1. 04 Feb, 2015 1 commit
  2. 15 Jul, 2014 1 commit
  3. 22 Aug, 2013 1 commit
  4. 24 Sep, 2012 2 commits
  5. 15 Jul, 2012 1 commit
  6. 06 Jul, 2012 4 commits
  7. 24 Jun, 2012 1 commit
    • canyonknight's avatar
      Implement token system to fix CSRF vulnerabilities · 2c93f0a9
      canyonknight authored
      
      
      Specially crafted pages can force authenticated users to unknowingly perform
      actions on the AUR website despite being on an attacker's website. This
      cross-site request forgery (CSRF) vulnerability applies to all POST data on
      the AUR.
      
      Implement a token system using a double submit cookie. Have a hidden form
      value on every page containing POST forms. Use the newly added check_token() to
      verify the token sent via POST matches the "AURSID" cookie value. Random
      nature of the token limits potential for CSRF.
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      2c93f0a9
  8. 25 Oct, 2011 1 commit
    • Lukas Fleischer's avatar
      Wrap mysql_real_escape_string() in a function · 10b6a8ff
      Lukas Fleischer authored
      
      
      Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
      to ease porting to other databases, and as another step to pulling more
      of the database code into a central location.
      
      This is a rebased version of a patch by elij submitted about half a year
      ago.
      
      Thanks-to: elij <elij.mx@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      
      Conflicts:
      
      	web/lib/aur.inc.php
      10b6a8ff
  9. 24 Oct, 2011 1 commit
  10. 22 Jun, 2011 1 commit
  11. 17 May, 2011 1 commit
  12. 11 Mar, 2011 1 commit
  13. 24 Nov, 2009 1 commit
  14. 11 Aug, 2009 1 commit
  15. 18 Jun, 2009 1 commit
  16. 19 Jan, 2009 1 commit
  17. 22 Dec, 2008 1 commit
  18. 21 Dec, 2008 1 commit
  19. 10 Nov, 2008 1 commit
    • Loui Chang's avatar
      Tweak TU interface for appearance. · 21840941
      Loui Chang authored
      
      
      Show ten votes per page instead of five.
      Change the vote preview to 75 characters so entries fit better
      in the table.
      Remove [More] links and make the description itself a link.
      Clean up a couple notices.
      Send unauthorised users to index.php.
      Signed-off-by: default avatarLoui Chang <louipc.ist@gmail.com>
      21840941
  20. 10 Oct, 2008 1 commit
  21. 17 Jun, 2008 1 commit
  22. 20 Jan, 2008 2 commits