1. 08 Aug, 2015 2 commits
  2. 27 Jun, 2015 2 commits
  3. 09 Jun, 2015 1 commit
  4. 31 May, 2015 1 commit
  5. 04 Feb, 2015 1 commit
  6. 27 Dec, 2014 1 commit
  7. 13 Dec, 2014 1 commit
  8. 29 Jul, 2014 1 commit
  9. 25 Jul, 2014 1 commit
  10. 15 Jul, 2014 1 commit
  11. 27 Aug, 2013 1 commit
  12. 22 Aug, 2013 1 commit
  13. 24 Apr, 2013 1 commit
  14. 19 Mar, 2013 1 commit
  15. 10 Feb, 2013 3 commits
  16. 30 Jan, 2013 1 commit
  17. 29 Nov, 2012 1 commit
    • canyonknight's avatar
      Fix account editing and hijacking vulnerability · 87fe4701
      canyonknight authored
      
      
      Checks are in place to avoid users getting account editing forms
      they shouldn't have access to. The appropriate checks before
      editing the account in the backend are not in place.
      
      This vulnerability allows a user to craft malicious POST data to
      edit other user accounts, thereby allowing account hijacking.
      
      Add a new flexible function can_edit_account() to determine if
      a user has appropriate permissions. Run the permission check before
      processing any account information in the backend.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      87fe4701
  18. 17 Sep, 2012 1 commit
  19. 06 Jul, 2012 4 commits
  20. 24 Jun, 2012 1 commit
    • canyonknight's avatar
      Implement token system to fix CSRF vulnerabilities · 2c93f0a9
      canyonknight authored
      
      
      Specially crafted pages can force authenticated users to unknowingly perform
      actions on the AUR website despite being on an attacker's website. This
      cross-site request forgery (CSRF) vulnerability applies to all POST data on
      the AUR.
      
      Implement a token system using a double submit cookie. Have a hidden form
      value on every page containing POST forms. Use the newly added check_token() to
      verify the token sent via POST matches the "AURSID" cookie value. Random
      nature of the token limits potential for CSRF.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      2c93f0a9
  21. 24 Mar, 2012 2 commits
  22. 25 Oct, 2011 1 commit
    • Lukas Fleischer's avatar
      Wrap mysql_real_escape_string() in a function · 10b6a8ff
      Lukas Fleischer authored
      
      
      Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
      to ease porting to other databases, and as another step to pulling more
      of the database code into a central location.
      
      This is a rebased version of a patch by elij submitted about half a year
      ago.
      
      Thanks-to: elij <elij.mx@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      
      Conflicts:
      
      	web/lib/aur.inc.php
      10b6a8ff
  23. 24 Oct, 2011 2 commits
  24. 22 Jun, 2011 1 commit
  25. 13 Apr, 2011 1 commit
  26. 04 Mar, 2011 1 commit
  27. 11 Aug, 2009 1 commit
  28. 19 Jan, 2009 1 commit
  29. 21 Dec, 2008 1 commit
  30. 17 Jun, 2008 1 commit
  31. 23 Mar, 2008 1 commit