davical

nik/davical

Fork 0

mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-19 01:34:26 +00:00

Commit Graph

Author	SHA1	Message	Date
Andrew Ruthven	3bf44378fa	Fix checking if the session is active The phpversion check was backwards. For PHP >= 5.4.0 we should be using session_status() === PHP_SESSION_ACTIVE not < 5.4.0. But in fact, we only support >= 5.4.0, so this check is now redundant.	2024-01-20 02:21:40 +00:00
nielsvangijzen	1a917b30eb	Addressed comments made by @puck42	2019-11-29 09:58:46 +01:00
nielsvangijzen	86a8ec5302	Added CSRF to the application (took in account backwards compatibility) Mitigated the XSS vulnerabilities reported by HackDefense Advisories for said vulnerabilities can be found here: https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability	2019-10-28 11:55:11 +01:00

Author

SHA1

Message

Date

Andrew Ruthven

3bf44378fa

Fix checking if the session is active

The phpversion check was backwards. For PHP >= 5.4.0 we should be
using session_status() === PHP_SESSION_ACTIVE not < 5.4.0.

But in fact, we only support >= 5.4.0, so this check is now redundant.

2024-01-20 02:21:40 +00:00

nielsvangijzen

1a917b30eb

Addressed comments made by @puck42

2019-11-29 09:58:46 +01:00

nielsvangijzen

86a8ec5302

Added CSRF to the application (took in account backwards compatibility)

Mitigated the XSS vulnerabilities reported by HackDefense
Advisories for said vulnerabilities can be found here:
https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability

2019-10-28 11:55:11 +01:00

3 Commits