- Aug 09, 2014
-
-
zzz authored
-
- Aug 08, 2014
-
-
zzz authored
-
- Aug 07, 2014
- Aug 06, 2014
- Aug 05, 2014
- Aug 04, 2014
-
-
zzz authored
-
- Aug 03, 2014
-
-
zzz authored
-
zzz authored
- Fix update buttons - Don't filter parameter names starting with "nofilter_" - Re-allow configadvanced, news URL, and unsigned update URL if routerconsole.advanced=true - Re-allow plugin install if routerconsole.advanced=true or routerconsole.enablePluginInstall=true - Only allow whitelisted plugin signers, unless routerconsole.allowUntrustedPlugins=true - Re-allow clients.config changes if routerconsole.advanced=true or routerconsole.enableClientChange=true - More escaping * i2psnark: Fix add torrent form
-
- Jul 31, 2014
- Jul 27, 2014
-
-
zzz authored
-
- Jul 26, 2014
-
-
zzz authored
-
zzz authored
another escape html
-
zzz authored
-
zzz authored
Disable clients.config editing in UI Strip single quotes too Fix double-escaping in susimail folder page
-
zzz authored
-
zzz authored
Don't return null entries in getParameterValues() array Log in getParameterValues() too static
-
zzz authored
-
zzz authored
-
zzz authored
-
zzz authored
Add filter to all webapps
-
zzz authored
-
zzz authored
XSSFilter patch from str4d: XSSFilter and XSSRequestWrapper were from http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/ No provided license, but it is clearly intended for public consumption. But most of it is boilerplate provided by the Servlet Filter system. In fact, now that I have stripped out his JS-specific patterns and replaced it with the whitelist, it is effectively identical to what I would have written from scratch.
-
zzz authored
- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel) - Add Content-Security-Policy and X-XSS-Protection headers - Disable changing news feed URL from UI - Disable plugin install from UI - Disable setting unsigned update URL from UI - Disable /configadvanced * DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit) * ExecNamingService: Disable (thx joernchen of Phenoelit) * Startup: Add susimail.config to migrated files
-
str4d authored
-
- Jul 23, 2014
- Jul 22, 2014
-
-
meeh authored
Notes: Only HTTPS and SU3 (v2) support.
-
- Jul 21, 2014