Skip to content
Snippets Groups Projects
  1. Oct 24, 2015
  2. Jun 27, 2015
  3. Jun 15, 2015
  4. Jun 14, 2015
  5. Jun 11, 2015
  6. Jun 09, 2015
  7. Jul 15, 2014
  8. Jul 04, 2014
  9. Apr 05, 2014
  10. Oct 14, 2012
  11. Oct 04, 2012
  12. Sep 24, 2012
  13. Sep 19, 2012
  14. Jul 15, 2012
  15. Jul 06, 2012
  16. Jun 24, 2012
    • canyonknight's avatar
      Implement token system to fix CSRF vulnerabilities · 2c93f0a9
      canyonknight authored
      
      Specially crafted pages can force authenticated users to unknowingly perform
      actions on the AUR website despite being on an attacker's website. This
      cross-site request forgery (CSRF) vulnerability applies to all POST data on
      the AUR.
      
      Implement a token system using a double submit cookie. Have a hidden form
      value on every page containing POST forms. Use the newly added check_token() to
      verify the token sent via POST matches the "AURSID" cookie value. Random
      nature of the token limits potential for CSRF.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      2c93f0a9
  17. Oct 24, 2011
  18. Aug 11, 2011
  19. Mar 11, 2011
  20. Mar 10, 2011
  21. Feb 18, 2011
  22. Feb 17, 2011
  23. Feb 01, 2011
  24. Jan 20, 2011
  25. Nov 10, 2010
  26. Oct 03, 2010
  27. Jul 02, 2010
  28. Jun 04, 2010
  29. Nov 24, 2009
  30. Oct 26, 2009
  31. Mar 03, 2009
Loading