tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-26 14:39:25 +02:00
Code Issues Projects Releases Wiki Activity
eccfa9b10d
silverstripe-framework/src/Control
History
Serge Latyntcev eccfa9b10d [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:03:48 +12:00
..
Email FIX: Email::render() generating object instead of string for plaintext part (fixes #9069) 2019-06-14 11:39:47 +01:00
Middleware FIX Skip md5-ing the whole contents of a stream for etags 2019-07-30 08:25:03 +12:00
RSS Improve handling of deprecated apis 2018-06-14 13:01:27 +12:00
CliController.php API Remove Object class 2017-05-23 13:50:35 +12:00
CLIRequestBuilder.php Merge branch '4.0' into 4.1 2018-09-06 13:26:13 +02:00
ContentNegotiator.php Reset test state for modified config options 2017-09-28 17:24:32 +13:00
Controller.php Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00
Cookie_Backend.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
Cookie.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
CookieJar.php API Upgrade code to use updated config 2017-02-27 16:54:01 +13:00
Director.php Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
HasRequestHandler.php API Refactor Form request handling into FormRequestHandler 2017-03-10 15:04:33 +13:00
HTTP.php Include baseURL with relative setGetVar() links (#8834) 2019-04-15 14:50:46 +12:00
HTTPApplication.php [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
HTTPRequest.php Remove "url" query param reliance, use index.php 2017-10-09 17:21:43 +13:00
HTTPRequestBuilder.php Merge branch '4.0' into 4 2018-01-12 14:40:33 +00:00
HTTPResponse_Exception.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
HTTPResponse.php BUG Prevent error on valid response status codes 2018-09-21 14:54:26 +12:00
HTTPStreamResponse.php API Add streamable response object 2017-05-23 16:32:29 +12:00
IPUtils.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
NestedController.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
NullHTTPRequest.php PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
PjaxResponseNegotiator.php FIX Replace usage of Convert JSON methods with json_encode 2018-10-28 21:15:29 +00:00
RequestFilter.php Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00
RequestHandler.php Merge branch '4.2' into 4.3 2019-03-06 11:04:14 +00:00
RequestProcessor.php Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00
Session.php [CVE-2019-12203] Session fixation in "change password" form 2019-09-24 16:03:48 +12:00
SimpleResourceURLGenerator.php NEW Make resources dir configurable (#8519) 2019-01-09 15:35:45 +13:00