Comment #1 on issue 3052 by chip...@gmail.com: security vulnerability:
Thanks for reporting this.
I'm not able to reproduce it. I set up an environment with 1.7.11 and tried
the repro case you provided. I haven't been able to cause this.
Looking at your log output, the 404 result you provided shows a result from
Django. The Django 404 happens because the URLs registered don't allow
parens, so we never get to a point where we reach any API handler
for "quit()" that can throw an API version of a 404, instead throwing only
a standard Django 404.
So all that looks correct. Well, "correct." We should probably have some
generic thing on /api/* that throws a 404 if nothing else matches.
Now, you end up with an Operation Timed Out. That's very strange. What
happens when connecting from a web browser?
Also, what version of RBTools are you using?
Does that query for get_review_requests work before doing the
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/groups/opt_out.