projects / mirror / userdir-ldap-cgi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b0f8e57) | patch
Various fixes for XSS and bad crypto. No claim to completeness.
authorPeter Palfrader <peter@palfrader.org>
Sat, 3 Jan 2015 12:30:36 +0000 (13:30 +0100)
committerPeter Palfrader <peter@palfrader.org>
Sat, 3 Jan 2015 12:31:10 +0000 (13:31 +0100)
commitb33011c65aeb65e4b06b127077d6a225f764d042
treea098011dedc743fcf70b30e524a12f1e7b7314bftree | snapshot
parentb0f8e57cce2bf0ab7a693ffac1ab1cc62f59b13ccommit | diff
Various fixes for XSS and bad crypto.  No claim to completeness.

* Fix a XSS reported in
  https://trac.torproject.org/projects/tor/ticket/14037
* Fix horrible use of crypto primitives.
* Add HMAC authentication to authtoken.
* Verify that the uid passed as a get parameters matches the
  one stored in authtoken.
Util.pm diff | blob | history
debian/changelog diff | blob | history
login.cgi diff | blob | history
logout.cgi diff | blob | history
search.cgi diff | blob | history
update.cgi diff | blob | history
Mirror of Debian's userdir-ldap-cgi repository