1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-14 19:07:39 +01:00
vichan/inc/mod
8chan 7a7574bdca SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']

Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.

Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
..
auth.php those parts are extraneous 2016-05-05 11:45:29 +02:00
ban.php Begin upgrade to much better bans table. DO NOT PULL YET; It won't work. 2013-09-17 09:15:24 +10:00
config-editor.php Begin upgrade to much better bans table. DO NOT PULL YET; It won't work. 2013-09-17 09:15:24 +10:00
pages.php SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard> 2016-05-06 12:43:25 +02:00