GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
gnu-social/classes
History
Joshua Wise 89ba820246 Escape argument to prevent SQL injection attack in 
User::getTaggedSubscriptions()

This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.
2013-07-16 10:47:29 -07:00
..
Avatar.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Config.php
Quietly skip trying to load config if there's an error in DB
2011-09-08 12:01:06 -04:00
Confirm_address.php
Remove sequenceKey() since we now use Managed_DataObject
2011-08-22 18:05:37 -04:00
Consumer.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Conversation.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Deleted_notice.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Fave.php
Throw an exception converting fave to activity for non-existent notice or profile
2013-05-24 09:26:58 -04:00
File_oembed.php
Remove sequenceKey() since we now use Managed_DataObject
2011-08-22 18:05:37 -04:00
File_redirection.php
move core schema to class files
2011-08-22 17:52:02 -04:00
File_thumbnail.php
Remove unique key on file_thumbnail.url
2011-09-28 15:48:20 -04:00
File_to_post.php
move core schema to class files
2011-08-22 17:52:02 -04:00
File.php
Crazy gettext way to support two plurals in one string.
2011-12-28 12:44:42 +01:00
Foreign_link.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Foreign_service.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Foreign_subscription.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Foreign_user.php
Facebook bridge back in business with new JS-SDK and OAuth 2.0 flow.
2011-09-27 04:09:47 +00:00
Group_alias.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Group_block.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Group_inbox.php
Squashed commit of the following:
2011-10-20 12:50:39 -04:00
Group_join_queue.php
fix regression in group join approval due to refactoring (forgot to remove a param)
2011-03-29 16:18:51 -07:00
Group_member.php
Squashed commit of the following:
2011-10-20 12:50:39 -04:00
Inbox.php
Remove sequenceKey() since we now use Managed_DataObject
2011-08-22 18:05:37 -04:00
Invitation.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Local_group.php
Potential SQL injection in Local_group::setNickname()
2013-07-16 10:11:26 -07:00
Location_namespace.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Login_token.php
Remove sequenceKey() since we now use Managed_DataObject
2011-08-22 18:05:37 -04:00
Managed_DataObject.php
Further fixes to Managed_DataObject::_allCacheKeys(): now uses self::multicacheKey() to generate the (possibly compound) keys, which makes it match the order of the keys used when calling pkeyGet().
2011-09-29 15:21:52 -07:00
Memcached_DataObject.php
Update translator documentation and i18n.
2011-08-30 11:43:27 +02:00
Message.php
Bad variable in Message::asActivity()
2013-06-08 21:04:51 -04:00
Nonce.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Notice_inbox.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Notice_source.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Notice_tag.php
Squashed commit of the following:
2011-10-20 12:50:39 -04:00
Notice.php
Better ID for notice activity
2013-06-15 12:07:34 -04:00
Oauth_application_user.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Oauth_application.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Oauth_token_association.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Old_school_prefs.php
New table for all old-school UI prefs
2011-09-24 07:12:34 -04:00
Profile_block.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Profile_list.php
Merge commit 'refs/merge-requests/158' of git://gitorious.org/statusnet/mainline into merge-requests/158
2011-09-26 17:11:49 -04:00
Profile_role.php
Squashed commit of the following:
2011-10-20 12:50:39 -04:00
Profile_tag_subscription.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Profile_tag.php
Escape query parameters in Profile_tag::getTagged()
2013-07-16 10:35:44 -07:00
Profile.php
Escape $tag passed to Profile::getTaggedSubscribers()
2013-07-16 10:14:38 -07:00
Queue_item.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Related_group.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Remember_me.php
Remove sequenceKey() since we now use Managed_DataObject
2011-08-22 18:05:37 -04:00
Remote_profile.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Reply.php
Squashed commit of the following:
2011-10-20 12:50:39 -04:00
Safe_DataObject.php
* i18n/L10n and translator documentation updates.
2010-09-28 23:42:18 +02:00
Schema_version.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Session.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Sms_carrier.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Status_network_tag.php
hide errors when deleting cached status_network_tag keys
2011-06-10 18:57:17 -04:00
status_network.ini
oops. really embarassing typo (that explains some weird behaviour)
2010-07-29 16:32:41 -04:00
Status_network.php
Better handling for combined memcache identifiers
2011-06-10 19:13:33 -04:00
Subscription_queue.php
Durr... got items in wrong order :D Fixed email notification for pending subscribes
2011-03-28 17:22:37 -07:00
Subscription.php
Merge branch '1.0.x' into activity
2011-08-22 18:13:02 -04:00
Token.php
move core schema to class files
2011-08-22 17:52:02 -04:00
Unavailable_status_network.php
Class to store unavailable status network names
2011-04-28 15:29:13 -07:00
User_group.php
move pending queue to sidebar
2011-08-27 16:05:58 -04:00
User_im_prefs.php
Fix for caching with compound keys: add Managed_DataObject::_allCacheKeys() to override the one in Memcached_DataObject.
2011-09-28 18:32:43 -07:00
User_location_prefs.php
move core schema to class files
2011-08-22 17:52:02 -04:00
User_urlshortener_prefs.php
move core schema to class files
2011-08-22 17:52:02 -04:00
User_username.php
move core schema to class files
2011-08-22 17:52:02 -04:00
User.php
Escape argument to prevent SQL injection attack in
2013-07-16 10:47:29 -07:00