[dev] cross site scripting bugs

Chuck Hagenbuch chuck@horde.org
Tue, 19 Mar 2002 13:43:01 -0500

Previous message: [dev] Re: [cvs] cvs commit: turba/lib ListView.php
Next message: [dev] Brazilian Portuguese Translation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Nuno Loureiro <nuno@eth.pt>:

> I'll comment some stuff I said previously that is not according to the
> patch I submitted and present a new patch that covers all bugs of this
> kind (I hope :>).

DO NOT apply this patch. It actually introduces a vulnerability in common-
footer.inc that wasn't there before. Also, all of the fixes that are in 
this patch were already in CVS, except for those in 
imp/templates/message/navbar_aux_top.inc, which are now in CVS. This is in 
both branches, HEAD and RELENG_3.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"A dream which helps you to live your reality with dignity
 and justice is a good dream." - Tariq Ramadan


>From accdias@sst.com.br Date: 19 Mar 2002 19:01:30 -0300
Return-Path: <accdias@sst.com.br>
Mailing-List: contact dev-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list dev@lists.horde.org
Received: (qmail 15990 invoked from network); 19 Mar 2002 22:00:52 -0000
Received: from a.mx.sst.com.br (qmailr@200.223.199.3)
  by clark.horde.org with SMTP; 19 Mar 2002 22:00:52 -0000
Received: (qmail 7520 invoked from network); 19 Mar 2002 22:00:39 -0000
Received: from storm.sst.com.br (none@200.223.199.5)
  by a.mx.sst.com.br with SMTP; 19 Mar 2002 22:00:39 -0000
From: Antonio Dias <accdias@sst.com.br>
To: dev@lists.horde.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution/1.0.2 
Date: 19 Mar 2002 19:01:30 -0300
Message-Id: <1016575290.413.24.camel@storm>
Mime-Version: 1.0
Subject: Brazilian Portuguese Translation

Hi,

I have uptaded brazilian portuguese translations for Horde, IMP,
Kronolith, NAG and Turba. The files are available at:

        <http://storm.sst.com.br/horde-2.1-pt_BR.po.bz2>
        <http://storm.sst.com.br/imp-3.1-pt_BR.po.bz2>
        <http://storm.sst.com.br/kronolith-1.0-pt_BR.po.bz2>
        <http://storm.sst.com.br/nag-1.0-pt_BR.po.bz2>
        <http://storm.sst.com.br/turba-1.1-pt_BR.po.bz2>

These translations are based on the CVS RELENG_* tree. All fuzzy
messages are update and all previous unstranslated messages are
translated now.

I still missing translations for some xml files but I will try to make
them available as soon as possible.

--
Antonio Dias

Previous message: [dev] Re: [cvs] cvs commit: turba/lib ListView.php
Next message: [dev] Brazilian Portuguese Translation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]