1. 16 Jan, 2013 5 commits
  2. 15 Jan, 2013 17 commits
  3. 14 Jan, 2013 1 commit
  4. 27 Dec, 2012 1 commit
  5. 14 Dec, 2012 1 commit
  6. 13 Dec, 2012 1 commit
  7. 12 Dec, 2012 1 commit
  8. 03 Dec, 2012 1 commit
  9. 30 Nov, 2012 5 commits
  10. 28 Nov, 2012 2 commits
  11. 27 Nov, 2012 3 commits
  12. 23 Nov, 2012 1 commit
  13. 22 Nov, 2012 1 commit
    • Hugh Davenport's avatar
      Bug #1079498: Fix XSS in pagination URL · 96278d74
      Hugh Davenport authored
      Currently, the url of a pagination (used for the prev/next links as
      well as the numbered pages, and also the POST action in the form tag
      used for selecting a variable limit, added in the commit listed below)
      was not santized on output. This was discovered from the group member
      search page which passed in the query as a GET paramter in the URL for
      the pages. This uses slightly different code to some of the newer
      paginations, but it may affect other places that use similar era
      pagination setup.
      
      The commit introducing the new selector for a variable limit was
       f3162f80
      
      
      
      This patch fixes this by sanitizing the url on output, in both the form
      tag and the prev/next and numbered links.
      
      CVE-2012-2253
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      Change-Id: Id9ed08ef5e61b12580e28f4b18975b2c409b594d
      96278d74