in amended doctypes (#2394) 
* Carry over file attachments in amended doctypes

* Renamed function and code style
 2016-12-05 14:18:38 +05:30
Rushabh Mehta
7bc7e3bc63 Upgrade Font Awesome (#2410) 
* Font-Awesome V3.x to V4.x

Font-Awesome V3.x to V4.x

* Font Tidy

Font Tidy

* FA4 Upgrade - Html Js & Json

FA4 Upgrade - Html Js & Json

* Minor

Minor
 2016-12-05 13:07:03 +05:30
Faris Ansari
c58bd377de help placeholder translatable (#2402) 2016-12-02 15:40:51 +05:30
robert schouten
d412c4718e refactor assign_to dialog for ease of use (#2401) 
* refactor assign_to dialog for ease of use

* CamelCase for classes

* Update doclistview.js
 2016-12-02 15:38:31 +05:30
Nabin Hait
47ecf4c513 Merge branch 'master' into develop 2016-11-30 12:13:56 +05:30
Nabin Hait
2f8fc3e969 Merge branch 'hotfix' 2016-11-30 12:13:56 +05:30
Nabin Hait
63f803e7b9 bumped to version 7.1.21 2016-11-30 12:43:56 +06:00
Nabin Hait
579713e901 Merge pull request #2387 from shreyasp/set-only-once-issue 
[Minor] convert date type to string when field is set as 'set_only_once' or constant
 2016-11-30 12:10:06 +05:30
Nabin Hait
8ce6717201 Merge pull request #2391 from mmoksh/fix-db-deadlock 
Delete child table rows without causing database deadlock
 2016-11-30 12:07:22 +05:30
Nabin Hait
f84d843424 Merge pull request #2393 from nabinhait/hotfix 
[URGENT] Prevent accessing sensitive files in client.get_js
 2016-11-30 12:04:13 +05:30
exabakr
e9ca5ea9a6 [URGENT] Prevent accessing sensitive files in client.get_js 
Logged in user (any permissions) can access sensitive files by calling frappe.client.get_js

Consider the following scenario:
1- Login to system
2- http://HOST/?items=["currentsite.txt"]&cmd=frappe.client.get_js  (this will give you site directory name)
3- http://HOST/?items=["SITE_DIR_NAME%2Fsite_config.json"]&cmd=frappe.client.get_js (this will show you site config including database name and password and any other sensitive data

The suggested fix prevent accessing any file outside the assets folder. (or atleast you should prevent access to .py files and private folder which includes backup and sensetive files and logs folders)

There should be a hot fix asap
 2016-11-30 12:02:57 +05:30
Revant Nandgaonkar
edca266862 Merge pull request #2392 from exabakr/patch-1 
[URGENT] Prevent accessing sensitive files in client.get_js
 2016-11-30 07:34:13 +05:30
exabakr
df6a1ce686 [URGENT] Prevent accessing sensitive files in client.get_js 
Logged in user (any permissions) can access sensitive files by calling frappe.client.get_js

Consider the following scenario:
1- Login to system
2- http://HOST/?items=["currentsite.txt"]&cmd=frappe.client.get_js  (this will give you site directory name)
3- http://HOST/?items=["SITE_DIR_NAME%2Fsite_config.json"]&cmd=frappe.client.get_js (this will show you site config including database name and password and any other sensitive data

The suggested fix prevent accessing any file outside the assets folder. (or atleast you should prevent access to .py files and private folder which includes backup and sensetive files and logs folders)

There should be a hot fix asap
 2016-11-30 04:04:24 +03:00
Mohammed
61a3f3eda0 Delete rows that do not match the ones in the document without causing db deadlock 2016-11-29 18:11:21 +02:00
Rushabh Mehta
2a8902326d [feature] merge knowledge base in Frappe, fixes frappe/erpnext#6030" 2016-11-28 17:26:53 +05:30
shreyas
684bb80f8e [Minor] convert date type to string when field is set as 'set_only_once' or constant 2016-11-28 17:15:41 +05:30
Nabin Hait
4cf123bd8f Fixed merge conflict 2016-11-28 14:25:11 +05:30
Nabin Hait
f94bcf25c3 Merge branch 'hotfix' 2016-11-28 14:24:40 +05:30
Nabin Hait
c3ab1cf86b bumped to version 7.1.20 2016-11-28 14:54:40 +06:00
Makarand Bauskar
bf37e4a254 [minor] fixes for check_if_latest method (#2377) 2016-11-28 12:38:32 +05:30
Shreyas Patil
6f59a23f47 [Minor] Removed not available scheduler commands 'dump-queue-status' (#2385) 2016-11-28 12:38:20 +05:30
Saurabh
3952338b73 [urgent][fix] convert use_sandbox param to integer to avoid false data sandboxing (#2384) 2016-11-28 12:37:33 +05:30
paurosello
fe5a516673 Fix error missing fields on fixtures (#2378) 
Only name is currently taken from DB, other fields are mandatory to generate translations:

      File "/Users/pau/frappe-bench/env/lib/python2.7/site-packages/frappe/translate.py", line 407, in get_messages_from_custom_fields
        if cf['fieldtype'] == 'Selection' and cf.get('options'):
    KeyError: u'fieldtype'
 2016-11-28 12:35:47 +05:30
Rushabh Mehta
4bd2285159 File Based Locking at Document Level (#2374) 
* [redesign] improved locking in documents and redesigned recent documents

* [minor] patch to update doctype in existing documents
 2016-11-25 16:14:00 +05:30
paurosello
9e70ff8811 Missing fields in unordered list (#2373) 2016-11-25 16:11:49 +05:30
rohitwaghchaure
a7477d5641 Minor fix (#2371) 2016-11-25 16:11:18 +05:30
rohitwaghchaure
e03d56adb6 [Fix] Multiple letter head printing issue on print format (#2365) 2016-11-25 16:10:42 +05:30
robert schouten
570f242841 move newsletter to tools (#2370) 2016-11-25 16:10:07 +05:30
Viet Pham
ee02258999 Ability to publish realtime event from bench (#2369) 2016-11-25 16:09:36 +05:30
Faris Ansari
1fa7835661 [fix] redirect to 'Not Permitted' page (#2367) 2016-11-25 16:06:16 +05:30
robert schouten
ad4ebb1001 allow permission for communication based on timeline not just reference (#2366) 2016-11-25 16:02:31 +05:30
Shreyas Patil
8cb27f8366 [Docs] Added new article to add custom button to a form (#2364) 2016-11-25 16:01:57 +05:30
Faris Ansari
81ef23ab0b pdf prompt for orientation (#2358) 2016-11-25 16:01:00 +05:30
Nabin Hait
ce4e170adb Merge branch 'hotfix' 2016-11-23 14:48:48 +05:30
Nabin Hait
610ea6b47b Merge branch 'master' into develop 2016-11-23 14:48:48 +05:30