Compare commits
3 Commits
69175979ff
...
abe90d3483
Author | SHA1 | Date | |
---|---|---|---|
abe90d3483 | |||
65e7dcdf6d | |||
74e414badf |
@ -2,6 +2,20 @@ Change Log
|
|||||||
==========
|
==========
|
||||||
|
|
||||||
|
|
||||||
|
Version 1.5.4
|
||||||
|
-------------
|
||||||
|
|
||||||
|
Released 2023/5/18
|
||||||
|
|
||||||
|
Security fixes.
|
||||||
|
|
||||||
|
* Added safeguard to the next URI utilities, to prevent Cross-Site
|
||||||
|
Scripting (XSS) attacks.
|
||||||
|
* Applied the safe next URI utilities to the test site.
|
||||||
|
* Added the ``SameSite`` and ``Secure`` flags to the session cookie
|
||||||
|
of the test site.
|
||||||
|
|
||||||
|
|
||||||
Version 1.5.3
|
Version 1.5.3
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ from flask_sqlalchemy import SQLAlchemy
|
|||||||
|
|
||||||
from accounting.utils.user import UserUtilityInterface
|
from accounting.utils.user import UserUtilityInterface
|
||||||
|
|
||||||
VERSION: str = "1.5.3"
|
VERSION: str = "1.5.4"
|
||||||
"""The package version."""
|
"""The package version."""
|
||||||
db: SQLAlchemy = SQLAlchemy()
|
db: SQLAlchemy = SQLAlchemy()
|
||||||
"""The database instance."""
|
"""The database instance."""
|
||||||
|
@ -2181,14 +2181,14 @@ class JournalEntryReorderTestCase(unittest.TestCase):
|
|||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
f"{PREFIX}/dates/{date.isoformat()}",
|
f"{PREFIX}/dates/{date.isoformat()}",
|
||||||
data={"csrf_token": self.csrf_token,
|
data={"csrf_token": self.csrf_token,
|
||||||
"next": "/next",
|
"next": NEXT_URI,
|
||||||
f"{id_1}-no": "4",
|
f"{id_1}-no": "4",
|
||||||
f"{id_2}-no": "1",
|
f"{id_2}-no": "1",
|
||||||
f"{id_3}-no": "5",
|
f"{id_3}-no": "5",
|
||||||
f"{id_4}-no": "2",
|
f"{id_4}-no": "2",
|
||||||
f"{id_5}-no": "3"})
|
f"{id_5}-no": "3"})
|
||||||
self.assertEqual(response.status_code, 302)
|
self.assertEqual(response.status_code, 302)
|
||||||
self.assertEqual(response.headers["Location"], f"/next")
|
self.assertEqual(response.headers["Location"], NEXT_URI)
|
||||||
|
|
||||||
with self.app.app_context():
|
with self.app.app_context():
|
||||||
self.assertEqual(db.session.get(JournalEntry, id_1).no, 4)
|
self.assertEqual(db.session.get(JournalEntry, id_1).no, 4)
|
||||||
@ -2209,12 +2209,12 @@ class JournalEntryReorderTestCase(unittest.TestCase):
|
|||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
f"{PREFIX}/dates/{date.isoformat()}",
|
f"{PREFIX}/dates/{date.isoformat()}",
|
||||||
data={"csrf_token": self.csrf_token,
|
data={"csrf_token": self.csrf_token,
|
||||||
"next": "/next",
|
"next": NEXT_URI,
|
||||||
f"{id_2}-no": "3a",
|
f"{id_2}-no": "3a",
|
||||||
f"{id_3}-no": "5",
|
f"{id_3}-no": "5",
|
||||||
f"{id_4}-no": "2"})
|
f"{id_4}-no": "2"})
|
||||||
self.assertEqual(response.status_code, 302)
|
self.assertEqual(response.status_code, 302)
|
||||||
self.assertEqual(response.headers["Location"], f"/next")
|
self.assertEqual(response.headers["Location"], NEXT_URI)
|
||||||
|
|
||||||
with self.app.app_context():
|
with self.app.app_context():
|
||||||
self.assertEqual(db.session.get(JournalEntry, id_1).no, 3)
|
self.assertEqual(db.session.get(JournalEntry, id_1).no, 3)
|
||||||
|
Loading…
Reference in New Issue
Block a user