kennethreitz-archive/www.gittip.com
1
0
Fork 0
mirror of https://github.com/kennethreitz-archive/www.gittip.com.git synced 2026-06-21 15:50:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
rubygems
www.gittip.com/gittip/models
T
History
Chad Whitacre 864b1de015 Close potential security hole 
This used to read User.query.filter_by(session_token=token), but that
generates "session_token is NULL" when token is None, and we need
"session_token = NULL", or else we will match arbitrary users(!).
This is a bit of WTF from SQLAlchemy here, IMO: it dangerously opts for
idiomatic Python over idiomatic SQL. We fell prey, at least. :-/
2013-02-22 07:12:51 -05:00
..
__init__.py
Add models for each table in the database, plus User. Relates to #446
2013-01-17 13:58:15 -06:00
absorption.py
Move to using the new way for accessing the orm in models
2013-01-17 13:58:16 -06:00
elsewhere.py
Move to using the new way for accessing the orm in models
2013-01-17 13:58:16 -06:00
exchange.py
Move to using the new way for accessing the orm in models
2013-01-17 13:58:16 -06:00
participant.py
Make initial signin friendlier; #634
2013-02-12 07:14:55 -05:00
payday.py
Fix tablename
2013-01-17 14:07:54 -06:00
tip.py
Preening; #494
2013-01-21 16:07:41 -05:00
transfer.py
Move to using the new way for accessing the orm in models
2013-01-17 13:58:16 -06:00
user.py
Close potential security hole
2013-02-22 07:12:51 -05:00