Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Sep 13 2017 05:48
    loechel closed #5
  • Sep 13 2017 05:48
    loechel commented #5
  • Aug 29 2017 15:22
    frapell commented #2
  • Aug 29 2017 15:21
    frapell commented #4
  • Aug 29 2017 15:19
    frapell commented #7
  • Aug 29 2017 11:02
    Shriyanshagro edited #7
  • Aug 29 2017 08:49
    Shriyanshagro labeled #7
  • Aug 29 2017 08:49
    Shriyanshagro opened #7
  • Aug 29 2017 07:29

    Shriyanshagro on master

    test fixes (compare)

  • Aug 29 2017 07:28

    Shriyanshagro on tests

    errorLog while exporting #1 merge fix merge fix and 7 more (compare)

  • Aug 29 2017 07:07

    Shriyanshagro on master

    Updated Readme updated changeLog Merge branch 'Doc' (compare)

  • Aug 29 2017 07:07

    Shriyanshagro on Doc

    updated changeLog (compare)

  • Aug 29 2017 07:02

    Shriyanshagro on Doc

    Updated Readme (compare)

  • Aug 29 2017 07:00

    Shriyanshagro on Doc

    tests and risks (compare)

  • Aug 29 2017 06:56

    Shriyanshagro on Doc

    tests and risks (compare)

  • Aug 29 2017 06:53

    Shriyanshagro on Doc

    Update README.rst (compare)

  • Aug 29 2017 06:48

    Shriyanshagro on Doc

    Update README.rst (compare)

  • Aug 29 2017 06:47

    Shriyanshagro on Doc

    Update README.rst (compare)

  • Aug 29 2017 06:21

    Shriyanshagro on Doc

    Update README.rst (compare)

  • Aug 28 2017 20:39
    Shriyanshagro closed #6
Alexander Loechel
@loechel
it would be good to do so, but if it is alreay in your first version that would also be ok
Kumar Akshay
@kakshay21
ok, as you say.
"Add the ability to upload from another site. A site owner could enter a url and authenticate, and then stream content between sites, which would cut down the extra burden of handling and tracking of files."
As the idea page suggest this feature to add, Any Idea on this?
Alexander Loechel
@loechel
I guess @djay did have the idea on that
Alexander Loechel
@loechel
@kakshay21 did the test run locally on your computer?
at least code-analysis did give me a bunch of errors
Kumar Akshay
@kakshay21
Flake8 gave me few error in which line length was more than 79. I ignored those cases.
and one repeated one with E722 do not use bare except'
Alexander Loechel
@loechel
Code-analysis did use flake8 with several add-ons
Kumar Akshay
@kakshay21
Okay let me install code-analysis and fix those as well
Alexander Loechel
@loechel
the buildout should install it, and is also executed in travis run
Kumar Akshay
@kakshay21
then how would i run code-analysis? Is it initiated while running tests?
Alexander Loechel
@loechel
./bin/code-analysis
Kumar Akshay
@kakshay21
okay, let me check
Dylan Jay
@djay
@kakshay21 there has always been indian people at the plone conferences. There are some companies. you just need to find them
Kumar Akshay
@kakshay21
@djay Yeah I found out initial pointer on this thread
Dylan Jay
@djay
local python meetup is always a good idea too
Kumar Akshay
@kakshay21
I love python meetups, last year I attended several Pydata and Django meetups. Thanks 👍
Dylan Jay
@djay
hi @Shriyanshagro @kakshay21 I'm not sure if this work is continuting under GSOC?
but I found a potential security problem with the current code
Shriyansh Agrawal
@Shriyanshagro
Yes, this project is not focused under GSoC'18 projects
However, me and akshay had a dialogue to finish this up later, if possible.
Anyway what security issue have you faced?
Dylan Jay
@djay
we are using it now and my developer noticed that its possible to upload a csv that references local files on disk to upload
is that feature restricted to just when a plone instance is in debug mode?
Dylan Jay
@djay
without restriction you could use this to get access to files on disk
Kumar Akshay
@kakshay21
Hi @djay
As @Shriyanshagro mentioned this project is not under GSoC 18. But we are planning to contribute after we finish our projects.
I think for now we should create an issue in the repo. And investigate and possibly fix it in time as it's a security issue and should not be delayed.
Shriyansh Agrawal
@Shriyanshagro
@djay okay, afair it should log an error if files referenced are out of zip or have no access. In any case, the program will not stop but simply log all errors.
Dylan Jay
@djay
what do you mean?
its not intentional to allow access to the filesystem?
you don't unzip to the actual filesystem do you?
Shriyansh Agrawal
@Shriyanshagro
Basically the addon has only access to what has been uploaded using zip or alone. If any field in csv referred to file other than uploaded then it will log an error and ignore related modifications.
Also, the uploading of zip was taken care by some plone builtin tool(api) which I have not modified so I don't remember any case when addon was trying to access local system files.
Alexander Loechel
@loechel
@djay if you think there is something that could be security critical, please drop a note to the plone security team with more instructions, we might have more experiance to see problematic code parts.
Shriyansh Agrawal
@Shriyanshagro
Hey @djay so were you able to solve the issue? Also, did you logged it somewhere on web where we can look more closely to it?
Shriyansh Agrawal
@Shriyanshagro
Also folks I don’t know if you are already aware or not. I’ve again got a chance to participate in gsoc this year.
And this time I’m working on collective.ifttt addon which basically allows Plone sites to interact with 3rd party web services using IFTTT Applet.
Isn’t it’s exciting?? 😆
With this there is tremendous possibility of automation for Plone sites to interact within WEB3.0 (where web services interact with each other)
Kindly have a look to it. And suggest any possible features or IFTTT Applets you want to enable. 🙂
Shriyansh Agrawal
@Shriyanshagro
You guys can follow my weekly progress here https://github.com/collective/collective.ifttt/wiki
Dylan Jay
@djay
@Shriyanshagro I was told not to log it on the web. All I can say is make sure you code doesn't allow any filesystem access
both during import and export
Dylan Jay
@djay
to be perfectly honest I don't care about IFTTT in plone. Leaving plone with a half done importexport solution has been a disappointment.
Shriyansh Agrawal
@Shriyanshagro
I understand the importance of plone.importexport but I remeber before this summer when there was a proposal to finish it off. Someone (I guess @loechel ) said that there is already a planned or to be planned sprint session for this?
Also @djay I understand that you are not able to appreciate this project at this point of time but I believe it's just a matter of time when you discover the improtance of webhooks in Plone.
Web 1.0 and Web 2.0 were so yesterday, it's now the time of WEB 3.0 (where web services interact and serve content to each other)
Kumar Akshay
@kakshay21
@djay After we finish of with our GSoC project (mine is Command Line Plone Tools) @Shriyanshagro and I will hopefully continue plone.importexport project.
Alexander Loechel
@loechel
@djay If you think that GSoC Student should work on other projects that the ones that they have proposed and accepted for, than contact the plone board or GSoC Admins, but don't yell at the students.
@djay if you think that a certain feature is important for Plone the Project, but no one is working on that, either pick it up yourself or fund work on it.
Dylan Jay
@djay
No one is yelling . no one is saying they are working on the wrong project.
I simply said the end result of one project last year was disappointing. Please reread what I wrote
@loechel Dont put words into my.mouth
Disappointing to me personally