Commit message
Age
Author
Refs
r1831:87ca65d7
user-group-api: use simple schema validator to be consistent how we validate
user group names during creation between API and WEB.
Wed, 21 Jun 2017 11:28:12
r1830:d786fdd7
security: use safe escaped version of description for repo and repo group to potentially
prevent any XSS attacks on returned data.
Wed, 21 Jun 2017 10:23:46
r1829:ff4add41
audit-logs: implemented full audit logs across application.
- Fixes
#5321
- Api+web actions
- To be extended while we develop new features.
Wed, 21 Jun 2017 10:03:14
r1828:20cd932d
security: fix self-xss inside the email add functionality.
Tue, 20 Jun 2017 18:59:58
r1827:9e60361c
security: escape the returned paths of files and directories.
Nodes function is used for autocomplete in files view, it prevents from
XSS type of attack in file search.
Tue, 20 Jun 2017 18:02:24
r1826:76aa3640
security: use 404 instead of 403 in case missing permissions for comment deletion.
- prevents resource discovery
Tue, 20 Jun 2017 17:39:19
r1825:fcaa19d4
security: don't use literal in notifications.
- exposes security problems
- we don't store any html anyway in the subject
Tue, 20 Jun 2017 17:09:02
r1824:fdf0761c
audit-logs: added *basic* support for NOT query term in audit logs.
Tue, 20 Jun 2017 14:35:40
r1823:e27e4796
audit-logs: updated action data attrbiutes.
Tue, 20 Jun 2017 14:35:14
r1822:4bb2ace4
audit-logs: consistent data between my-account and admin user logs.
Tue, 20 Jun 2017 14:06:36