widelands-dev team mailing list archive

Thread
Date

Re: [Merge] lp:~widelands-dev/widelands-website/django1_11 into lp:widelands-website

To: mp+343065@xxxxxxxxxxxxxxxxxx
From: SirVer <SirVer@xxxxxx>
Date: Sun, 15 Apr 2018 19:25:20 -0000
In-reply-to: <152351618030.31893.10764857712764128825.launchpad@ackee.canonical.com>
Reply-to: mp+343065@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Review: Approve

Thanks for this massive update and keeping our homepage alive and kicking!

Drive by comment, only refering to the questions you've asked. I did not review the rest of the change - it seems massive.

> Providing usernames for JS when writing PMs: This is maybe a security risk because a username can contain an at sign (@). The Django documentation says:

Are we sure usernames can only contain the following characters? @A-Za-z0-9 If yes, than that function is indeed safe. If they can contain other characters (."'/\) we will be vulnerable.

> RegEx urls

Seems correct to me. 

> PBKDF2

This is as sufficiently good hasher for us. 

> Replacing lambdas with callables: Django can't serialize lambdas for migrations. For the screens app i have replaced the lambdas with callables: https://bazaar.launchpad.net/~widelands-dev/widelands-website/django1_11/revision/494#wlscreens/views.py

For this I do not know. If it works in your tests, that is probably all fine. 


-- 
https://code.launchpad.net/~widelands-dev/widelands-website/django1_11/+merge/343065
Your team Widelands Developers is subscribed to branch lp:widelands-website.

References

[Merge] lp:~widelands-dev/widelands-website/django1_11 into lp:widelands-website
From: kaputtnik, 2018-04-12