The branch "master" has been updated. The following is a summary of the commits.
from: 0cc65e4212f65a223089cf995e8d80c937c765fa 2884204 [mms] SECURITY: Fix token validation of AJAX actions. c71cb85 Fix XSS on SmartMobile portal 642f9c1 [mms] SECURITY: Fix XSS vulnerability on smartmobile portal page (João Machado <[email protected]>). 6a6e5c7 Better way of iterating through rulesets ----------------------------------------------------------------------- commit 2884204d9b175d8729c1e662ba53cbeb9c03e7e6 Author: Michael M Slusarz <[email protected]> Date: Thu Mar 28 11:58:10 2013 -0600 [mms] SECURITY: Fix token validation of AJAX actions. Mea culpa. This commit broke things: commit 83dcfa1448ba2b142623839aee78a2160eb25cb0 Author: Michael M Slusarz <[email protected]> Date: Wed Oct 17 13:27:10 2012 -0600 [mms] Allow AJAX handler methods to be marked externally accessible (i.e. no session token checking) (Bug #11538). This commit failed to extend the injector to pass the token argument to the AJAX Application handler. Although we should always do this check, regardless of whether the token is empty anyway. framework/Core/lib/Horde/Core/Ajax/Application.php | 5 ++--- framework/Core/lib/Horde/Core/Factory/Ajax.php | 5 +++-- framework/Core/package.xml | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) http://git.horde.org/horde-git/-/commit/2884204d9b175d8729c1e662ba53cbeb9c03e7e6 ----------------------------------------------------------------------- commit c71cb8590098ea4e1da4a183cc26fd5ac5d412c0 Author: João Machado <[email protected]> Date: Thu Mar 28 10:31:26 2013 +0000 Fix XSS on SmartMobile portal Signed-off-by: Michael M Slusarz <[email protected]> horde/templates/portal/smartmobile.inc | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) http://git.horde.org/horde-git/-/commit/c71cb8590098ea4e1da4a183cc26fd5ac5d412c0 ----------------------------------------------------------------------- commit 642f9c1b80e5ae384fe7b817270b2af596bf8c7f Author: Michael M Slusarz <[email protected]> Date: Thu Mar 28 12:02:01 2013 -0600 [mms] SECURITY: Fix XSS vulnerability on smartmobile portal page (João Machado <[email protected]>). horde/docs/CHANGES | 2 ++ horde/package.xml | 2 ++ 2 files changed, 4 insertions(+), 0 deletions(-) http://git.horde.org/horde-git/-/commit/642f9c1b80e5ae384fe7b817270b2af596bf8c7f ----------------------------------------------------------------------- commit 6a6e5c71858d5f50cdad33005558857cc660b566 Author: Michael M Slusarz <[email protected]> Date: Thu Mar 28 12:39:34 2013 -0600 Better way of iterating through rulesets framework/Core/lib/Horde/Themes/Css.php | 32 ++++++++++++++++-------------- 1 files changed, 17 insertions(+), 15 deletions(-) http://git.horde.org/horde-git/-/commit/6a6e5c71858d5f50cdad33005558857cc660b566
-- commits mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: [email protected]
