Tim Abbott c85e00e02e analytics: Remove buggy HttpResponseNotFound text. ... Had this been in normal route, this would have been an XSS bug, as we were passing what the developer clearly believed to be plain text into an HTML 404 page. The affected routes have @require_server_admin, a permission that we do not expect any self-hosted users to have ever enabled (as it is undocumented and doing so is only possible manually via a `manage.py shell`, and we believe to only be useful for running a SaaS service like zulip.com). So the security impact is limited to a handful of staff of zulip.com and this isn't a candidate for a CVE. Thanks to GitHub's CodeQL for finding this.		2021-03-18 12:22:02 -07:00
..
lib	python: Manually convert more percent-formatting to f-strings.	2020-06-14 23:27:22 -07:00
management	database: Remove short_name from UserProfile.	2020-07-17 11:15:15 -07:00
migrations	migrations: Upgrade migrations to remove duplicates in all Count tables.	2020-07-30 15:18:07 -07:00
tests	database: Remove short_name from UserProfile.	2020-07-17 11:15:15 -07:00
__init__.py	Create "analytics" app with activity reports.	2013-11-06 12:07:32 -05:00
models.py	python: Sort imports with isort.	2020-06-11 16:45:32 -07:00
urls.py	urls: Migrate analytics urls to use modern django patterns.	2020-06-23 15:02:42 -07:00
views.py	analytics: Remove buggy HttpResponseNotFound text.	2021-03-18 12:22:02 -07:00