Elliot Sawyer 205754854c Sanitise domain name field to prevent XSS attack on the CMS ... PWC identified an issue with the subsites module that would allow someone with authenticated access to attack other CMS users, such as "stealing the session ID and hijacking an authenticated user's session". I can't imagine a case where HTML would ever be allowed in the subdomain of a website, so it's a good practice to strip it out anyway. Steps to reproduce the original issue: 1. Enter a subsite name and mark as the default site. 2. Add a new domain named <script>alert(2)</script> and mark it as primary 3. Switch to the new subsite. 4. Make a new Page. This will execute a javascript alert containing "2". MINOR update documentation for onBeforeWrite() MINOR add @property attributes into docblock		2014-07-16 15:43:05 +12:00
..
Subsite.php	BUG Fixes to link rewriting when previewing subsites.	2014-04-02 13:39:01 +13:00
SubsiteDomain.php	Sanitise domain name field to prevent XSS attack on the CMS	2014-07-16 15:43:05 +12:00