Show
Ignore:
Timestamp:
05/05/09 10:41:26 (3 years ago)
Author:
p_lindheimer
Message:

Merged revisions 7592-7613,7615,7617-7624,7626-7627,7630-7640 via svnmerge from
http://svn.freepbx.org/freepbx/branches/2.5

........

r7592 | p_lindheimer | 2009-04-27 13:34:43 -0700 (Mon, 27 Apr 2009) | 1 line


make sure the requested report display is included in the menu items list, otherwise bogus values can be injected

........

r7593 | p_lindheimer | 2009-04-27 13:54:36 -0700 (Mon, 27 Apr 2009) | 1 line


make sure no bogus characters or scripts are injected in a get with the POST/GET variables that reporting uses

........

r7594 | p_lindheimer | 2009-04-27 15:23:37 -0700 (Mon, 27 Apr 2009) | 1 line


run extdisplay and all the derivatives through htmlspecialchars since many pages echo it in the display, this keeps any bogus characters that could create issues from being injected if a url is manually be typed in

........

r7595 | p_lindheimer | 2009-04-27 15:25:25 -0700 (Mon, 27 Apr 2009) | 1 line


filter the search parameters (and sort) to keep bogus entries from creating problems when redisplayed or links generated

........

r7597 | p_lindheimer | 2009-04-29 16:35:39 -0700 (Wed, 29 Apr 2009) | 1 line


add security check when action verb is set to protect against CSRF attacks, but can be disabled with CHECREFERER=false in amportal.conf

........

r7638 | p_lindheimer | 2009-05-05 07:40:01 -0700 (Tue, 05 May 2009) | 1 line


add ENT_QUOTES to htmlspecialchars

........

r7640 | p_lindheimer | 2009-05-05 08:05:00 -0700 (Tue, 05 May 2009) | 1 line


add ENT_QUOTES to htmlspecialchars filtering

........

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • freepbx/branches/2.4

    • Property svnmerge-integrated changed from /freepbx/branches/2.3:1-4129,4131,4133-4134,4136-4995,5088,5135,5140,5194 /freepbx/branches/2.5:1-6424,6563,6764,7544 /freepbx/trunk:1-5453,5736,5739,5748,5750,5758,5760,5765,5771,5773,5779,5782,5819,5827,5836,5838,5965,5974,6045,6056,6144,6215,6220,6226,6321-6322,6369 to /freepbx/branches/2.3:1-4129,4131,4133-4134,4136-4995,5088,5135,5140,5194 /freepbx/branches/2.5:1-6424,6563,6764,7544,7592-7613,7615,7617-7624,7626-7627,7630-7640 /freepbx/trunk:1-5453,5736,5739,5748,5750,5758,5760,5765,5771,5773,5779,5782,5819,5827,5836,5838,5965,5974,6045,6056,6144,6215,6220,6226,6321-6322,6369

  • freepbx/branches/2.4/amportal.conf

    r5820 r7642  
    146146# SERVERINTITLE if set to true, the browser title will be preceded with the server name. default false 
    147147SERVERINTITLE=false 
     148 
     149# CHECKREFERER=true|false 
     150# DEFAULT VALUE: true 
     151# When set to the default value of true, all requests into FreePBX that might possibly add/edit/delete settings will 
     152# be validated to assure the request is coming from the server. This will protect the system from CSRF (cross site  
     153# request forgery) attacks. It will have the effect of preventing legitimately entering URLs that could modify 
     154# settings which can be allowed by changing this field to false 
     155#