starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-03-23 09:51:59 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity
Files
d6b9d30086f5f5a2919a1eb74c720cc228aafe9c
netbox/netbox/core/models
History
Jason Novinger d6b9d30086 Fixes #20442: Mark template-accessible methods with alters_data=True (#21431) 
Add alters_data=True to methods that modify database or filesystem state
and are accessible from Jinja2 sandbox template contexts:

- UserConfig.set(), clear(): Persist preference changes when commit=True
- ManagedFile.sync_data(): Writes files to scripts/reports storage
- ScriptModule.sync_classes(), sync_data(): Creates/deletes Script objects
- Job.start(), terminate(): Updates job status, creates notifications

Methods intentionally not protected:
- DataFile.refresh_from_disk(): Only modifies instance attributes in memory
- Overridden save()/delete(): Django's AltersData mixin auto-propagates
- Properties like Script.python_class: Not callable in template context

Ref: #20356 for exploit details demonstrating the vulnerability
2026-02-13 10:44:18 -08:00
..
__init__.py
Closes #19924: Record model features on ObjectType (#19939)
2025-07-30 13:05:34 -04:00
change_logging.py
Closes #19924: Record model features on ObjectType (#19939)
2025-07-30 13:05:34 -04:00
config.py
Fixes #21011: Avoid updating database when loading active ConfigRevision
2025-12-22 11:00:04 -05:00
data.py
fix(core): Use gettext_lazy in data.py
2026-01-15 12:47:05 -05:00
files.py
Fixes #20442: Mark template-accessible methods with alters_data=True (#21431)
2026-02-13 10:44:18 -08:00
jobs.py
Fixes #20442: Mark template-accessible methods with alters_data=True (#21431)
2026-02-13 10:44:18 -08:00
object_types.py
Closes #21259: Cache ObjectType results for the duration of a request (#21287)
2026-01-26 15:07:13 -08:00