vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
11137 commits 1 branch 0 tags 587 MiB
Commit graph

11137 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nabin Hait
f73e8d0404 Merge branch 'master' into develop 2016-12-06 16:53:54 +05:30
Nabin Hait
dd53ed0f75 Merge branch 'hotfix' 2016-12-06 16:53:54 +05:30
Nabin Hait
efd35845e3 bumped to version 7.1.23 2016-12-06 17:23:54 +06:00
Nabin Hait
1d5b903a4d Merge pull request #2424 from nabinhait/hotfix 
Fixed patch
 2016-12-06 16:52:35 +05:30
Nabin Hait
03e7957cd6 Fixed patch 2016-12-06 16:52:03 +05:30
Nabin Hait
c52dc83256 Fixed merge conflict 2016-12-06 16:12:32 +05:30
Nabin Hait
c99179746d Merge branch 'hotfix' 2016-12-06 16:09:08 +05:30
Nabin Hait
d48f6f433e bumped to version 7.1.22 2016-12-06 16:39:07 +06:00
Nabin Hait
2f2e80b0a1 Merge pull request #2421 from nabinhait/hotfix 
Hotfix
 2016-12-06 16:06:51 +05:30
Nabin Hait
961071b311 removed print statements 2016-12-06 16:05:26 +05:30
Rohit Waghchaure
82ac63e5ac [Fix] Total row not working in the report for the report builder type 2016-12-06 16:05:26 +05:30
Rushabh Mehta
5f8b360123 [fix] #7130 2016-12-06 11:51:38 +05:30
Rushabh Mehta
d1a57e697a [fix] font-awesome for tree 2016-12-06 11:41:03 +05:30
Nabin Hait
cd0f5e76c6 [fix] Set filter values as default only if no_copy is not marked (#2413) 2016-12-05 18:24:03 +05:30
Vladyslav Baidak
597a34cd5d Update site.py (#2306) 
* Update site.py

Fixed --db-name ignoring when creating new-site

* Update site.py

Fixed --db-name ignoring when creating new-site
 2016-12-05 18:22:59 +05:30
KanchanChauhan
054d0f663f Invalid language error on creation of Language (#2390) 2016-12-05 18:20:36 +05:30
Rushabh Mehta
593214c189 [fix] expand collapse buttons only for tree reports 2016-12-05 17:58:44 +05:30
Rushabh Mehta
72569d1313 [fix] file .zip upload; 2016-12-05 17:39:52 +05:30
Nabin Hait
8c7bd2f76f Merge pull request #2341 from rmehta/fetch-server-side 
[fix] fetch values server side for link fields
 2016-12-05 16:41:07 +05:30
Prateeksha Singh
45c8365438 Grid: Expand/Collapse all buttons (#2399) 
* Add disabling of buttons

* Commonify polar functions
 2016-12-05 15:12:10 +05:30
sbkolate
764cbfe217 added Bulk Upload from zip file feature #2055 (#2062) 
*  added  Bulk Upload from zip file feature #2055

* Added upload zip in file list

* Fix File URL

* Update file_list.js
 2016-12-05 15:09:17 +05:30
Revant Nandgaonkar
528ad7dc61 Update fullcalendar to v3.0.1 (#2408) 2016-12-05 14:59:26 +05:30
Rushabh Mehta
c67d3bfe01 Add attachment from email and copy attachments to Communication Record (#2412) 
* Carry over file attachments in email communications

* [fix] style
 2016-12-05 14:59:00 +05:30
robert schouten
4996c94e75 [fix] error log dont update modified on seen (#2411) 2016-12-05 14:54:02 +05:30
robert schouten
cfba598717 [fix] communication doc patch minimise dataset returned to prevent memory overflow (#2403) 2016-12-05 14:53:33 +05:30
robert schouten
d8a58de07c [hotfix] fix typo in #2401 (#2407) 2016-12-05 14:53:03 +05:30
rohitwaghchaure
2850830fc0 Language field missing in the translation doctype (#2406) 2016-12-05 14:52:31 +05:30
Nabin Hait
9af61bbe79 Merge pull request #2388 from rmehta/merge-kb 
[feature] merge knowledge base in Frappe, fixes frappe/erpnext#6030
 2016-12-05 14:42:31 +05:30
OluyomiKay
71c7e177b7 Carry over file attachments in amended doctypes (#2394) 
* Carry over file attachments in amended doctypes

* Renamed function and code style
 2016-12-05 14:18:38 +05:30
Shreyas Patil
4b31d0cdd5 [Minor] Updated condition to validate allowed email report per user (#2386) 
* [Fix] Updated condition to allow only 3 reports per user

* [fix] different conditions for insert and update
 2016-12-05 14:17:55 +05:30
Rushabh Mehta
7bc7e3bc63 Upgrade Font Awesome (#2410) 
* Font-Awesome V3.x to V4.x

Font-Awesome V3.x to V4.x

* Font Tidy

Font Tidy

* FA4 Upgrade - Html Js & Json

FA4 Upgrade - Html Js & Json

* Minor

Minor
 2016-12-05 13:07:03 +05:30
Faris Ansari
c58bd377de help placeholder translatable (#2402) 2016-12-02 15:40:51 +05:30
robert schouten
d412c4718e refactor assign_to dialog for ease of use (#2401) 
* refactor assign_to dialog for ease of use

* CamelCase for classes

* Update doclistview.js
 2016-12-02 15:38:31 +05:30
Nabin Hait
4593e1e6f3 Merge pull request #2397 from RobertSchouten/cancelmessage 
improved error messages for canceled links
 2016-12-01 16:11:32 +05:30
robert schouten
9c8edaed04 improved error messages for canceled links 2016-12-01 11:26:57 +08:00
Nabin Hait
72968424ef Merge pull request #2396 from rohitwaghchaure/rename_optimization 
Optimize rename doc query
 2016-11-30 16:40:16 +05:30
Rohit Waghchaure
516adec87d rename optimization 2016-11-30 15:26:37 +05:30
Nabin Hait
2f8fc3e969 Merge branch 'hotfix' 2016-11-30 12:13:56 +05:30
Nabin Hait
47ecf4c513 Merge branch 'master' into develop 2016-11-30 12:13:56 +05:30
Nabin Hait
63f803e7b9 bumped to version 7.1.21 2016-11-30 12:43:56 +06:00
Nabin Hait
579713e901 Merge pull request #2387 from shreyasp/set-only-once-issue 
[Minor] convert date type to string when field is set as 'set_only_once' or constant
 2016-11-30 12:10:06 +05:30
Nabin Hait
8ce6717201 Merge pull request #2391 from mmoksh/fix-db-deadlock 
Delete child table rows without causing database deadlock
 2016-11-30 12:07:22 +05:30
Nabin Hait
f84d843424 Merge pull request #2393 from nabinhait/hotfix 
[URGENT] Prevent accessing sensitive files in client.get_js
 2016-11-30 12:04:13 +05:30
exabakr
e9ca5ea9a6 [URGENT] Prevent accessing sensitive files in client.get_js 
Logged in user (any permissions) can access sensitive files by calling frappe.client.get_js

Consider the following scenario:
1- Login to system
2- http://HOST/?items=["currentsite.txt"]&cmd=frappe.client.get_js  (this will give you site directory name)
3- http://HOST/?items=["SITE_DIR_NAME%2Fsite_config.json"]&cmd=frappe.client.get_js (this will show you site config including database name and password and any other sensitive data

The suggested fix prevent accessing any file outside the assets folder. (or atleast you should prevent access to .py files and private folder which includes backup and sensetive files and logs folders)

There should be a hot fix asap
 2016-11-30 12:02:57 +05:30
Revant Nandgaonkar
edca266862 Merge pull request #2392 from exabakr/patch-1 
[URGENT] Prevent accessing sensitive files in client.get_js
 2016-11-30 07:34:13 +05:30
exabakr
df6a1ce686 [URGENT] Prevent accessing sensitive files in client.get_js 
Logged in user (any permissions) can access sensitive files by calling frappe.client.get_js

Consider the following scenario:
1- Login to system
2- http://HOST/?items=["currentsite.txt"]&cmd=frappe.client.get_js  (this will give you site directory name)
3- http://HOST/?items=["SITE_DIR_NAME%2Fsite_config.json"]&cmd=frappe.client.get_js (this will show you site config including database name and password and any other sensitive data

The suggested fix prevent accessing any file outside the assets folder. (or atleast you should prevent access to .py files and private folder which includes backup and sensetive files and logs folders)

There should be a hot fix asap
 2016-11-30 04:04:24 +03:00
Mohammed
61a3f3eda0 Delete rows that do not match the ones in the document without causing db deadlock 2016-11-29 18:11:21 +02:00
Rushabh Mehta
2a8902326d [feature] merge knowledge base in Frappe, fixes frappe/erpnext#6030" 2016-11-28 17:26:53 +05:30
shreyas
684bb80f8e [Minor] convert date type to string when field is set as 'set_only_once' or constant 2016-11-28 17:15:41 +05:30
Nabin Hait
4cf123bd8f Fixed merge conflict 2016-11-28 14:25:11 +05:30