Hopiu/wagtail
1
0
Fork 0
mirror of https://github.com/Hopiu/wagtail.git synced 2026-04-14 03:50:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
wagtail/docs
History
acrewdson 882f8f3cf8 Strip Unicode NULL chars when normalizing paths 
After migrating a Wagtail-based site from MySQL to Postgres, we
noticed that malicious requests to the site that included percent-
encoded Unicode NULLs (`%00`) raised a `ValueError` exception that we
hadn't seen when using MySQL: `A string literal cannot contain NUL
(0x00) characters.` This appears to relate to `psycopg2`'s decision to
raise an exception in these situations, as discussed here:

    https://github.com/psycopg/psycopg2/issues/420

While newer versions of Django appear to provide some field validation
that addresses these characters, it doesn't look like Wagtail's
redirect middleware is making use of those validators, and so it seemed
reasonable to clean these characters in the context of 'normalizing'
the paths before looking for corresponding redirects -- especially
since a quick investigation on the internet suggests that U+0000 in
URLs can be used as a means of attack, and also since RFC 3986 says:

   Note, however, that the "%00" percent-encoding (NUL) may require
   special handling and should be rejected if the application is not
   expecting to receive raw data within a component.
2018-06-27 11:19:36 -04:00
..
_static rename docs image 2018-06-14 12:40:28 +01:00
advanced_topics Merge branch 'docs-divio-cloud' of https://github.com/evildmp/wagtail into evildmp-docs-divio-cloud 2018-06-18 15:45:38 +01:00
contributing second attempt ro clarify issue #4620 2018-06-18 15:04:41 +01:00
editor_manual Add note about deleting in docs 2018-06-14 14:54:49 +01:00
getting_started updated Django Docs Links to point to *docs.djangoproject.com/en/stable/* 2018-05-18 14:43:42 +01:00
reference Reference the get_url method in Page model reference docs 2018-05-18 15:26:06 +01:00
releases Strip Unicode NULL chars when normalizing paths 2018-06-27 11:19:36 -04:00
topics Typo. 2018-06-20 15:33:49 +02:00
autobuild.sh [skip ci] added commment about autobuild inside vms (#3379) 2017-02-16 21:29:10 +00:00
conf.py Removes the temporary Kickstarter banner. 2018-04-16 17:16:05 +02:00
favicon.ico add favicon to documentation 2018-03-08 12:24:13 +00:00
index.rst Added Divio Cloud notes to documentation 2018-06-16 15:51:06 -04:00
logo.png reduced size of logo 2015-07-07 14:41:41 +01:00
Makefile add way of autocompile documentation 2017-02-20 20:24:17 +00:00
README.md Eliminate reference to requirements-dev.txt 2016-02-05 15:48:01 +00:00
readthedocs.yml requirements_file not needed, but maybe pip_install is 2017-10-09 18:15:36 +01:00
requirements.txt readthedocs needs a requirements.txt, apparently 2017-10-09 19:45:07 +01:00
spelling_wordlist.txt Added more words to the spelling wordlist 2018-04-05 12:13:05 +01:00
support.rst Mention Slack on support documentation 2017-11-15 21:06:45 +00:00

README.md

Wagtail docs

These are Sphinx docs, automatically built at http://docs.wagtail.io when the master branch is committed to Github. To build them locally, install Wagtail's development requirements (in the root Wagtail directory):

pip install -e .[testing,docs]

To build the documentation for browsing, from this directory run:

make html

then open _build/html/index.html in a browser.

To rebuild automatically while editing the documentation, from this directory run:

sphinx-autobuild . _build

The online editor at http://rst.ninjs.org/ is a helpful tool for checking reStructuredText syntax.