silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00

Go to file

Serge Latyntcev ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes

Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.

2020-02-17 09:58:29 +13:00

_config

Merge branch '4.3' into 4.4

2019-06-10 17:32:07 +12:00

.github

Fix the GitHub issue template

2018-10-29 15:49:05 +13:00

.tx

remove js transifex

2017-04-28 14:59:42 +12:00

client

NEW add web accessible colours to web view dev/build

2017-07-18 22:00:35 +12:00

docs

[CVE-2019-19325] XSS through non-scalar FormField attributes

2020-02-17 09:58:29 +13:00

lang

Update translations

2019-09-24 17:26:37 +12:00

src

[CVE-2019-19325] XSS through non-scalar FormField attributes

2020-02-17 09:58:29 +13:00

templates

FIX: Show RightTitle on CheckboxField

2019-04-04 15:50:19 +13:00

tests

[CVE-2019-19325] XSS through non-scalar FormField attributes

2020-02-17 09:58:29 +13:00

thirdparty

Fix missing braces

2018-06-01 10:14:42 +12:00

_config.php

Bump deprecation to 4.0 in preparation for rc and stable tags

2017-08-29 15:02:36 +12:00

_register_database.php

Setting default db adapter in installation as PDO MySQL with MySQLi as fail safe.

2016-11-02 19:51:13 +13:00

.codecov.yml

Turn off codecov commenting on PRs

2016-10-12 16:31:22 +01:00

.editorconfig

Update composer.json

2017-10-12 11:53:12 +13:00

.gitattributes

FIX Amend rules to ignore test files only

2017-12-20 11:13:07 +13:00

.gitignore

Ignore assets dir that can be created on dev/build

2018-09-29 22:52:08 +01:00

.scrutinizer.yml

Merge branch '4.0' into 4

2017-12-05 12:14:22 +00:00

.travis.yml

Merge branch '4.3' into 4

2019-01-08 12:27:48 +01:00

.upgrade.yml

Add missing upgrade rules for Email class

2019-08-29 09:10:03 +12:00

behat.yml

add behat.yml back, pathed to admin

2019-02-01 15:56:29 +13:00

cli-script.php

API Refactor bootstrap, request handling

2017-06-22 22:50:45 +12:00

composer.json

NEW Clearer file migration output with colours

2019-06-05 11:41:06 +12:00

CONTRIBUTING.md

Add copyright note to contributing.md

2016-05-30 14:32:19 +12:00

LICENSE

Create licence file so that GitHub (and humans) can more easily find it

2018-02-12 11:21:03 +00:00

phpcs.xml.dist

CS Force spaces around string concat operators

2018-01-16 18:39:24 +00:00

phpunit.xml.dist

Actually run CMS tests

2018-02-08 10:32:56 +00:00

README.md

Update README to fix issue reporting guidelines link

2019-01-07 13:06:59 +13:00

sake

BUG Ensure sake works when called from any directory

2017-10-17 13:52:39 +13:00

silverstripe_version

API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path

2012-02-01 18:42:21 +01:00

SUPPORT.md

Support file grammer improvements

2018-03-27 11:49:04 +01:00

README.md

SilverStripe Framework

PHP framework forming the base for the SilverStripe CMS (https://silverstripe.org). Requires a silverstripe-installer base project. Typically used alongside the cms module.

Installation

See installation on different platforms, and installation from source.

Bugtracker

Bugs are tracked on github.com. Please read our issue reporting guidelines.

Development and Contribution

If you would like to make changes to the SilverStripe core codebase, we have an extensive guide to contributing code.

README.md

SilverStripe Framework

Installation

Bugtracker

Development and Contribution

Links

Attribution