nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,654 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

8 Commits

Author SHA1 Message Date
Florian Schlichting
2ab18d802e turn cherry-picked commits into a quilt patch and prepare security upload 2019-12-13 07:34:35 +08:00
nielsvangijzen
c7eca6dd4a Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-12-12 00:53:56 +08:00
Florian Schlichting
bf733fca8e let admin.php without parameters redirect to index.php, and document restrict_setup_to_admin setting (fixes #55) 2016-01-01 21:55:32 +01:00
Andrew McMillan
b50b2d82ea Force output buffers to be flushed, if they're turned on. 
If output buffering is turned on, PHP can be a bit slack about sending
the data to the client before closing the connection with exit(). These
changes ensure we call ob_flush() before we leave.  We call @ob_flush()
so we don't get noisy warnings when output buffering is off...
 2011-11-02 18:43:10 +13:00
Andrew McMillan
f0964f7583 Move always.php into the webroot for easier setup. 
Also add some 'search for the AWL includes' code into it for
even more easier setup.
 2010-03-23 21:52:00 +13:00
Andrew McMillan
e5aaa69493 Include the browse javascript for row linking. 2010-02-12 15:50:16 -08:00
Andrew McMillan
caf90b4241 We don't need to reference a $action . '.js' file. 2010-01-11 22:05:05 +13:00
Andrew McMillan
62e43e1be3 Rename davical.php to admin.php which is more appropriate. 2009-12-04 22:57:03 +13:00