[commits] Horde branch master updated. 6a6e5c71858d5f50cdad33005558857cc660b566

Michael M Slusarz slusarz at horde.org
Thu Mar 28 18:44:33 UTC 2013 

The branch "master" has been updated.
The following is a summary of the commits.

from: 0cc65e4212f65a223089cf995e8d80c937c765fa

2884204 [mms] SECURITY: Fix token validation of AJAX actions.
c71cb85 Fix XSS on SmartMobile portal
642f9c1 [mms] SECURITY: Fix XSS vulnerability on smartmobile portal page (João Machado <geral at jpaulo.eu>).
6a6e5c7 Better way of iterating through rulesets

-----------------------------------------------------------------------

commit 2884204d9b175d8729c1e662ba53cbeb9c03e7e6
Author: Michael M Slusarz <slusarz at horde.org>
Date:   Thu Mar 28 11:58:10 2013 -0600

    [mms] SECURITY: Fix token validation of AJAX actions.
    
    Mea culpa.  This commit broke things:
    
    commit 83dcfa1448ba2b142623839aee78a2160eb25cb0
    Author: Michael M Slusarz <slusarz at horde.org>
    Date:   Wed Oct 17 13:27:10 2012 -0600
    
        [mms] Allow AJAX handler methods to be marked externally accessible
        (i.e. no session token checking) (Bug #11538).
    
    This commit failed to extend the injector to pass the token argument to
    the AJAX Application handler.  Although we should always do this check,
    regardless of whether the token is empty anyway.

 framework/Core/lib/Horde/Core/Ajax/Application.php |    5 ++---
 framework/Core/lib/Horde/Core/Factory/Ajax.php     |    5 +++--
 framework/Core/package.xml                         |    2 ++
 3 files changed, 7 insertions(+), 5 deletions(-)

http://git.horde.org/horde-git/-/commit/2884204d9b175d8729c1e662ba53cbeb9c03e7e6

-----------------------------------------------------------------------

commit c71cb8590098ea4e1da4a183cc26fd5ac5d412c0
Author: João Machado <geral at jpaulo.eu>
Date:   Thu Mar 28 10:31:26 2013 +0000

    Fix XSS on SmartMobile portal
    
    Signed-off-by: Michael M Slusarz <slusarz at horde.org>

 horde/templates/portal/smartmobile.inc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/c71cb8590098ea4e1da4a183cc26fd5ac5d412c0

-----------------------------------------------------------------------

commit 642f9c1b80e5ae384fe7b817270b2af596bf8c7f
Author: Michael M Slusarz <slusarz at horde.org>
Date:   Thu Mar 28 12:02:01 2013 -0600

    [mms] SECURITY: Fix XSS vulnerability on smartmobile portal page (João Machado <geral at jpaulo.eu>).

 horde/docs/CHANGES |    2 ++
 horde/package.xml  |    2 ++
 2 files changed, 4 insertions(+), 0 deletions(-)

http://git.horde.org/horde-git/-/commit/642f9c1b80e5ae384fe7b817270b2af596bf8c7f

-----------------------------------------------------------------------

commit 6a6e5c71858d5f50cdad33005558857cc660b566
Author: Michael M Slusarz <slusarz at horde.org>
Date:   Thu Mar 28 12:39:34 2013 -0600

    Better way of iterating through rulesets

 framework/Core/lib/Horde/Themes/Css.php |   32 ++++++++++++++++--------------
 1 files changed, 17 insertions(+), 15 deletions(-)

http://git.horde.org/horde-git/-/commit/6a6e5c71858d5f50cdad33005558857cc660b566

More information about the commits mailing list