[commits] Horde branch FRAMEWORK_4 updated. 314bfcb1e9e695a9c8223f656d3cfd03e1bd9191
Michael M Slusarz
slusarz at horde.org
Mon Oct 29 21:44:14 UTC 2012
The branch "FRAMEWORK_4" has been updated.
The following is a summary of the commits.
from: 2e653de694a3491a613ca65c7355da0ac05a1733
314bfcb [mms] SECURITY: Fix obscure XSS issue if uploading a file in dynamic view from the browser's local filesystem that has a filename that contains HTML.
-----------------------------------------------------------------------
commit 314bfcb1e9e695a9c8223f656d3cfd03e1bd9191
Author: Michael M Slusarz <slusarz at horde.org>
Date: Mon Oct 29 15:38:00 2012 -0600
[mms] SECURITY: Fix obscure XSS issue if uploading a file in dynamic view from the browser's local filesystem that has a filename that contains HTML.
This attack requires a filesystem that supports angled brackets in
filenames (Windows does NOT; Linux does). Essentially, a user has to
upload a malicious filename that they created on their own filesystem.
imp/docs/CHANGES | 2 ++
imp/js/compose-dimp.js | 2 +-
imp/package.xml | 2 ++
3 files changed, 5 insertions(+), 1 deletions(-)
http://git.horde.org/horde-git/-/commit/314bfcb1e9e695a9c8223f656d3cfd03e1bd9191
More information about the commits
mailing list