volse-hubzilla.git - Volse Hubzilla -- soft fork of main Hubzilla core for Volse

diff options

author	Harald Eilertsen <haraldei@anduin.net>	2022-03-20 14:37:19 +0100
committer	Harald Eilertsen <haraldei@anduin.net>	2022-03-20 15:34:24 +0100
commit	b3ca31bce7ed0dd5777458005718ba96985cbdc2 (patch)
tree	e95a34664c278c76f8c4f68fd2749c91a6d046d6 /Zotlabs/Module/Starred.php
parent	b02f6a1dae3e3fae4af4b24e65256cdf653b2515 (diff)
download	volse-hubzilla-b3ca31bce7ed0dd5777458005718ba96985cbdc2.tar.gz volse-hubzilla-b3ca31bce7ed0dd5777458005718ba96985cbdc2.tar.bz2 volse-hubzilla-b3ca31bce7ed0dd5777458005718ba96985cbdc2.zip

CVE-2022-27256: Open redirect via rpath query param.

Don't follow urls to external sites when submitting forms from the settings modules. This mitigates an Open Redirect vulnerability where an attacker could trick a user to go to an attacker controlled destination. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666

Diffstat (limited to 'Zotlabs/Module/Starred.php')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: