tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-26 14:39:25 +02:00
Code Issues Projects Releases Wiki Activity
569237c0f4
silverstripe-framework/src/Control
History
Serge Latyntcev 569237c0f4 [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:00:51 +12:00
..
Email FIX email rendering should not include requirements 2018-08-23 14:01:27 +12:00
Middleware Merge pull request #8280 from open-sausages/pulls/4/simpler-vary-header 2018-07-24 01:45:07 +01:00
RSS Improve handling of deprecated apis 2018-06-14 13:01:27 +12:00
CliController.php API Remove Object class 2017-05-23 13:50:35 +12:00
CLIRequestBuilder.php Merge branch '4.0' into 4.1 2018-09-06 13:26:13 +02:00
ContentNegotiator.php Reset test state for modified config options 2017-09-28 17:24:32 +13:00
Controller.php Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00
Cookie_Backend.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
Cookie.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
CookieJar.php API Upgrade code to use updated config 2017-02-27 16:54:01 +13:00
Director.php Merge pull request #8280 from open-sausages/pulls/4/simpler-vary-header 2018-07-24 01:45:07 +01:00
HasRequestHandler.php API Refactor Form request handling into FormRequestHandler 2017-03-10 15:04:33 +13:00
HTTP.php Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00
HTTPApplication.php [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:33:24 +13:00
HTTPRequest.php Remove "url" query param reliance, use index.php 2017-10-09 17:21:43 +13:00
HTTPRequestBuilder.php Merge branch '4.0' into 4 2018-01-12 14:40:33 +00:00
HTTPResponse_Exception.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
HTTPResponse.php BUG Prevent error on valid response status codes 2018-09-21 14:54:26 +12:00
HTTPStreamResponse.php API Add streamable response object 2017-05-23 16:32:29 +12:00
IPUtils.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
NestedController.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
NullHTTPRequest.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PjaxResponseNegotiator.php FIX text/json is not a valid mimetype 2018-08-15 12:10:39 +01:00
RequestFilter.php Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00
RequestHandler.php Merge branch '4.2' into 4.3 2019-03-06 11:04:14 +00:00
RequestProcessor.php Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00
Session.php [CVE-2019-12203] Session fixation in "change password" form 2019-09-24 16:00:51 +12:00
SimpleResourceURLGenerator.php Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00