TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-24 10:15:47 -04:00
Code Issues Packages Projects Releases Wiki Activity
30,666 Commits 3 Branches 151 Tags
dev
Commit Graph

7 Commits

Author SHA1 Message Date
Harald Eilertsen
951800eca6 Several issues discovered by PHPStan 2024-11-14 18:40:15 +00:00
Harald Eilertsen
b3ca31bce7 CVE-2022-27256: Open redirect via rpath query param. 
Don't follow urls to external sites when submitting forms from the
settings modules. This mitigates an Open Redirect vulnerability where an
attacker could trick a user to go to an attacker controlled destination.

Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
 2022-03-20 15:34:24 +01:00
Harald Eilertsen
d35609f33a CVE-2022-27258: XSS via rpath query param. 
Escape URLs provided by the rpath query param in settings modules. This
prevents a possible Cross-Site scripting vulnerability, where an
attacker could inject web scripts and html into the settings form via
the rpath query parameter, and have a user execute the script by
tricking them to clicking a link.

Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
 2022-03-20 15:34:24 +01:00
Mario
328685d2fb move from build_sync_packet() to Libsync::build_sync_packet() 2020-04-09 09:38:36 +00:00
Mario Vavti
d4af745fc8 move *_divmore_height setting to the module extra_settings, and fix issue where feature settings were not synced if rpath was provided 2018-10-04 21:38:39 +02:00
Mario Vavti
7dadf387e5 indicate locked features 2018-10-01 11:01:56 +02:00
Mario
85e06a77af add file 2018-09-24 09:34:28 +02:00