mirror of
https://github.com/friendica/friendica
synced 2024-09-26 04:51:22 +02:00
Hypolite Petovan
e16b6ee6e1
* Escape HTML in the location field of a calendar event post - This allowed script tags to be interpreted in the post display of an event. * Add form security token check to /admin/phpinfo module - This prevents basic XSS attacks against /admin/phpinfo * Add form security token check to /babel module - This prevents basic XSS attacks against /babel * Prevent pass-through for attachments - This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload * Prevent overwriting cid on event edit - This allowed to share an event as any other user after zeroing the cid field of an existing event * Check form security token in /settings/userexport module - Prevents basic XSS attacks against /settings/userexport/* |
||
---|---|---|
.. | ||
Profile | ||
Server | ||
TwoFactor | ||
Account.php | ||
Addons.php | ||
Channels.php | ||
Connectors.php | ||
Delegation.php | ||
Display.php | ||
Features.php | ||
OAuth.php | ||
RemoveMe.php | ||
UserExport.php |