mirror of
https://github.com/friendica/friendica
synced 2024-09-22 12:04:26 +02:00
Hypolite Petovan
5c5d7eb04f
* Escape HTML in the location field of a calendar event post - This allowed script tags to be interpreted in the post display of an event. * Add form security token check to /admin/phpinfo module - This prevents basic XSS attacks against /admin/phpinfo * Add form security token check to /babel module - This prevents basic XSS attacks against /babel * Prevent pass-through for attachments - This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload * Prevent overwriting cid on event edit - This allowed to share an event as any other user after zeroing the cid field of an existing event |
||
---|---|---|
.. | ||
APContact | ||
Contact | ||
Log | ||
Notification | ||
Post | ||
User | ||
APContact.php | ||
Attach.php | ||
Circle.php | ||
Contact.php | ||
Conversation.php | ||
Event.php | ||
FileTag.php | ||
GServer.php | ||
Item.php | ||
ItemURI.php | ||
Mail.php | ||
Nodeinfo.php | ||
OpenWebAuthToken.php | ||
Photo.php | ||
Post.php | ||
Profile.php | ||
PushSubscriber.php | ||
README.md | ||
Register.php | ||
Search.php | ||
Subscription.php | ||
Tag.php | ||
User.php | ||
Verb.php |
Friendica\Model
Models are the glue between the business logic of the app and the datastore(s).
In the namespace Model should only be static classes that interact with the DB with the same name as a database table.