friendica/view
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
..
fonts spelling: under 2023-03-26 20:04:18 -04:00
install spelling: communication 2023-03-26 16:03:22 -04:00
js Deprecate use of [*] BBCode tag for list items in favor of [li] 2024-02-09 20:33:42 -05:00
lang Disallow mail addresses for registration (#13920) 2024-02-19 09:33:20 +01:00
php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
smarty3 another -x 2017-12-05 07:26:02 +01:00
templates Fix several vulnerabilities (#13927) 2024-02-22 06:53:52 +01:00
theme Fix several vulnerabilities (#13927) 2024-02-22 06:53:52 +01:00
.htaccess [apache2] Add public asset caching 2018-03-07 08:07:59 -05:00
global.css Frio: The activity buttons now have got counters 2023-11-04 12:57:54 +00:00