Dan Brown 349162ea13 Prevented possible XSS via link attachments ...

This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.

2020-10-31 15:01:52 +00:00

..

Actions

Updated functionality for logging failed access

2020-07-28 12:59:43 +01:00

Api

Tweaked ListingResponseBuilder to help avoid future issues

2020-04-25 22:15:59 +01:00

Auth

Fixed issue where SAML login not notifiy on existing user

2020-09-26 16:43:06 +01:00

Config

Updated locale lists for Bulgarian

2020-09-19 15:36:17 +01:00

Console

Added command to regenerate comment content

2020-05-01 23:41:47 +01:00

Entities

Updated page content related links on content id changes

2020-09-28 22:26:50 +01:00

Exceptions

Prevented entity "Not Found" events from being logged

2020-05-23 11:28:59 +01:00

Facades

Refactored some core entity actions

2019-09-20 00:18:28 +01:00

Http

Prevented possible XSS via link attachments

2020-10-31 15:01:52 +00:00

Notifications

Add feature to send test e-mails

2019-10-16 08:24:33 +02:00

Providers

Prevented possible XSS via link attachments

2020-10-31 15:01:52 +00:00

Settings

Removed setting override system due to confusing behaviour

2019-12-22 13:19:17 +00:00

Translation

Made it possible to override translations via theme system

2019-10-26 18:07:14 +01:00

Uploads

Prevented possible XSS via link attachments

2020-10-31 15:01:52 +00:00

Application.php

Ran phpcbf and updated helpers typehinting

2019-09-15 18:29:51 +01:00

helpers.php

Added audit log interface

2020-09-19 12:06:45 +01:00

Model.php

Set /app PHP code to PSR-2 standard

2018-01-28 16:58:52 +00:00

Ownable.php

Updated comment md rendering to be server-side

2020-05-01 23:24:11 +01:00