mirror of
https://github.com/friendica/friendica
synced 2024-06-14 06:06:24 +02:00
Hypolite Petovan
5c5d7eb04f
* Escape HTML in the location field of a calendar event post - This allowed script tags to be interpreted in the post display of an event. * Add form security token check to /admin/phpinfo module - This prevents basic XSS attacks against /admin/phpinfo * Add form security token check to /babel module - This prevents basic XSS attacks against /babel * Prevent pass-through for attachments - This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload * Prevent overwriting cid on event edit - This allowed to share an event as any other user after zeroing the cid field of an existing event |
||
|---|---|---|
| .. | ||
| Addons | ||
| Logs | ||
| Themes | ||
| DBSync.php | ||
| Features.php | ||
| Federation.php | ||
| PhpInfo.php | ||
| Queue.php | ||
| Site.php | ||
| Storage.php | ||
| Summary.php | ||
| Tos.php | ||