| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Don't follow urls to external sites when submitting forms from the
settings modules. This mitigates an Open Redirect vulnerability where an
attacker could trick a user to go to an attacker controlled destination.
Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
|
|
|
|
|
|
|
|
|
|
| |
Escape URLs provided by the rpath query param in settings modules. This
prevents a possible Cross-Site scripting vulnerability, where an
attacker could inject web scripts and html into the settings form via
the rpath query parameter, and have a user execute the script by
tricking them to clicking a link.
Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
|
| |
|
|
|
|
| |
where feature settings were not synced if rpath was provided
|
|
|