Skip to content

Merge Develop into Master (v1.30)#2442

Merged
ObadaS merged 49 commits into
masterfrom
develop
Jul 2, 2026
Merged

Merge Develop into Master (v1.30)#2442
ObadaS merged 49 commits into
masterfrom
develop

Conversation

dconstancy and others added 9 commits June 17, 2026 12:28
Add a delete button visible to organizers on soft-deleted submissions,
and guard against None data in delete/soft_delete methods.
django.middleware.common.CommonMiddleware was listed twice in the MIDDLEWARE tuple.

Symptoms when the chain runs twice:

* For users whose django_session.session_data row cannot be verified by
  signing.loads (e.g. after a SECRET_KEY rotation), the second pass of
  CommonMiddleware.process_response runs against responses for which the
  session/messages state ends up half-initialised, surfacing as a generic
  500 page with no traceback on every 404 path, every APPEND_SLASH 301,
  and assets like /favicon.ico. With-slash URLs that match a real view
  return 200 because the corruption is silently swallowed (decode -> {}).
* Content-Length is computed twice on every response.

Removing the duplicate restores the standard middleware behaviour: a
corrupted session decodes to {} once, the user is treated as anonymous,
and 404/redirect responses are returned normally.
prevents leaking the fact a user exists when entered password is invalid

Closes #2437
…sage

refactor(login): sanitize failed login error message
…submissions

fix: allow organizers to hard-delete soft-deleted submissions
fix: allow organizers to hard-delete soft-deleted submissions
Remove duplicate CommonMiddleware from MIDDLEWARE
@Didayolo Didayolo added the Release PR develop --> master label Jun 26, 2026
@IdirLISN IdirLISN marked this pull request as ready for review July 2, 2026 12:49
@wlln wlln self-requested a review July 2, 2026 14:26
@ObadaS ObadaS merged commit c44cad6 into master Jul 2, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Release PR develop --> master

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants