external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
aurweb/web/lib
History
canyonknight ec332bb7e6 Fix account privilege escalation vulnerability 
A check is only done to verify a Trusted User isn't promoting their
account. An attacker can send tampered account type POST data to
change their "User" level account to a "Developer" account.

Add check so that all users cannot increase their own account
permissions.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-11-29 23:23:12 +01:00
..
Archive Add Archive_Tar class to lib/ 2012-10-27 18:13:46 -04:00
acctfuncs.inc.php Fix account privilege escalation vulnerability 2012-11-29 23:23:12 +01:00
aur.inc.php Link to the HTTPs login page in the header 2012-10-21 02:50:06 +02:00
aurjson.class.php aurjson.class.php: Limit number of RPC results 2012-10-22 12:33:13 +02:00
cachefuncs.inc.php Migrate all DB code to use PDO 2012-09-18 00:58:46 +02:00
config.inc.php.proto aurjson.class.php: Limit number of RPC results 2012-10-22 12:33:13 +02:00
feedcreator.class.php Avoid use of "<b>"/"</b>" 2012-09-24 12:23:05 +02:00
gettext.php Add php-gettext libraries to "web/lib/". 2011-04-10 15:40:49 +02:00
pkgfuncs.inc.php pkgfuncs.inc.php: Rework query to avoid "Required by" duplicates 2012-11-15 20:03:33 +01:00
routing.inc.php routing.inc.php: Return proper (non-virtual) URIs 2012-11-04 19:14:11 +01:00
stats.inc.php stats.inc.php: Document all functions using PHPDoc format 2012-09-24 02:04:03 +02:00
streams.php Add php-gettext libraries to "web/lib/". 2011-04-10 15:40:49 +02:00
translator.inc.php Avoid use of "<b>"/"</b>" 2012-09-24 12:23:05 +02:00
version.inc.php Release 2.0.1 2012-11-07 01:00:43 +01:00