| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
An authenticated member of one project can modify and delete members of
another project, without knowledge of this other project's private
code. This can be further exploited to access all bills of another project
without knowledge of this other project's private code.
With the default configuration, anybody is allowed to create a new
project. An attacker can create a new project and then use it to become
authenticated and exploit this flaw. As such, the exposure is similar to
an unauthenticated attack, because it is trivial to become authenticated.
This issue was caused by a wrong database queries in PersonQuery.
For more details, see https://github.com/spiral-project/ihatemoney/security/advisories/GHSA-67j9-c52g-w2q9
|
|
* Please don't pin point releases and future releases
Fixes #658
* fix expression checked by new flake8
* (really) fix condition
* ensure Flask-WTF is ok
* don't forget, it's >= not >
Co-authored-by: Glandos <bugs-framagit@antipoul.fr>
|
|
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
Co-authored-by: Glandos <bugs-github@antipoul.fr>
|
|
|
|
* Change mobile link icon to point to Play Store (#597)
* Link mobile app button to correct page (#597)
|
|
|
|
|
|
Currently translated at 28.1% (65 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/ta/
Added translation using Weblate (Tamil)
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/it/
|
|
Currently translated at 94.3% (218 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/pt_BR/
Translated using Weblate (Portuguese (Brazil))
Currently translated at 45.4% (105 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/pt_BR/
|
|
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/de/
|
|
Currently translated at 71.4% (165 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/nb_NO/
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/zh_Hans/
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/hi/
Translated using Weblate (Hindi)
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/hi/
Added translation using Weblate (Hindi)
|
|
Currently translated at 71.4% (165 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/nb_NO/
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/pl/
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/tr/
|
|
Currently translated at 68.8% (159 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/nb_NO/
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/fr/
Translated using Weblate (French)
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/fr/
|
|
|
|
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
|
|
|
|
Currently translated at 99.1% (229 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/de/
Translated using Weblate (Spanish (Latin America))
Currently translated at 97.8% (226 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/es_419/
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/it/
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/tr/
Translated using Weblate (Turkish)
Currently translated at 41.5% (96 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/tr/
|
|
Currently translated at 68.3% (158 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/nb_NO/
|
|
Currently translated at 100.0% (231 of 231 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/fr/
|
|
Fix #634
|
|
|
|
|
|
|
|
Italian 100%
Ukrainian 28%
|
|
Fix #610
|
|
|
|
In one case, we were not catching a family of possible exceptions
(socket.error), and in the two other cases there was no error handling at
all. Sending emails can easily fail if no email server is configured, so
it is really necessary to handle these errors instead of crashing with a
HTTP 500 error.
Refactor email sending code and add proper error handling.
Show alert messages that tell the user if an email was sent or if there
was an error.
When sending a password reminder email or inviting people by email, we
don't proceed to the next step in case of error, because sending emails is
the whole point of these actions.
|
|
|
|
Translated using Weblate (Italian) Currently translated at 36.4% (83 of 228 strings)
Translated using Weblate (French) Currently translated at 100.0% (228 of 228 strings)
|
|
Currently translated at 100.0% (228 of 228 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/pl/
|
|
Currently translated at 100.0% (228 of 228 strings)
Translation: I Hate Money/I Hate Money
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/zh_Hans/
|
|
This should unify the number formats, along with #618
|
|
|
|
Fix #614
|
|
Add all new localization data from Weblate into main menu:
- Chinese
- Russian
- Polish
- Turkish (incomplete)
- Ukrainian (incomplete)
|
|
Complete Polish
Update Chinese (simplified)
|
|
- Rename "No Currency" to ISO4217 "XXX"
- Use Babel to render currency symbols and names in currency lists
- Improve i18n in bill lists
Fix #601
Fix #600
|
|
|
|
Integrate some custom graphics, and a whole comics explanation, only in French for now.
Fix #363
|
|
This fixes #607 and add a test case for this bug.
It also renames participants in test cases to avoid alphabetical ordering.
Inserting participants in alphabetical order is a special case, because ordering by ID will be the same as ordering by name. This is a bad idea in test cases, as #607 has shown.
|
|
Fix #605
|
