This project is mirrored from https://:*****@gitlab.archlinux.org/archlinux/aurweb.git. Pull mirroring updated .
  1. 18 Sep, 2012 2 commits
  2. 24 Jun, 2012 1 commit
    • canyonknight's avatar
      Implement token system to fix CSRF vulnerabilities · 2c93f0a9
      canyonknight authored
      
      
      Specially crafted pages can force authenticated users to unknowingly perform
      actions on the AUR website despite being on an attacker's website. This
      cross-site request forgery (CSRF) vulnerability applies to all POST data on
      the AUR.
      
      Implement a token system using a double submit cookie. Have a hidden form
      value on every page containing POST forms. Use the newly added check_token() to
      verify the token sent via POST matches the "AURSID" cookie value. Random
      nature of the token limits potential for CSRF.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      2c93f0a9
  3. 06 May, 2012 1 commit
  4. 24 Mar, 2012 1 commit
  5. 11 Aug, 2011 2 commits
  6. 22 Jun, 2011 1 commit
  7. 04 Apr, 2011 1 commit
  8. 30 Mar, 2011 1 commit
  9. 10 Mar, 2011 1 commit
  10. 04 Mar, 2011 1 commit
  11. 01 Mar, 2011 1 commit
  12. 21 Nov, 2010 1 commit
  13. 02 Jul, 2010 1 commit
  14. 13 Mar, 2010 1 commit
  15. 12 Mar, 2010 1 commit
  16. 16 Dec, 2009 1 commit
  17. 15 Dec, 2009 1 commit
  18. 24 Nov, 2009 1 commit
  19. 11 Aug, 2009 1 commit
  20. 21 Feb, 2009 1 commit
  21. 19 Jan, 2009 1 commit
  22. 29 Dec, 2008 1 commit
  23. 21 Dec, 2008 1 commit
  24. 20 Dec, 2008 2 commits
  25. 23 Nov, 2008 1 commit
  26. 13 Nov, 2008 1 commit
  27. 30 Oct, 2008 1 commit
  28. 28 Oct, 2008 1 commit
  29. 17 Oct, 2008 1 commit
  30. 14 Oct, 2008 1 commit
  31. 17 Jun, 2008 1 commit
  32. 11 Jun, 2008 1 commit
  33. 05 Jun, 2008 1 commit
  34. 27 Mar, 2008 1 commit
  35. 23 Mar, 2008 2 commits
  36. 23 Jan, 2008 1 commit