Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules
History
Jo-Philipp Wich b194b8882e luci-base: don't propagate null bytes in path information 
It is possible to inject unescaped markup using a double encoded null byte
via PATH_INFO on certain leaf nodes.

Since there is no legitimate reason to handle null bytes in any part of the
requested url, simply skip over such bytes when parsing the PATH_INFO value.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10 11:41:32 +02:00
..
luci-base luci-base: don't propagate null bytes in path information 2018-04-10 11:41:32 +02:00
luci-mod-admin-full luci-mod-admin-full: allow setting dns cachesize 2018-04-09 17:17:02 +03:00
luci-mod-admin-mini treewide: unify mac address handling 2018-03-12 16:12:18 +01:00
luci-mod-failsafe luci-mod-failsafe: use same string as luci-mod-admin-full 2016-12-10 19:11:50 +02:00
luci-mod-freifunk luci-mod-freifunk: dispatch SimpleForm model using the form() action 2018-04-06 12:07:50 +02:00
luci-mod-freifunk-community Rework LuCI build system 2015-01-08 16:26:20 +01:00
luci-mod-rpc luci-mod-rpc: rework authentication and session handling 2018-04-06 07:56:56 +02:00