Release v0.9.3
-----BEGIN PGP SIGNATURE----- iQFLBAABCAA1FiEEEv0k8DWUT53dSMUkR6bSrUEA328FAlpOYNkXHHZpcnR1YWx0 YW1AZmxpYmlkaS5uZXQACgkQR6bSrUEA329Qggf/TCRMsuYsL3TtgxeEAwZh+fPG TmfsVUpc+3fnfZCYQAPZ4JXzGTvqrPKRewm3xuIj/s+46y5vxLoppLBN9ULhG97F rTllSWvl252+A+COZlSNQYRfUt4gmtm4hS7iUTrTzzTLZkuwhr8vkj05+b+gI9N6 IT76HX/5onKUhZh+5L2ipFRF3KHBcwCaJbUOUT0YtEL/LqcT/F6oPnoagYLfgYDw I1E8ewcXyO8aMw98dghGg2xwIHytljRqqZXMUDs03n+50KFwPmP3CzZbohfW5uMV KsY79gB79B4pLoB9Slp3vypsoEL8wbfgZCLzMLlqr93xdztOp+bG9MQ9yvInjg== =2XAs -----END PGP SIGNATURE----- Merge tag 'v0.9.3' into latest Release v0.9.3
This commit is contained in:
commit
57e4a974f7
4 changed files with 12 additions and 4 deletions
4
AUTHORS
4
AUTHORS
|
@ -1,5 +1,5 @@
|
|||
537 ArthurHoaro <arthur@hoa.ro>
|
||||
252 VirtualTam <virtualtam@flibidi.net>
|
||||
542 ArthurHoaro <arthur@hoa.ro>
|
||||
255 VirtualTam <virtualtam@flibidi.net>
|
||||
148 nodiscc <nodiscc@gmail.com>
|
||||
56 Sébastien Sauvage <sebsauvage@sebsauvage.net>
|
||||
15 Florian Eula <eula.florian@gmail.com>
|
||||
|
|
|
@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
||||
and this project adheres to [Semantic Versioning](http://semver.org/).
|
||||
|
||||
## [v0.9.3](https://github.com/shaarli/Shaarli/releases/tag/v0.9.3) - 2018-01-04
|
||||
|
||||
**XSS vulnerability fixed. Please update.**
|
||||
|
||||
### Security
|
||||
- Fix an XSS (cross-site-scripting) vulnerability in `index.php`
|
||||
|
||||
|
||||
## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07
|
||||
|
||||
**Major security issue fixed. Please update.**
|
||||
|
|
|
@ -431,7 +431,7 @@ if (isset($_POST['login']))
|
|||
else
|
||||
{
|
||||
ban_loginFailed($conf);
|
||||
$redir = '&username='. $_POST['login'];
|
||||
$redir = '&username='. urlencode($_POST['login']);
|
||||
if (isset($_GET['post'])) {
|
||||
$redir .= '&post=' . urlencode($_GET['post']);
|
||||
foreach (array('description', 'source', 'title', 'tags') as $param) {
|
||||
|
|
|
@ -1 +1 @@
|
|||
<?php /* 0.9.2 */ ?>
|
||||
<?php /* 0.9.3 */ ?>
|
||||
|
|
Loading…
Reference in a new issue