From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 3 Jan 2015 12:30:36 +0000 (+0100)
Subject: Various fixes for XSS and bad crypto.  No claim to completeness.
X-Git-Tag: release-0.3.40~25
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=b33011c65aeb65e4b06b127077d6a225f764d042;hp=b33011c65aeb65e4b06b127077d6a225f764d042;p=mirror%2Fuserdir-ldap-cgi.git

Various fixes for XSS and bad crypto.  No claim to completeness.

* Fix a XSS reported in
  https://trac.torproject.org/projects/tor/ticket/14037
* Fix horrible use of crypto primitives.
* Add HMAC authentication to authtoken.
* Verify that the uid passed as a get parameters matches the
  one stored in authtoken.
---