Homec4science
Diffusion invenio-infoscience 013a9c4cdc5a

WebSession: escape invalid login form parameters
013a9c4cdc5a
Actions

Authored by Tibor Simko <tibor.simko@cern.ch> on Apr 29 2009, 18:58.

Description

WebSession: escape invalid login form parameters

  • Escape login form parameters in many places in order to avoid XSS.
  • Plugged a simple version of login_method washer.
  • Escaped some action names and values in warning messages.

Details

Committed
Tibor Simko <tibor.simko@cern.ch>Apr 29 2009, 18:58
Parents
R3600:3247a02eb2e0: BibUpload: improve --correct documentation
Branches
Unknown
Tags
Unknown

Event Timeline

Tibor Simko <tibor.simko@cern.ch> committed R3600:013a9c4cdc5a: WebSession: escape invalid login form parameters (authored by Tibor Simko <tibor.simko@cern.ch>).Apr 29 2009, 18:58

Changes (3)

Path
Mmodules/webaccess/lib/access_control_engine.py
Mmodules/websession/lib/websession_webinterface.py
Mmodules/websession/lib/webuser.py

R3600:013a9c4cdc5a

View Options

modules/webaccess/lib/access_control_engine.py

Loading...
View Options

modules/websession/lib/websession_webinterface.py

Loading...
View Options

modules/websession/lib/webuser.py

Loading...
c4science ยท Help