Possible code reviews:

Providing usernames for JS when writing PMs: This is maybe a security risk 
because a username can contain an at sign (@). The Django documentation says: 

"If additional escaping is not desired, you will need to use mark_safe() if you 
are absolutely sure that your code does not contain XSS vulnerabilities."

I can't evaluate the security risk here. Code: 

RegEx urls: Please check the regexes for urls.py and mainpage/urls.py: 

Password hashers: I am not sure if we need all default hashers. As far i 
understand the first in PASSWORDHASHERS (so PBKDF2) is used by default. 

Replacing lambdas with callables: Django can't serialize lambdas for 
migrations. For the screens app i have replaced the lambdas with callables: 

For the other things i just followed the recommendations by django, e.g. the 
additional database options.
Your team Widelands Developers is requested to review the proposed merge of 
lp:~widelands-dev/widelands-website/django1_11 into lp:widelands-website.

Mailing list: https://launchpad.net/~widelands-dev
Post to     : widelands-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~widelands-dev
More help   : https://help.launchpad.net/ListHelp

Reply via email to