flask-security/flask_security at 246ab41479178a601e23b116a4fde2ea9e47c51a - flask-security - Gitea: Git with a cup of tea

wassname/flask-security

mirror of https://github.com/wassname/flask-security.git synced 2026-06-28 16:20:24 +08:00

Files

T

History

Luca Invernizzi 48dd3fa5bf NextFormMixin security bug fixed: open redirect

NextFormMixin was missing validations check on redirection [1]. Only internal redirections
are now allowed.
Attack Example: http://127.0.0.1:5000/login?next=http://google.com (it should not redirect to google.com)
wq
[1] https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards

2013-03-05 21:20:45 +00:00

..

templates/security

Minor wording fix

2013-01-12 23:58:47 -08:00

__init__.py

Adds support for flask-peewee

2013-01-25 16:52:50 -08:00

changeable.py

Add a password-changed signal

2013-01-12 19:03:02 -08:00

confirmable.py

Fix #45

2012-11-26 16:21:05 -05:00

core.py

Merge pull request #85 from chrishaines/template_list

2013-03-03 18:38:35 -08:00

datastore.py

Add change password endpoint

2013-02-01 18:21:43 -05:00

decorators.py

Calling auth methods

2013-01-14 16:11:09 +04:00

forms.py

NextFormMixin security bug fixed: open redirect

2013-03-05 21:20:45 +00:00

passwordless.py

Fix #45

2012-11-26 16:21:05 -05:00

recoverable.py

Fix #45

2012-11-26 16:21:05 -05:00

registerable.py

added option to disable register email

2013-02-20 17:04:47 +01:00

script.py

Simplify login form a bit

2012-09-19 01:22:09 -04:00

signals.py

Add a password-changed signal

2013-01-12 19:03:02 -08:00

utils.py

Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols

2013-02-03 22:14:32 +04:00

views.py

Merge branch 'develop' of git://github.com/mattupstate/flask-security into template_list

2013-02-01 19:40:01 -05:00