| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Force CGI::FormBuilder->field to scalar context where necessary | Simon McVittie | 2016-12-28 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | CGI::FormBuilder->field has behaviour similar to the CGI.pm misfeature we avoided in f4ec7b0. Force it into scalar context where it is used in an argument list. This prevents two (relatively minor) commit metadata forgery vulnerabilities: * In the comments plugin, an attacker who was able to post a comment could give it a user-specified author and author-URL even if the wiki configuration did not allow for that, by crafting multiple values to other fields. * In the editpage plugin, an attacker who was able to edit a page could potentially forge commit authorship by crafting multiple values for the rcsinfo field. The remaining plugins changed in this commit appear to have been protected by use of explicit scalar prototypes for the called functions, but have been changed anyway to make them more obviously correct. In particular, checkpassword() in passwordauth has a known prototype, so an attacker cannot trick it into treating multiple values of the name field as being the username, password and field to check for. OVE-20161226-0001 | ||
| * | notifyemail: Fix bug that caused duplicate emails to be sent when site was ↵ | Joey Hess | 2013-05-18 |
| | | | | | rebuilt. | ||
| * | allow users to subscribe to comments w/o registering | Joey Hess | 2012-04-02 |
| | | | | | | | | | | | Technically, when the user does this, a passwordless account is created for them. The notify mails include a login url, and once logged in that way, the user can enter a password to get a regular account (although one with an annoying username). This all requires the passwordauth plugin is enabled. A future enhancement could be to split the passwordless user concept out into a separate plugin. | ||
| * | passwordauth: Fix url in password recovery email to be absolute. | Joey Hess | 2012-04-02 |
| | | | | | | This got broken when cgiurl began often returning a relative url. Added a cgiurl_abs for the things that need a guaranteed absolute cgiurl. | ||
| * | more fixes to subscription prefs | Joey Hess | 2012-03-28 |
| | | |||
| * | don't force old subscriptions value when posting | Joey Hess | 2012-03-28 |
| | | |||
| * | fix adding first subscription to pagespec | Joey Hess | 2012-03-28 |
| | | |||
| * | remove misc section | Joey Hess | 2012-03-28 |
| | | |||
| * | polishing notifyemail | Joey Hess | 2012-03-28 |
| | | |||
| * | finish notifyemail plugin | Joey Hess | 2012-03-28 |