vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
10979 commits 1 branch 0 tags 587 MiB
Commit graph

10979 commits

This branch
This branch
All branches
Author SHA1 Message Date
robert schouten
9c8edaed04 improved error messages for canceled links 2016-12-01 11:26:57 +08:00
Nabin Hait
72968424ef Merge pull request #2396 from rohitwaghchaure/rename_optimization 
Optimize rename doc query
 2016-11-30 16:40:16 +05:30
Rohit Waghchaure
516adec87d rename optimization 2016-11-30 15:26:37 +05:30
Nabin Hait
2f8fc3e969 Merge branch 'hotfix' 2016-11-30 12:13:56 +05:30
Nabin Hait
63f803e7b9 bumped to version 7.1.21 2016-11-30 12:43:56 +06:00
Nabin Hait
579713e901 Merge pull request #2387 from shreyasp/set-only-once-issue 
[Minor] convert date type to string when field is set as 'set_only_once' or constant
 2016-11-30 12:10:06 +05:30
Nabin Hait
8ce6717201 Merge pull request #2391 from mmoksh/fix-db-deadlock 
Delete child table rows without causing database deadlock
 2016-11-30 12:07:22 +05:30
Nabin Hait
f84d843424 Merge pull request #2393 from nabinhait/hotfix 
[URGENT] Prevent accessing sensitive files in client.get_js
 2016-11-30 12:04:13 +05:30
exabakr
e9ca5ea9a6 [URGENT] Prevent accessing sensitive files in client.get_js 
Logged in user (any permissions) can access sensitive files by calling frappe.client.get_js

Consider the following scenario:
1- Login to system
2- http://HOST/?items=["currentsite.txt"]&cmd=frappe.client.get_js  (this will give you site directory name)
3- http://HOST/?items=["SITE_DIR_NAME%2Fsite_config.json"]&cmd=frappe.client.get_js (this will show you site config including database name and password and any other sensitive data

The suggested fix prevent accessing any file outside the assets folder. (or atleast you should prevent access to .py files and private folder which includes backup and sensetive files and logs folders)

There should be a hot fix asap
 2016-11-30 12:02:57 +05:30
Mohammed
61a3f3eda0 Delete rows that do not match the ones in the document without causing db deadlock 2016-11-29 18:11:21 +02:00
shreyas
684bb80f8e [Minor] convert date type to string when field is set as 'set_only_once' or constant 2016-11-28 17:15:41 +05:30
Nabin Hait
f94bcf25c3 Merge branch 'hotfix' 2016-11-28 14:24:40 +05:30
Nabin Hait
c3ab1cf86b bumped to version 7.1.20 2016-11-28 14:54:40 +06:00
Shreyas Patil
6f59a23f47 [Minor] Removed not available scheduler commands 'dump-queue-status' (#2385) 2016-11-28 12:38:20 +05:30
rohitwaghchaure
a7477d5641 Minor fix (#2371) 2016-11-25 16:11:18 +05:30
rohitwaghchaure
e03d56adb6 [Fix] Multiple letter head printing issue on print format (#2365) 2016-11-25 16:10:42 +05:30
robert schouten
570f242841 move newsletter to tools (#2370) 2016-11-25 16:10:07 +05:30
Viet Pham
ee02258999 Ability to publish realtime event from bench (#2369) 2016-11-25 16:09:36 +05:30
robert schouten
ad4ebb1001 allow permission for communication based on timeline not just reference (#2366) 2016-11-25 16:02:31 +05:30
Nabin Hait
ce4e170adb Merge branch 'hotfix' 2016-11-23 14:48:48 +05:30
Nabin Hait
d39510f915 bumped to version 7.1.19 2016-11-23 15:18:48 +06:00
Nabin Hait
3337e3f9dc Merge pull request #2363 from RobertSchouten/chartfix 
[fix] charts dont get carried across reports
 2016-11-23 14:46:44 +05:30
robert schouten
25a9df4364 [fix] charts dont get carried across reports 2016-11-23 15:28:47 +08:00
Saurabh
d40d08fb66 [fix] check against all linked documents while canceling or deleting (#2360) 2016-11-22 22:18:38 +05:30
Nabin Hait
d3cfd0bbb4 Merge branch 'hotfix' 2016-11-22 17:16:39 +05:30
Nabin Hait
fc69d03dc8 bumped to version 7.1.18 2016-11-22 17:46:39 +06:00
Nabin Hait
17879397c7 Merge pull request #2359 from rmehta/print-format-builder-custom-html-fix 
[hot] [fix] editing multiple CUSTOM HTML values in field
 2016-11-22 13:48:34 +05:30
Rushabh Mehta
8d67b99166 [hot] [fix] editing multiple CUSTOM HTML values in field 2016-11-22 13:29:26 +05:30
Nabin Hait
f1f4f20cb9 Merge pull request #2355 from saurabh6790/append_empty_field_dict 
[fix] check for column field dict before appending child table data field
 2016-11-22 12:55:41 +05:30
Nabin Hait
4940695966 Merge branch 'hotfix' 2016-11-22 12:16:11 +05:30
Nabin Hait
2adafeb95d bumped to version 7.1.17 2016-11-22 12:46:11 +06:00
Nabin Hait
9255c9589f Merge pull request #2356 from nabinhait/hotfix 
Cherry-picked "set last active time to user" from develop
 2016-11-22 12:14:48 +05:30
Saurabh
68186a4943 [fix] check if user exists while setting last active date 2016-11-22 12:12:42 +05:30
Saurabh
6b3bf22462 [enhance] set last active time to user 2016-11-22 12:12:34 +05:30
Saurabh
a5b7bff45a [fix] check for column field dict before appending child table data field 2016-11-22 11:53:11 +05:30
Nabin Hait
ae197c37b1 Merge branch 'hotfix' 2016-11-21 19:08:23 +05:30
Nabin Hait
b7316e55fe bumped to version 7.1.16 2016-11-21 19:38:23 +06:00
Nabin Hait
262920288e Merge pull request #2349 from rohitwaghchaure/rename_autoname_field 
[Fix] Rename autoname field on rename of docname
 2016-11-21 19:03:30 +05:30
Nabin Hait
bc9cd55cd9 Merge pull request #2351 from frappe/nabinhait-patch-2 
Changed order of Rename scheduler log patch
 2016-11-21 19:01:44 +05:30
Nabin Hait
066e91d077 Update patches.txt 2016-11-21 18:36:26 +05:30
Rohit Waghchaure
fa49525406 [Fix] Rename autoname field on rename of docname 2016-11-21 16:35:11 +05:30
Nabin Hait
02f98ab56c Merge branch 'hotfix' 2016-11-17 16:42:45 +05:30
Nabin Hait
331ff47ed3 bumped to version 7.1.15 2016-11-17 17:12:45 +06:00
Nabin Hait
efbe173440 Merge pull request #2331 from shreyasp/downloadable-backups 
[Minor] Show only sql.gz in Downloadable Backups Page
 2016-11-17 16:01:00 +05:30
Nabin Hait
01fe4b665f Merge pull request #2337 from shreyasp/translations-setup-wizard 
[Fix] Setup wizard exception fix for unique_module_name_standard
 2016-11-17 15:52:18 +05:30
Nabin Hait
2b64a657e5 Merge pull request #2332 from rmehta/print-format-heading-fix 
[fix] print format heading bug
 2016-11-17 15:42:32 +05:30
shreyas
743e157e03 [Fix] Setup wizard exception fix for unique_module_name_standard 2016-11-17 15:39:31 +05:30
Nabin Hait
43642df12f Merge pull request #2336 from saurabh6790/dropbox_typo_fix 
[minor][fix] typo fix
 2016-11-17 14:47:08 +05:30
Saurabh
4d7f1c33cf [minor][fix] typo fix 2016-11-17 12:25:41 +05:30
shreyas
4ebbaac586 [Minor] Show only 'sql.gz' in Downloadable backups page 2016-11-16 16:58:17 +05:30