Review: Approve Thanks for this massive update and keeping our homepage alive and kicking!
Drive by comment, only refering to the questions you've asked. I did not review the rest of the change - it seems massive. > Providing usernames for JS when writing PMs: This is maybe a security risk > because a username can contain an at sign (@). The Django documentation says: Are we sure usernames can only contain the following characters? @A-Za-z0-9 If yes, than that function is indeed safe. If they can contain other characters (."'/\) we will be vulnerable. > RegEx urls Seems correct to me. > PBKDF2 This is as sufficiently good hasher for us. > Replacing lambdas with callables: Django can't serialize lambdas for > migrations. For the screens app i have replaced the lambdas with callables: > https://bazaar.launchpad.net/~widelands-dev/widelands-website/django1_11/revision/494#wlscreens/views.py For this I do not know. If it works in your tests, that is probably all fine. -- https://code.launchpad.net/~widelands-dev/widelands-website/django1_11/+merge/343065 Your team Widelands Developers is subscribed to branch lp:widelands-website. _______________________________________________ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp