external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
aurweb/web/html
History
Dan McGee 90485e8f42 Fix potential injection vulnerability 
We trusted the values we pulled out of the IDs array and never coerced
them to integers, passing them to the backend unescaped and uncasted.
Ensure they are treated as integers only and validate the resulting
value is > 0.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-01 20:27:49 +01:00
..
css Support for langauges written right-to-left 2011-02-18 13:52:38 +01:00
images titlelogo.png: Update again 2010-03-12 16:52:07 -05:00
account.php Use include_once where applicable 2009-08-11 13:58:12 -04:00
addvote.php Bring TU addvote into the current layout. 2009-11-23 23:57:41 -05:00
index.php Use include_once where applicable 2009-08-11 13:58:12 -04:00
logout.php Use include_once where applicable 2009-08-11 13:58:12 -04:00
packages.php Fix potential injection vulnerability 2011-03-01 20:27:49 +01:00
passreset.php Modify some strings for translation. 2010-10-07 23:07:01 -04:00
pkgsubmit.php Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL". 2011-02-27 19:46:19 +01:00
rpc.php Add usage output info for maintainer search extension 2009-09-28 18:55:50 -04:00
rss.php Use UTF-8 in RSS feeds (fixes FS#10706). 2011-01-28 15:42:29 +01:00
tu.php Do not display current votes in All Votes, and rename it as Past Votes 2010-12-04 23:03:33 -05:00
voters.php Add voter list on packages for TUs and devs. 2009-07-19 23:20:36 -04:00