1. 04 Feb, 2015 1 commit
  2. 27 Dec, 2014 1 commit
  3. 13 Dec, 2014 1 commit
  4. 29 Jul, 2014 1 commit
  5. 25 Jul, 2014 1 commit
  6. 15 Jul, 2014 1 commit
  7. 27 Aug, 2013 1 commit
  8. 22 Aug, 2013 1 commit
  9. 24 Apr, 2013 1 commit
  10. 19 Mar, 2013 1 commit
  11. 10 Feb, 2013 3 commits
  12. 30 Jan, 2013 1 commit
  13. 29 Nov, 2012 1 commit
    • canyonknight's avatar
      Fix account editing and hijacking vulnerability · 87fe4701
      canyonknight authored
      
      
      Checks are in place to avoid users getting account editing forms
      they shouldn't have access to. The appropriate checks before
      editing the account in the backend are not in place.
      
      This vulnerability allows a user to craft malicious POST data to
      edit other user accounts, thereby allowing account hijacking.
      
      Add a new flexible function can_edit_account() to determine if
      a user has appropriate permissions. Run the permission check before
      processing any account information in the backend.
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      87fe4701
  14. 17 Sep, 2012 1 commit
  15. 06 Jul, 2012 4 commits
  16. 24 Jun, 2012 1 commit
    • canyonknight's avatar
      Implement token system to fix CSRF vulnerabilities · 2c93f0a9
      canyonknight authored
      
      
      Specially crafted pages can force authenticated users to unknowingly perform
      actions on the AUR website despite being on an attacker's website. This
      cross-site request forgery (CSRF) vulnerability applies to all POST data on
      the AUR.
      
      Implement a token system using a double submit cookie. Have a hidden form
      value on every page containing POST forms. Use the newly added check_token() to
      verify the token sent via POST matches the "AURSID" cookie value. Random
      nature of the token limits potential for CSRF.
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      2c93f0a9
  17. 24 Mar, 2012 2 commits
  18. 25 Oct, 2011 1 commit
    • Lukas Fleischer's avatar
      Wrap mysql_real_escape_string() in a function · 10b6a8ff
      Lukas Fleischer authored
      
      
      Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
      to ease porting to other databases, and as another step to pulling more
      of the database code into a central location.
      
      This is a rebased version of a patch by elij submitted about half a year
      ago.
      
      Thanks-to: elij <elij.mx@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      
      Conflicts:
      
      	web/lib/aur.inc.php
      10b6a8ff
  19. 24 Oct, 2011 2 commits
  20. 22 Jun, 2011 1 commit
  21. 13 Apr, 2011 1 commit
  22. 04 Mar, 2011 1 commit
  23. 11 Aug, 2009 1 commit
  24. 19 Jan, 2009 1 commit
  25. 21 Dec, 2008 1 commit
  26. 17 Jun, 2008 1 commit
  27. 23 Mar, 2008 1 commit
  28. 20 Jan, 2008 1 commit
  29. 02 Oct, 2007 1 commit
  30. 24 Sep, 2007 1 commit
  31. 20 Sep, 2007 2 commits
  32. 16 Aug, 2007 1 commit