mirror of https://github.com/friendica/friendica
Hypolite Petovan
e16b6ee6e1
* Escape HTML in the location field of a calendar event post - This allowed script tags to be interpreted in the post display of an event. * Add form security token check to /admin/phpinfo module - This prevents basic XSS attacks against /admin/phpinfo * Add form security token check to /babel module - This prevents basic XSS attacks against /babel * Prevent pass-through for attachments - This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload * Prevent overwriting cid on event edit - This allowed to share an event as any other user after zeroing the cid field of an existing event * Check form security token in /settings/userexport module - Prevents basic XSS attacks against /settings/userexport/* |
||
|---|---|---|
| .. | ||
| Profile | ||
| Server | ||
| TwoFactor | ||
| Account.php | ||
| Addons.php | ||
| Channels.php | ||
| Connectors.php | ||
| Delegation.php | ||
| Display.php | ||
| Features.php | ||
| OAuth.php | ||
| RemoveMe.php | ||
| UserExport.php | ||