Preview branch sync with latest plan#203
Open
rahulsahay-shipsy wants to merge 1885 commits intoshipsy:previewfrom
Open
Preview branch sync with latest plan#203rahulsahay-shipsy wants to merge 1885 commits intoshipsy:previewfrom
rahulsahay-shipsy wants to merge 1885 commits intoshipsy:previewfrom
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| # redirect to referer path | ||
| url = urljoin(base_host(request=request, is_app=True), path) | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| path = get_redirection_path(user=user) | ||
| # redirect to referer path | ||
| url = urljoin(base_host(request=request, is_app=True), path) | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| ) | ||
| # redirect to referer path | ||
| url = urljoin(base_host(request=request, is_app=True), path) | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| path = get_redirection_path(user=user) | ||
| # redirect to referer path | ||
| url = urljoin(base_host(request=request, is_app=True), path) | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| user_login(request=request, user=user, is_space=True) | ||
| # redirect to next path | ||
| url = f"{base_host(request=request, is_space=True)}{str(next_path) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| user_login(request=request, user=user, is_space=True) | ||
| # redirect to referer path | ||
| url = f"{base_host(request=request, is_space=True)}{str(next_path) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| # redirect to referer path | ||
| path = str(next_path) if next_path else "" | ||
| url = f"{base_host(request=request, is_space=True)}{path}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| user_login(request=request, user=user, is_space=True) | ||
| # redirect to referer path | ||
| url = f"{base_host(request=request, is_space=True)}{str(next_path) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| # Log the user out | ||
| logout(request) | ||
| url = f"{base_host(request=request, is_space=True)}{str(validate_next_path(next_path)) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
| return HttpResponseRedirect(url) | ||
| except Exception: | ||
| url = f"{base_host(request=request, is_space=True)}{str(validate_next_path(next_path)) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
|
|
||
| # redirect to referer path | ||
| url = urljoin(base_host(request=request, is_app=True), path) | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| path = get_redirection_path(user=user) | ||
| # redirect to referer path | ||
| url = urljoin(base_host(request=request, is_app=True), path) | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| ) | ||
| # redirect to referer path | ||
| url = urljoin(base_host(request=request, is_app=True), path) | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| path = get_redirection_path(user=user) | ||
| # redirect to referer path | ||
| url = urljoin(base_host(request=request, is_app=True), path) | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| user_login(request=request, user=user, is_space=True) | ||
| # redirect to next path | ||
| url = f"{base_host(request=request, is_space=True)}{str(next_path) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| # redirect to referer path | ||
| path = str(next_path) if next_path else "" | ||
| url = f"{base_host(request=request, is_space=True)}{path}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| user_login(request=request, user=user, is_space=True) | ||
| # redirect to referer path | ||
| url = f"{base_host(request=request, is_space=True)}{str(next_path) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| # Log the user out | ||
| logout(request) | ||
| url = f"{base_host(request=request, is_space=True)}{str(validate_next_path(next_path)) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| return HttpResponseRedirect(url) | ||
| except Exception: | ||
| url = f"{base_host(request=request, is_space=True)}{str(validate_next_path(next_path)) if next_path else ''}" | ||
| return HttpResponseRedirect(url) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
| const DEFAULT_TITLE = "Plane"; | ||
| const DEFAULT_DESCRIPTION = "Made with Plane, an AI-powered work management platform with publishing capabilities."; | ||
| try { | ||
| const response = await fetch(`${process.env.NEXT_PUBLIC_API_BASE_URL}/api/public/anchor/${anchor}/meta/`); |
Check failure
Code scanning / CodeQL
Server-side request forgery
* chore: top nav power k search menu enhancements * chore: expandable search panel refactor
…8184) * feat: implement cover image handling and static image selection - Added functionality to handle cover image uploads and selections in project and profile forms. - Introduced a new helper for managing cover images, including static images and uploaded assets. - Updated components to utilize the new cover image helper for displaying and processing cover images. - Added a set of static cover images for selection in the image picker. - Enhanced error handling for image uploads and processing. This update improves the user experience by providing a more robust cover image management system. * refactor: rename STATIC_COVER_IMAGES_ARRAY to STATIC_COVER_IMAGES for consistency - Updated the cover image helper to export STATIC_COVER_IMAGES instead of STATIC_COVER_IMAGES_ARRAY. - Adjusted the ImagePickerPopover component to utilize the renamed export for rendering static cover images. * feat: enhance project creation and image handling - Introduced default project form values with a random emoji for logo props. - Updated cover image handling in various components, ensuring consistent usage of the new cover image helper. - Refactored image picker to improve search functionality and loading states. - Removed unused constants and streamlined cover image type checks for better clarity and performance. This update enhances the user experience in project creation and image selection processes. * refactor: simplify cover image type definition and clean up code - Removed duplicate type from TCoverImageType, streamlining the definition. - Cleaned up whitespace in the cover image helper for improved readability. This update enhances code clarity and maintains consistency in cover image handling. * refactor: update cover image type definitions and simplify logic - Changed ICoverImageResult and ICoverImagePayload interfaces to type aliases for better clarity. - Simplified the logic in getCoverImageDisplayURL function to enhance readability and maintainability. This update improves the structure and clarity of the cover image helper code. * refactor: remove unused project cover image endpoint and update cover image handling - Removed the ProjectPublicCoverImagesEndpoint and its associated URL from the project. - Updated the cover image handling in the cover-image helper to utilize imported assets instead of static paths. - Cleaned up the ProjectFavoritesViewSet and FileService by removing the now obsolete getProjectCoverImages method. This update streamlines the cover image management and eliminates unnecessary code, enhancing overall maintainability. * refactor: update cover image imports to new asset structure - Replaced static path imports for cover images with updated paths to the new asset structure. - This change improves organization and maintainability of cover image assets in the project. This update aligns with recent refactoring efforts to streamline cover image handling. * feat: add additional cover images to the helper - Imported new cover images (24 to 29) into the cover-image helper. - This update expands the available cover image options for use in the project, enhancing visual variety. * refactor: remove ProjectPublicCoverImagesEndpoint from project URLs and views * refactor: update cover image imports to include URL query parameter - Modified cover image imports in the cover-image helper to append a URL query parameter for better asset handling. - This change enhances the way cover images are processed and utilized within the project. * refactor: extract default project form values into a utility function - Created a new utility function `getProjectFormValues` to encapsulate the default project form values. - Updated the `CreateProjectForm` component to use this utility function for setting default form values, improving code organization and maintainability. * feat: integrate project update functionality in CreateProjectForm - Added `updateProject` method to the `CreateProjectForm` component for updating project cover images after creation. - Enhanced cover image handling by ensuring the correct URL is set for both uploaded and existing cover images. This update improves the project creation workflow and ensures cover images are accurately updated. * fix: update documentation for cover image handling - Corrected the comment regarding local static images to reflect that they are served from the assets folder instead of the public folder. - This change ensures accurate documentation for the `getCoverImageType` and `getCoverImageDisplayURL` functions, improving clarity for future developers. * feat: implement random cover image selection for project forms - Replaced the default cover image URL with a new utility function `getRandomCoverImage` that selects a random cover image from the available options. - Updated the `getProjectFormValues` function to utilize this new method, enhancing the project creation experience with varied cover images. --------- Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* chore: app rail context added * chore: dock/undock app rail implementation * chore: refactor * chore: code refactor * chore: code refactor
* fix: upgrade prettier oxc plugin version * fix: type errors
* chore: user menu code refactor * chore: CustomizeNavigationDialog enhancements
* fix: refactor uploader * fix: props * fix: sites fix
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* chore(deps): upgrade psycopg packages to version 3.3.0 * chore: update Python version to 3.12.x in CI workflow * refactor: clean up imports and improve code formatting across multiple files
* chore: add bot user to workspace seed task * refactor: use BotTypeEnum for bot type in workspace seed task * refactor: update bot user display name and last name in workspace seed task * fix: return empty dictionary for missing cycle and module seeds in workspace seed task
…#8049) * chore: update use_case type from string to array * chore: convert use_case field to JSONField with array support * feat: implement multi-select UI for use case in onboarding * chore: code refactor * chore: revert backend changes * chore: code refactor * chore: code refactor * chore: code refactor
… props and structure (#8262)
…umns and introduce new login labels (#8260)
…out enhancements (#8263)
* feat: add no_activity flag to control issue activity tracking during partial updates * refactor: rename no_activity flag to skip_activity for clarity in issue activity tracking * enhance description input handling with migration update support * feat: implement skip_activity flag to conditionally log issue updates during partial updates * refactor: skip-activity * feat: add migration description update check to conditionally log issue updates --------- Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* fix: project sort order * chore: updated queryset for sort_order
* chore: admin folder structure * fix: copy right check and formatting * fix: types
Added missing translations for: - Profile preferences (language, timezone settings) - Account settings sections (preferences, notifications, security, api-tokens, activity) - Workspace settings (billing, exports, webhooks headings/descriptions) - Project settings (states, labels, estimates, automations headings/descriptions) - Power-K command palette (contextual actions, navigation, creation, preferences, help) - Sidebar elements (stickies, your_work, pin/unpin) - Common actions (copy_markdown, overview) - Navigation customization options
* fix: project extended sidebar accordion ux * fix: app sidebar mobile responsiveness ux * chore: code refactor
* refactor: table drag preview using decorations * fix: history meta for table drag state
* chore: sortBySelectedFirst and sortByCurrentUserThenSelected utils added * chore: members dropdown updated * chore: module dropdown updated * chore: project and label dropdown updated * chore: code refactor
* refactor(auth): add PASSWORD_TOO_WEAK error code and update related error handling in password change flow * fix(auth): update import to use type for EAuthenticationErrorCodes in security page * Update apps/web/app/(all)/profile/security/page.tsx Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update apps/web/app/(all)/[workspaceSlug]/(settings)/settings/account/security/page.tsx Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * refactor: updated auth error exception accross zxcvbn usages * fix: improve error handling for password strength validation and update error messages * i18n(ru): update Russian translations for stickies and automation description Added translation for 'stickies' and improved formatting of the automation description in Russian locale. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: user avatar ui consistency * chore: code refactor
…se ModuleUpdateSerializer (#8496)
…dation #8508 - Modified the invite link to include a token for enhanced security. - Updated the WorkspaceJoinEndpoint to validate the token instead of the email. - Adjusted the workspace invitation task to generate links with the token. - Refactored the frontend to handle token in the invitation process. Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: add intake_count in project list endpoint * chore: sidebar project navigation intake count added * fix: filter out closed intake issues in the count * chore: code refactor * chore: code refactor * fix: filter out deleted intake issues --------- Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
* fix: open intake count at sidebar header * chore: reverted inbox store arguments to core store * fix: intake count update
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
…cation and workspace forms (#8528) * chore(security): implement input validation across authentication and workspace forms - Add OWASP-compliant autocomplete attributes to all auth input fields - Create centralized validation utilities blocking injection-risk characters - Apply validation to names, display names, workspace names, and slugs - Block special characters: < > ' " % # { } [ ] * ^ ! - Secure sensitive input fields across admin, web, and space apps * chore: add missing workspace name validation to settings and admin forms * feat: enhance validation regex for international names and usernames - Updated regex patterns to support Unicode characters for person names, display names, company names, and slugs. - Improved validation functions to block injection-risk characters in names and slugs.
#8493 Add client-side checks for double extensions, dangerous file types, dot files, and path traversal patterns. Addresses security audit recommendations for file upload validation.
…elds #8517 Disable autocomplete on authentication and security-related forms to prevent browsers from storing sensitive credentials. This affects sign-in, password reset, account security, and onboarding forms across admin, web, and space apps. Modified components: - Auth forms (email, password, unique code, forgot/reset/set password) - Account security pages - Instance setup and profile onboarding - Shared UI components (auth-input, password-input)
…ial characters (#8529) * chore: update ProjectSerializer to raise validation for special characters in name and identifier * chore: update external endpoints * fix: external api serializer validation * update serializer to send error code * fix: move the regex expression to Project model
* migration: added archived_at in IssueView * fix: lint
* fix: idor issues in project assets and issue attachements * fix: comments
* Update README to remove Discord and add Forum link Removed Discord badge and replaced Releases link with Forum link. * Fix forum link in README.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.