external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
aurweb/web/template
History
Lukas Fleischer 69b98efa35 Re-add CRSF tokens to most package actions 
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement
token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add
virtual path support for package actions, 2012-07-17) partly reverted
this by injecting a valid CRSF token when virtual paths are in use.

This patch allows for keeping the virtual path feature, while
reintroducing POST forms and CRSF tokens. Actions like package flagging,
votes and notifications are no longer prone to CRSF (see FS#35437 for
details).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27 02:27:19 +02:00
..
stats user_table.php: Remove unused link parameter 2013-01-19 12:21:12 +01:00
account_details.php Allow for setting an account's inactivity status 2013-08-22 17:43:13 +02:00
account_edit_form.php Allow for setting an account's inactivity status 2013-08-22 17:43:13 +02:00
account_search_results.php Use echo shortcut syntax 2012-09-24 12:23:04 +02:00
actions_form.php Deprecate actions bar when virtual URLs are used 2012-09-28 08:57:25 +02:00
footer.php We live in 2013 now 2013-01-19 12:20:50 +01:00
header.php Add description meta-element to package pages 2013-01-19 12:18:13 +01:00
pkg_comment_form.php Avoid use of "$_SERVER['REQUEST_URI']" 2012-11-04 19:19:32 +01:00
pkg_comments.php pkg_comments.php: Move delete button to same line as poster info 2012-10-11 21:20:01 +02:00
pkg_details.php Re-add CRSF tokens to most package actions 2013-08-27 02:27:19 +02:00
pkg_search_form.php Use echo shortcut syntax 2012-09-24 12:23:04 +02:00
pkg_search_results.php pkg_search_results.php: Mark out-of-date packages 2012-10-14 15:07:25 +02:00
search_accounts_form.php Use echo shortcut syntax 2012-09-24 12:23:04 +02:00
template.phps rename *.inc files to *.inc.php and adjust imports and references 2011-06-22 15:15:04 +02:00
tu_details.php tu_details.php: Avoid division by zero 2013-08-26 18:02:37 +02:00
tu_last_votes_list.php Add "Last Votes by TU" list 2013-08-26 17:34:31 +02:00
tu_list.php Move "Past Votes" navigation to "Past Votes" box 2013-08-26 17:53:24 +02:00