- fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions
Showing
- classes/backend.php 1 addition, 1 deletionclasses/backend.php
- classes/diskcache.php 2 additions, 4 deletionsclasses/diskcache.php
- classes/feeds.php 3 additions, 53 deletionsclasses/feeds.php
- classes/handler/public.php 1 addition, 1 deletionclasses/handler/public.php
- classes/pluginhost.php 1 addition, 1 deletionclasses/pluginhost.php
- classes/pref/feeds.php 1 addition, 1 deletionclasses/pref/feeds.php
- classes/rpc.php 1 addition, 1 deletionclasses/rpc.php
- include/functions.php 57 additions, 25 deletionsinclude/functions.php
- plugins/af_proxy_http/init.php 5 additions, 8 deletionsplugins/af_proxy_http/init.php
Loading
Please register or sign in to comment