Compare commits
No commits in common. "abe90d3483478cab66c4f4384ed120026df3ed94" and "69175979ff830c7776267a710f18f453b99b2da1" have entirely different histories.
abe90d3483
...
69175979ff
@ -2,20 +2,6 @@ Change Log
|
|||||||
==========
|
==========
|
||||||
|
|
||||||
|
|
||||||
Version 1.5.4
|
|
||||||
-------------
|
|
||||||
|
|
||||||
Released 2023/5/18
|
|
||||||
|
|
||||||
Security fixes.
|
|
||||||
|
|
||||||
* Added safeguard to the next URI utilities, to prevent Cross-Site
|
|
||||||
Scripting (XSS) attacks.
|
|
||||||
* Applied the safe next URI utilities to the test site.
|
|
||||||
* Added the ``SameSite`` and ``Secure`` flags to the session cookie
|
|
||||||
of the test site.
|
|
||||||
|
|
||||||
|
|
||||||
Version 1.5.3
|
Version 1.5.3
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ from flask_sqlalchemy import SQLAlchemy
|
|||||||
|
|
||||||
from accounting.utils.user import UserUtilityInterface
|
from accounting.utils.user import UserUtilityInterface
|
||||||
|
|
||||||
VERSION: str = "1.5.4"
|
VERSION: str = "1.5.3"
|
||||||
"""The package version."""
|
"""The package version."""
|
||||||
db: SQLAlchemy = SQLAlchemy()
|
db: SQLAlchemy = SQLAlchemy()
|
||||||
"""The database instance."""
|
"""The database instance."""
|
||||||
|
@ -2153,7 +2153,7 @@ class JournalEntryReorderTestCase(unittest.TestCase):
|
|||||||
self.assertEqual(db.session.get(JournalEntry, id_1).no, 1)
|
self.assertEqual(db.session.get(JournalEntry, id_1).no, 1)
|
||||||
self.assertEqual(db.session.get(JournalEntry, id_2).no, 3)
|
self.assertEqual(db.session.get(JournalEntry, id_2).no, 3)
|
||||||
self.assertEqual(db.session.get(JournalEntry, id_3).no, 2)
|
self.assertEqual(db.session.get(JournalEntry, id_3).no, 2)
|
||||||
self.assertEqual( db.session.get(JournalEntry, id_4).no, 1)
|
self.assertEqual(db.session.get(JournalEntry, id_4).no, 1)
|
||||||
self.assertEqual(db.session.get(JournalEntry, id_5).no, 2)
|
self.assertEqual(db.session.get(JournalEntry, id_5).no, 2)
|
||||||
|
|
||||||
def test_reorder(self) -> None:
|
def test_reorder(self) -> None:
|
||||||
@ -2181,14 +2181,14 @@ class JournalEntryReorderTestCase(unittest.TestCase):
|
|||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
f"{PREFIX}/dates/{date.isoformat()}",
|
f"{PREFIX}/dates/{date.isoformat()}",
|
||||||
data={"csrf_token": self.csrf_token,
|
data={"csrf_token": self.csrf_token,
|
||||||
"next": NEXT_URI,
|
"next": "/next",
|
||||||
f"{id_1}-no": "4",
|
f"{id_1}-no": "4",
|
||||||
f"{id_2}-no": "1",
|
f"{id_2}-no": "1",
|
||||||
f"{id_3}-no": "5",
|
f"{id_3}-no": "5",
|
||||||
f"{id_4}-no": "2",
|
f"{id_4}-no": "2",
|
||||||
f"{id_5}-no": "3"})
|
f"{id_5}-no": "3"})
|
||||||
self.assertEqual(response.status_code, 302)
|
self.assertEqual(response.status_code, 302)
|
||||||
self.assertEqual(response.headers["Location"], NEXT_URI)
|
self.assertEqual(response.headers["Location"], f"/next")
|
||||||
|
|
||||||
with self.app.app_context():
|
with self.app.app_context():
|
||||||
self.assertEqual(db.session.get(JournalEntry, id_1).no, 4)
|
self.assertEqual(db.session.get(JournalEntry, id_1).no, 4)
|
||||||
@ -2209,12 +2209,12 @@ class JournalEntryReorderTestCase(unittest.TestCase):
|
|||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
f"{PREFIX}/dates/{date.isoformat()}",
|
f"{PREFIX}/dates/{date.isoformat()}",
|
||||||
data={"csrf_token": self.csrf_token,
|
data={"csrf_token": self.csrf_token,
|
||||||
"next": NEXT_URI,
|
"next": "/next",
|
||||||
f"{id_2}-no": "3a",
|
f"{id_2}-no": "3a",
|
||||||
f"{id_3}-no": "5",
|
f"{id_3}-no": "5",
|
||||||
f"{id_4}-no": "2"})
|
f"{id_4}-no": "2"})
|
||||||
self.assertEqual(response.status_code, 302)
|
self.assertEqual(response.status_code, 302)
|
||||||
self.assertEqual(response.headers["Location"], NEXT_URI)
|
self.assertEqual(response.headers["Location"], f"/next")
|
||||||
|
|
||||||
with self.app.app_context():
|
with self.app.app_context():
|
||||||
self.assertEqual(db.session.get(JournalEntry, id_1).no, 3)
|
self.assertEqual(db.session.get(JournalEntry, id_1).no, 3)
|
||||||
|
Loading…
Reference in New Issue
Block a user