friendica/view/theme
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
..
duepuntozero Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
frio Fix several vulnerabilities (#13927) 2024-02-22 06:53:52 +01:00
quattro Merge pull request #13795 from annando/copyright 2024-01-02 21:28:02 -05:00
smoothly The "unkmail" functionality is removed 2024-01-03 10:23:11 +00:00
vier Merge pull request #13795 from annando/copyright 2024-01-02 21:28:02 -05:00