mirror of
https://github.com/friendica/friendica
synced 2025-05-11 02:24:10 +02:00
5c5d7eb04f
* Escape HTML in the location field of a calendar event post - This allowed script tags to be interpreted in the post display of an event. * Add form security token check to /admin/phpinfo module - This prevents basic XSS attacks against /admin/phpinfo * Add form security token check to /babel module - This prevents basic XSS attacks against /babel * Prevent pass-through for attachments - This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload * Prevent overwriting cid on event edit - This allowed to share an event as any other user after zeroing the cid field of an existing event |
||
|---|---|---|
| .. | ||
| ActivityPubConversion.php | ||
| Babel.php | ||
| Feed.php | ||
| ItemBody.php | ||
| Localtime.php | ||
| Probe.php | ||
| WebFinger.php | ||