Re: Issue 3052 in reviewboard: security vulnerability: python injection
Updates:
Status: NeedInfo
Comment #1 on issue 3052 by chip...@gmail.com: security vulnerability:
python injection
http://code.google.com/p/reviewboard/issues/detail?id=3052
Thanks for reporting this.
I'm not able to reproduce it. I set up an environment with 1.7.11 and tried
the repro case you provided. I haven't been able to cause this.
Looking at your log output, the 404 result you provided shows a result from
Django. The Django 404 happens because the URLs registered don't allow
parens, so we never get to a point where we reach any API handler
for quit() that can throw an API version of a 404, instead throwing only
a standard Django 404.
So all that looks correct. Well, correct. We should probably have some
generic thing on /api/* that throws a 404 if nothing else matches.
Now, you end up with an Operation Timed Out. That's very strange. What
happens when connecting from a web browser?
Also, what version of RBTools are you using?
Does that query for get_review_requests work before doing the
get_user('quit()') ?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
reviewboard-issues group.
To unsubscribe from this group and stop receiving emails from it, send an email
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/groups/opt_out.
Re: Issue 3052 in reviewboard: Useless 404 payload for unhandled URLs
Updates: Summary: Useless 404 payload for unhandled URLs Labels: Component-API Comment #2 on issue 3052 by chip...@gmail.com: Useless 404 payload for unhandled URLs http://code.google.com/p/reviewboard/issues/detail?id=3052 (No comment was entered for this change.) -- You received this message because this project is configured to send all issue notifications to this address. You may adjust your notification preferences at: https://code.google.com/hosting/settings -- You received this message because you are subscribed to the Google Groups reviewboard-issues group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-issues+unsubscr...@googlegroups.com. To post to this group, send email to reviewboard-issues@googlegroups.com. Visit this group at http://groups.google.com/group/reviewboard-issues. For more options, visit https://groups.google.com/groups/opt_out.
Re: Issue 3006 in reviewboard: When creating new site entered password isn't checked for match
Updates: Status: New Labels: EasyFix Comment #3 on issue 3006 by trowb...@gmail.com: When creating new site entered password isn't checked for match http://code.google.com/p/reviewboard/issues/detail?id=3006 (No comment was entered for this change.) -- You received this message because this project is configured to send all issue notifications to this address. You may adjust your notification preferences at: https://code.google.com/hosting/settings -- You received this message because you are subscribed to the Google Groups reviewboard-issues group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-issues+unsubscr...@googlegroups.com. To post to this group, send email to reviewboard-issues@googlegroups.com. Visit this group at http://groups.google.com/group/reviewboard-issues. For more options, visit https://groups.google.com/groups/opt_out.
Re: Issue 2821 in reviewboard: post_review.py posts duplicate posts for same changeno from perforce
Updates: Status: UnableToReproduce Comment #4 on issue 2821 by trowb...@gmail.com: post_review.py posts duplicate posts for same changeno from perforce http://code.google.com/p/reviewboard/issues/detail?id=2821 (No comment was entered for this change.) -- You received this message because this project is configured to send all issue notifications to this address. You may adjust your notification preferences at: https://code.google.com/hosting/settings -- You received this message because you are subscribed to the Google Groups reviewboard-issues group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-issues+unsubscr...@googlegroups.com. To post to this group, send email to reviewboard-issues@googlegroups.com. Visit this group at http://groups.google.com/group/reviewboard-issues. For more options, visit https://groups.google.com/groups/opt_out.
Re: Issue 1795 in reviewboard: using --submit-as with post-review causes generated mails to be from original submitter
Updates: Status: Started Owner: trowb...@gmail.com Comment #6 on issue 1795 by trowb...@gmail.com: using --submit-as with post-review causes generated mails to be from original submitter http://code.google.com/p/reviewboard/issues/detail?id=1795 (No comment was entered for this change.) -- You received this message because this project is configured to send all issue notifications to this address. You may adjust your notification preferences at: https://code.google.com/hosting/settings -- You received this message because you are subscribed to the Google Groups reviewboard-issues group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-issues+unsubscr...@googlegroups.com. To post to this group, send email to reviewboard-issues@googlegroups.com. Visit this group at http://groups.google.com/group/reviewboard-issues. For more options, visit https://groups.google.com/groups/opt_out.
Re: Issue 2500 in reviewboard: Email notifications have no From field in 1.6.4
Updates: Status: Started Owner: trowb...@gmail.com Comment #9 on issue 2500 by trowb...@gmail.com: Email notifications have no From field in 1.6.4 http://code.google.com/p/reviewboard/issues/detail?id=2500 (No comment was entered for this change.) -- You received this message because this project is configured to send all issue notifications to this address. You may adjust your notification preferences at: https://code.google.com/hosting/settings -- You received this message because you are subscribed to the Google Groups reviewboard-issues group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-issues+unsubscr...@googlegroups.com. To post to this group, send email to reviewboard-issues@googlegroups.com. Visit this group at http://groups.google.com/group/reviewboard-issues. For more options, visit https://groups.google.com/groups/opt_out.
