- Vendored a more secure
is_safe_urlimplementation from latest Django, instead of relying on a potentially insecure bundled version. See #17.
sudo.views.SudoViewclass based view. This is now more extensible and should be preferred over the older
SUDO_FORMsetting. It’s now suggested to subclass
SUDO_URLsetting to set the url for the sudo page.
- Bad release. :( Don’t install.
constant_time_comparewhen verifying the correct sudo token.
- Make sure to check against all
SudoForm. See #3.
- Added new setting,
SUDO_FORMwhich allows you to override the default form that is used. See #2.
- Fixed a bug when using the new
SUDO_COOKIE_SALT. If specifying a non-default salt, all cookies would be marked incorrectly as invalid.
- Don’t use
request.REQUESTanymore since that’s deprecated in modern Django. Always use
request.GETinstead since we never POSTed the
- Switch to using signed cookies for the sudo cookie, see #1.
- Added new
SUDO_COOKIE_SALTsetting to go along with the signed cookie.
- Initial release