nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,918 Commits 11 Branches 58 Tags 14 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
nielsvangijzen
86a8ec5302 Added CSRF to the application (took in account backwards compatibility) 
Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability
 2019-10-28 11:55:11 +01:00
Florian Schlichting
bf733fca8e let admin.php without parameters redirect to index.php, and document restrict_setup_to_admin setting (fixes #55) 2016-01-01 21:55:32 +01:00
Andrew McMillan
b50b2d82ea Force output buffers to be flushed, if they're turned on. 
If output buffering is turned on, PHP can be a bit slack about sending
the data to the client before closing the connection with exit(). These
changes ensure we call ob_flush() before we leave.  We call @ob_flush()
so we don't get noisy warnings when output buffering is off...
 2011-11-02 18:43:10 +13:00
Andrew McMillan
f0964f7583 Move always.php into the webroot for easier setup. 
Also add some 'search for the AWL includes' code into it for
even more easier setup.
 2010-03-23 21:52:00 +13:00
Andrew McMillan
e5aaa69493 Include the browse javascript for row linking. 2010-02-12 15:50:16 -08:00
Andrew McMillan
caf90b4241 We don't need to reference a $action . '.js' file. 2010-01-11 22:05:05 +13:00
Andrew McMillan
62e43e1be3 Rename davical.php to admin.php which is more appropriate. 2009-12-04 22:57:03 +13:00