It appears the officially maintained fork of flask-cache is
flask-caching https://github.com/sh4nks/flask-caching . It is fully
compatible with flask-cache.
* move access permissions methods to security manager
* consolidate all security methods into SupersetSecurityManager
* update security method calls
* update calls from tests
* move get_or_create_main_db to utils
* raise if supersetsecuritymanager is not extended
* rename sm to security_manager
* [Explore] Save url parameters when user save slices
* remove print
(cherry picked from commit bd9ecbe)
* add unit test
(cherry picked from commit 0f350ad)
* wrapping all request params into url_params
(cherry picked from commit 17197c1)
* Switched yaml.load to yaml.safe_load to prevent code execution via crafted yaml files
Python's yaml.laod can lead to code execution via crafted yaml files such as:
```
code_exec: !!python/object/apply:subprocess.check_output ['ls']
```
* Fixed XSS via bleach
It was possible to get an XSS via the markdown library via simply setting a description containing arbitary HTML tags.
It was also possible to create links that went to the `javascript:` link handler (eg `[example](javascript:alert(0)`)
Using bleach to sanitize it solves both of these.
* Added XFO header by default to prevent clickjacking attacks
Note that with this application clickjacking can be relatively severe via the SQLLab functionality
which allows executing arbitary SQL.
* Added justification for dangerouslySetInnerHTML
* Fixed linting errors
* Fixed linting errors
Funky datatypes in some databases like BLOBs will have the DBAPI return
python types that can't be serialized to JSON out of the box.
Currently, when this happens SQL Lab fails in a bad way with a gigantic
HTML error message.
This allows specifying a pessimistic JSON serializer handler that will
simply show "Unserializable [type]"
* Feature: added datepicker and time granularity options to dashboard filter
* Added option for Druid datasource time filters
* added more checkbox control over dashboard time filters
parse_human_datetime parses date-only strings, e.g. "today", returning the correct date but time set at 9am. This is an internal implementation in parsedatetime. This patch resets to midnight. If time is specified and parsed, it is correctly returned.
* sql_lab.py: compress via utils
* utils.py: added zlib_compress and zlib_compress_to_string
* core.py: converted to use zlib_decompress_to_string; renamed uncompress to decompress in utils.py
* utils_tests.py: added test for compress/decompress
* fixed broken utils test; removed redundant code and empty lines from utils.py
* utils.py: corrected docstrings, removed unnecessary 'else'
* removed yet another superfluous else
on startup, FAB spits out a bunch of logging messages that aren't useful
in most cases. This shuts them down by default. They can be turned back
on with `config.SILENCE_FAB = True`
Also shushing a flask-cache warning around setting up a null (default) cache
* Simplifying the viz interface (#2005)
* Working on dashes
* Making this a collaborative branch
* Fixing some bugs
* Fixing bugs
* More improvements
* Add datasource back in bootstrap data
* Decent state
* Linting
* Moving forward
* Some more linting
* Fix the timer
* Triggering events through state
* Lingint
* Put filters in an array instead of flt strings (#2090)
* Put filters in an array instead of flt strings
* Remove query_filter(), put opChoices into Filter
* Update version_info.json
* Fix migrations
* More renderTrigger=true
* Fixing bugs
* Working on standalone
* getting standalone to work
* Fixed forcedHeight for standalone =view
* Linting
* Get save slice working in v2 (#2106)
* Filter bugfix
* Fixing empty series limit bug
* Fixed dashboard view
* Fixing short urls
* Only allow owners to overwrite slice (#2142)
* Raise exception when date range is wrong
* Only allow owner to overwrite a slice
* Fix tests for deprecate v1 (#2140)
* Fixed tests for control panels container and filters
* Fixed python tests for explorev2
* Fix linting errors
* Add in stop button during slice querying/rendering (#2121)
* Add in stop button during slice querying/rendering
* Abort ajax request on stop
* Adding missing legacy module
* Removing select2.sortable.js because of license
* Allow query to display while slice is loading (#2100)
* Allow query to display while slice is loading
* Put latestQueryFormData in store
* Reorganized query function, got rid of tu[le return values
* Merging migrations
* Wrapping up shortner migration
* Fixing tests
* Add folder creation to syncBackend
* Fixing edit URL in explore view
* Fix look of Stop button
* Adding syntax highlighting to query modal
* Fix cast_form_data and flase checkbox on dash
* Bugfix
* Going deeper
* Fix filtering
* Deleing invalid filters when changing datasource
* Minor adjustments
* Fixing calendar heatmap examples
* Moving edit datasource button to header's right side
* Fixing mapbox example
* Show stack trace when clicking alert
* Adding npm sync-backend command to build instruction
* Bumping up JS dependencies
* rm dep on select2
* Fix py3 urlparse
* rm superset-select2.js
* Improving migration scripts
* Bugfixes on staging
* Fixing Markup viz
* Rename rv => o in the decorator.
* Address comments.
* Permissions cleanup: remove none and duplicates. (#1967)
* Updates
* Rename var and dropdown text
* Cleanup
* Resolve comments.
* Add user to the perm check.
* Cleanup fulfilled requests after approve
* Modified tests
* Moved to separate test, add user to access functions
* Moved to separate test and added test cases
* Fixed issue with dryrun
* More changes based on comments
