Custom Query (2152 matches)
Results (211 - 213 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#1057 | fixed | JSONP parameter isn't escaped | dread | |
Description |
$ curl "http://127.0.0.1:5000/api/rest/package/annakarenina?callback=<script>jsoncallback" gives: <script>jsoncallback({"id": "c10ebd31-5b45-4f6f-885d-dca9b18caec4", "name": "annakarenina", "title": "A Novel By Tolstoy", which could run script code in the client who made the call. One idea for filtering: http://tav.espians.com/sanitising-jsonp-callback-identifiers-for-security.html Maybe just better to have a restricted whitelist of characters to be even more sure. Same as: https://trac.dataco.coi.gov.uk/projects/datagov/ticket/906 |
|||
#1060 | fixed | Spreadsheet importer tries to import readonly keys | dread | |
Description |
e.g. we just added notes_rendered and that is read in as an extra field. Tests failing in ckanext-importlib Also related: we are missing lost metadata_created and metadata_modified in the dumps. |
|||
#1064 | duplicate | Remove Workers from ckanext-queue | amercader | |
Description |
The current implementation of Workers in ckanext-queue is broken. Basically the various consume / callback functions expect three arguments (routing_key, operation, payload) when they are in fact receiving only two of them (message_data, message). This is fairly easy to fix, but the question is if Workers add an extra complexity to use the messaging library directly. |