[Commotion-admin] [luci-commotion-linux] Fix RCE and XSS vulnerabilities (#4)
dismantl
notifications at github.com
Fri Oct 18 15:08:52 UTC 2013
See https://github.com/opentechinstitute/luci-commotion-apps/pull/21 for testing instructions
You can merge this Pull Request by running:
git pull https://github.com/opentechinstitute/luci-commotion-linux fix-RCE
Or you can view, comment on it, or merge it online at:
https://github.com/opentechinstitute/luci-commotion-linux/pull/4
-- Commit Summary --
* fixed a few RCE vulnerabilities.
* added XSS protection for submitted URLS
-- File Changes --
M modules/commotion/luasrc/controller/commotion/apps_controller.lua (21)
M modules/commotion/root/usr/lib/lua/commotion_helpers.lua (59)
-- Patch Links --
https://github.com/opentechinstitute/luci-commotion-linux/pull/4.patch
https://github.com/opentechinstitute/luci-commotion-linux/pull/4.diff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20131018/9d21fc20/attachment.html>
More information about the Commotion-admin
mailing list