1. 07 Nov, 2017 1 commit
  2. 08 Feb, 2017 1 commit
  3. 03 Feb, 2017 2 commits
  4. 23 Jul, 2016 1 commit
  5. 24 Oct, 2015 1 commit
  6. 27 Jun, 2015 2 commits
  7. 15 Jun, 2015 2 commits
  8. 14 Jun, 2015 1 commit
  9. 11 Jun, 2015 1 commit
  10. 09 Jun, 2015 2 commits
  11. 15 Jul, 2014 1 commit
  12. 04 Jul, 2014 1 commit
  13. 05 Apr, 2014 2 commits
  14. 14 Oct, 2012 2 commits
  15. 04 Oct, 2012 1 commit
  16. 24 Sep, 2012 1 commit
  17. 19 Sep, 2012 1 commit
  18. 15 Jul, 2012 2 commits
  19. 06 Jul, 2012 3 commits
  20. 24 Jun, 2012 1 commit
    • canyonknight's avatar
      Implement token system to fix CSRF vulnerabilities · 2c93f0a9
      canyonknight authored
      
      
      Specially crafted pages can force authenticated users to unknowingly perform
      actions on the AUR website despite being on an attacker's website. This
      cross-site request forgery (CSRF) vulnerability applies to all POST data on
      the AUR.
      
      Implement a token system using a double submit cookie. Have a hidden form
      value on every page containing POST forms. Use the newly added check_token() to
      verify the token sent via POST matches the "AURSID" cookie value. Random
      nature of the token limits potential for CSRF.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      2c93f0a9
  21. 24 Oct, 2011 1 commit
  22. 11 Aug, 2011 1 commit
  23. 11 Mar, 2011 2 commits
  24. 10 Mar, 2011 1 commit
  25. 18 Feb, 2011 1 commit
  26. 17 Feb, 2011 1 commit
  27. 01 Feb, 2011 1 commit
  28. 20 Jan, 2011 1 commit
  29. 10 Nov, 2010 1 commit
  30. 03 Oct, 2010 1 commit