clone/vikunja
1
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-15 00:12:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
vikunja/pkg
History
Tink bot aa1956e1aa fix(oauth2server): accept all loopback redirect forms 
Hardcoding the three exact strings localhost / 127.0.0.1 / ::1 rejected
legitimate loopback redirects like 127.0.0.2:1234 (anywhere in 127.0.0.0/8)
or [0:0:0:0:0:0:0:1]:1234 (expanded IPv6 loopback). Use net.IP.IsLoopback()
to cover the full loopback ranges, and match "localhost" case-insensitively.
0.0.0.0 stays rejected as it is not a loopback address.

https://claude.ai/code/session_01LsTDrCJ7trE6WQ4FYf78UB
2026-05-07 22:03:49 +00:00
..
caldav
fix(caldav): escape user-controlled strings per RFC 5545 in VCALENDAR output
2026-04-09 15:44:04 +00:00
caldavtests
fix(caldav): skip tests for known CalDAV bugs and fix timing issues
2026-04-02 11:34:55 +00:00
cmd
fix(cli): guard last admin on scheduled CLI deletion path
2026-04-20 18:55:06 +00:00
config
feat: always enable bot users
2026-05-04 10:38:53 +00:00
cron
fix: correct license header references (#882)
2025-06-10 12:18:38 +02:00
db
feat(user): always include own bots in user search
2026-05-01 14:44:10 +00:00
doctor
feat(auth): enforce OpenID Connect issuer uniqueness across providers
2026-03-30 22:41:50 +00:00
e2etests
test(webhook): assert bad webhook is retried in no-duplicate test
2026-04-09 09:26:04 +00:00
events
feat: add InitEventsForTesting and Unfake for real event dispatch in tests
2026-03-05 12:49:27 +01:00
files
fix(files): derive file size from reader at creation boundary
2026-04-09 16:22:56 +00:00
health
feat: introduce shared health check logic (#1073)
2025-07-02 21:01:41 +00:00
i18n
chore(i18n): update translations via Crowdin
2026-04-24 01:46:52 +00:00
initialize
feat: add license comments for agents and humans
2026-04-15 10:32:37 +00:00
license
fix(license): degrade to free when servers unreachable or key rejected
2026-04-20 18:55:06 +00:00
log
fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests
2026-04-03 18:30:39 +00:00
mail
fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests
2026-04-03 18:30:39 +00:00
metrics
fix: correct license header references (#882)
2025-06-10 12:18:38 +02:00
migration
feat(migration): add bot_owner_id column to users
2026-05-01 14:44:10 +00:00
models
fix(models): allow user-delete cascade to complete for disabled creators
2026-05-06 16:08:16 +02:00
modules
fix(oauth2server): accept all loopback redirect forms
2026-05-07 22:03:49 +00:00
notifications
fix(notifications): escape markdown in user-controlled strings in email lines
2026-04-09 15:44:04 +00:00
plugins
test(plugins): add yaegi plugin integration tests
2026-03-30 20:44:46 +00:00
red
fix: correct license header references (#882)
2025-06-10 12:18:38 +02:00
routes
fix(static): Correct the API_URL value to replace in index.html
2026-05-06 16:31:48 +00:00
swagger
[skip ci] Updated swagger docs
2026-05-04 11:19:21 +00:00
user
feat: always enable bot users
2026-05-04 10:38:53 +00:00
utils
fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients
2026-04-09 07:31:08 +00:00
version
fix: correct license header references (#882)
2025-06-10 12:18:38 +02:00
web
refactor(handler): return domain error for forbidden instead of echo.HTTPError
2026-04-21 09:23:13 +00:00
websocket
feat(websocket): add notification event with XORM AfterInsert dispatch
2026-04-02 16:30:23 +00:00
webtests
test(admin): add webtests for /admin/* endpoints and share bypass
2026-04-20 18:55:06 +00:00
yaegi_symbols
feat(user): extract last-admin guard and close invariant gaps
2026-04-20 18:55:06 +00:00