Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
..
2020-03-08 20:24:17 +01:00
2023-03-26 20:04:07 -04:00
2023-10-11 04:09:44 +02:00
2023-08-20 14:26:27 -04:00
2023-03-26 16:14:16 -04:00
2022-06-25 23:04:00 +02:00
2022-11-02 11:27:31 -04:00
2024-02-22 06:53:52 +01:00
2015-08-08 17:33:43 +02:00
2023-09-16 04:20:38 +00:00
2019-10-03 22:40:42 -04:00
2023-10-14 14:15:40 -04:00
2019-05-05 17:02:17 +02:00
2024-01-07 21:40:01 +01:00
2024-01-07 21:40:01 +01:00
2024-01-07 21:40:01 +01:00
2024-01-07 21:40:01 +01:00
2018-09-20 21:01:05 -04:00
2019-05-04 13:08:31 +02:00
2023-03-26 16:03:23 -04:00
2020-08-06 22:59:09 -04:00
2021-03-08 21:17:27 +00:00
2019-05-10 10:52:53 +02:00
2023-03-26 16:03:23 -04:00
2021-06-14 12:38:42 +00:00
2021-06-14 12:38:42 +00:00
2022-12-03 21:15:08 +00:00
2018-01-22 20:45:42 -05:00