Checkout
Philippe Lindheimer
committed
5 years and 3 months ago
Merged revisions 7552-7571,7573-7597 via svnmerge from
http://svn.freepbx.org/freepbx/branches/2.5

........
r7552 | mickecarlsson | 2009… Show more
Merged revisions 7552-7571,7573-7597 via svnmerge from

http://svn.freepbx.org/freepbx/branches/2.5

........

 r7552 | mickecarlsson | 2009-03-26 23:09:45 -0700 (Thu, 26 Mar 2009) | 1 line

 

 Added GPL license text to various files

........

 r7591 | p_lindheimer | 2009-04-27 12:09:11 -0700 (Mon, 27 Apr 2009) | 1 line

 

 fix error message so it is same wether username was correct or not

........

 r7592 | p_lindheimer | 2009-04-27 13:34:43 -0700 (Mon, 27 Apr 2009) | 1 line

 

 make sure the requested report display is included in the menu items list, otherwise bogus values can be injected

........

 r7593 | p_lindheimer | 2009-04-27 13:54:36 -0700 (Mon, 27 Apr 2009) | 1 line

 

 make sure no bogus characters or scripts are injected in a get with the POST/GET variables that reporting uses

........

 r7594 | p_lindheimer | 2009-04-27 15:23:37 -0700 (Mon, 27 Apr 2009) | 1 line

 

 run extdisplay and all the derivatives through htmlspecialchars since many pages echo it in the display, this keeps any bogus characters that could create issues from being injected if a url is manually be typed in

........

 r7595 | p_lindheimer | 2009-04-27 15:25:25 -0700 (Mon, 27 Apr 2009) | 1 line

 

 filter the search parameters (and sort) to keep bogus entries from creating problems when redisplayed or links generated

........

 r7597 | p_lindheimer | 2009-04-29 16:35:39 -0700 (Wed, 29 Apr 2009) | 1 line

 

 add security check when action verb is set to protect against CSRF attacks, but can be disabled with CHECREFERER=false in amportal.conf

........

Show less