Commit Graph

7 Commits

Author SHA1 Message Date
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
Michael 972c9f7bc0 Issue 9743: Added translatable texts 2021-03-08 21:17:27 +00:00
Hypolite Petovan a382798999 Add some more result panels to Babel 2020-12-04 07:29:48 -05:00
Hypolite Petovan da50456675 Add Twitter source debug to Debug\Babel 2020-07-17 17:14:13 -04:00
Hypolite Petovan b0dc3d6cf9 Improve Babel code
- Add Diaspora source text choice
- Simplify escaped display
2020-03-11 09:01:17 -04:00
Hypolite Petovan 52ca6f34cd Unescape babel result panel content 2018-12-25 11:37:57 -05:00
Hypolite Petovan 71c1be8207 Add external template to mod/babel
- Add HTML methods diagnostic
2018-03-08 23:48:32 -05:00