widelands-dev team mailing list archive
-
widelands-dev team
-
Mailing list archive
-
Message #13073
Re: [Merge] lp:~widelands-dev/widelands-website/django1_11 into lp:widelands-website
Review: Approve
Thanks for this massive update and keeping our homepage alive and kicking!
Drive by comment, only refering to the questions you've asked. I did not review the rest of the change - it seems massive.
> Providing usernames for JS when writing PMs: This is maybe a security risk because a username can contain an at sign (@). The Django documentation says:
Are we sure usernames can only contain the following characters? @A-Za-z0-9 If yes, than that function is indeed safe. If they can contain other characters (."'/\) we will be vulnerable.
> RegEx urls
Seems correct to me.
> PBKDF2
This is as sufficiently good hasher for us.
> Replacing lambdas with callables: Django can't serialize lambdas for migrations. For the screens app i have replaced the lambdas with callables: https://bazaar.launchpad.net/~widelands-dev/widelands-website/django1_11/revision/494#wlscreens/views.py
For this I do not know. If it works in your tests, that is probably all fine.
--
https://code.launchpad.net/~widelands-dev/widelands-website/django1_11/+merge/343065
Your team Widelands Developers is subscribed to branch lp:widelands-website.
References