silverstripe-framework/security
Ingo Schommer 1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
..
Authenticator.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
BasicAuth.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
ChangePasswordForm.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
Group.php FIX Privilege escalation through Group hierarchy setting (SS-2013-003) 2013-09-12 15:42:42 +02:00
GroupCsvBulkLoader.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
LoginAttempt.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
LoginForm.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
Member.php Fixed line lengths 2013-02-18 14:41:49 +01:00
MemberAuthenticator.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
MemberCsvBulkLoader.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
MemberLoginForm.php FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 16:59:34 +12:00
MemberPassword.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
PasswordEncryptor.php API Hash autologin tokens before storing in the database. 2012-11-09 11:29:42 +01:00
PasswordValidator.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
Permission.php FIX Privilege escalation through Group hierarchy setting (SS-2013-003) 2013-09-12 15:42:42 +02:00
PermissionCheckboxSetField.php FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005) 2013-09-12 15:42:43 +02:00
PermissionFailureException.php API CHANGE: Add a PermissionFailureException that can be thrown to trigger a log-in. 2013-01-29 18:10:42 +01:00
PermissionProvider.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
PermissionRole.php FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005) 2013-09-12 15:42:43 +02:00
PermissionRoleCode.php FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005) 2013-09-12 15:42:43 +02:00
RandomGenerator.php API Hash autologin tokens before storing in the database. 2012-11-09 11:29:42 +01:00
Security.php Fixed whitespace usage 2013-02-18 15:43:52 +01:00
SecurityToken.php API Hash autologin tokens before storing in the database. 2012-11-09 11:29:42 +01:00