[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dolibarr-git] [Dolibarr/dolibarr] 77a9d4: Start fix [ bug #1437 ] Secur
From: |
Laurent Destailleur |
Subject: |
[Dolibarr-git] [Dolibarr/dolibarr] 77a9d4: Start fix [ bug #1437 ] Securitu Issue |
Date: |
Mon, 09 Jun 2014 06:10:56 -0700 |
Branch: refs/heads/3.5
Home: https://github.com/Dolibarr/dolibarr
Commit: 77a9d4eb71a7ede8e503e42104edb33035ad54ee
https://github.com/Dolibarr/dolibarr/commit/77a9d4eb71a7ede8e503e42104edb33035ad54ee
Author: Florian HENRY <address@hidden>
Date: 2014-06-09 (Mon, 09 Jun 2014)
Changed paths:
M htdocs/core/lib/security2.lib.php
M htdocs/main.inc.php
M htdocs/public/demo/index.php
M htdocs/user/class/user.class.php
M htdocs/user/class/usergroup.class.php
M htdocs/user/fiche.php
Log Message:
-----------
Start fix [ bug #1437 ] Securitu Issue
Some of them can be fix, because GETPOST even with 'alpha' test do not
warn if input is
"2%2F0%2F1234%3cscript%3ealert%2893275%29%3c%2fscript%3e"
for exemple
I don't have magical solution for this kind of security issue
Commit: 9ba4b53a88eb0d5f30f2e0424b2329f534dd0c24
https://github.com/Dolibarr/dolibarr/commit/9ba4b53a88eb0d5f30f2e0424b2329f534dd0c24
Author: Laurent Destailleur <address@hidden>
Date: 2014-06-09 (Mon, 09 Jun 2014)
Changed paths:
M htdocs/core/lib/security2.lib.php
M htdocs/main.inc.php
M htdocs/public/demo/index.php
M htdocs/user/class/user.class.php
M htdocs/user/class/usergroup.class.php
M htdocs/user/fiche.php
Log Message:
-----------
Merge pull request #1645 from FHenry/3.5
Start fix [ bug #1437 ] Securitu Issue
Compare:
https://github.com/Dolibarr/dolibarr/compare/2ec4c56f6b04...9ba4b53a88eb
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dolibarr-git] [Dolibarr/dolibarr] 77a9d4: Start fix [ bug #1437 ] Securitu Issue,
Laurent Destailleur <=