external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
aurweb/web/html
History
Lukas Fleischer 69b98efa35 Re-add CRSF tokens to most package actions 
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement
token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add
virtual path support for package actions, 2012-07-17) partly reverted
this by injecting a valid CRSF token when virtual paths are in use.

This patch allows for keeping the virtual path feature, while
reintroducing POST forms and CRSF tokens. Actions like package flagging,
votes and notifications are no longer prone to CRSF (see FS#35437 for
details).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27 02:27:19 +02:00
..
css pkg_details: Convert most action links to forms 2013-08-27 02:10:13 +02:00
images Remove unused image "titlelogo.png" 2012-09-18 00:59:01 +02:00
js Use minified typeahead JS from archweb 2013-03-26 00:54:18 +01:00
404.php Display an error page if a virtual path doesn't exist 2012-10-20 18:28:17 +02:00
account.php Allow for setting an account's inactivity status 2013-08-22 17:43:13 +02:00
addvote.php Add a vote type to the TU proposal form 2013-08-22 17:48:18 +02:00
home.php Use minified typeahead JS from archweb 2013-03-26 00:54:18 +01:00
index.php Re-add CRSF tokens to most package actions 2013-08-27 02:27:19 +02:00
login.php login.php: Properly link to logout page when already logged in 2012-11-24 13:20:35 +01:00
logout.php Remove unneeded database connection calls 2013-02-10 12:10:38 +01:00
packages.php Retrieve package details after package actions are processed 2013-04-20 00:22:53 +02:00
passreset.php Move reset key submission to a separate function 2013-03-19 14:03:33 +01:00
pkgdel.php Move package deletion to a separate page 2012-09-28 08:57:24 +02:00
pkgmerge.php Move package merging to a separate page 2012-09-28 08:57:25 +02:00
pkgsubmit.php pkgsubmit.php: Parse .AURINFO metadata 2013-03-09 00:33:15 +01:00
rpc.php Provide more examples on the RPC info page 2011-08-22 08:24:21 +02:00
rss.php rss.php: Update links to reflect URL changes 2012-09-21 07:35:52 +02:00
tu.php Move "Past Votes" navigation to "Past Votes" box 2013-08-26 17:53:24 +02:00
voters.php Use echo shortcut syntax 2012-09-24 12:23:04 +02:00