1. 10 Apr, 2019 1 commit
  2. 05 Apr, 2019 1 commit
  3. 13 Dec, 2018 1 commit
  4. 31 Aug, 2018 1 commit
  5. 18 Jul, 2018 1 commit
    • Sean Madsen's avatar
      security/core#14 Validate "context" inputs · edc80cda
      Sean Madsen authored
      When "context" is passed as a GET parameter, ensure that its values is
      a valid "Alphanumeric" type. This helps prevent XSS when the "context"
      value finds its way into templates that lack HTML output encoding.
      
      Replace...
      
          CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3
      
      ...with...
      
          CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3
      
      Also search for the following and manually fix:
      
          \$_GET\[(['"])context\1\]
          \$_POST\[(['"])context\1\]
          \$_REQUEST\[(['"])context\1\]
      edc80cda
  6. 19 Apr, 2018 1 commit
    • totten's avatar
      (NFC) Update version in header · fee14197
      totten authored
      This is a simple administrative update to the headers. It was generated with the command:
      
      ```
      rgrep '| CiviCRM version 4.7' CRM/ Civi ang api bin extern install/ settings/ templates -l \
        | xargs sed -i'' "s/| CiviCRM version 4.7/| CiviCRM version 5  /g"
      ```
      
      Tthe inclusion of `|` aimed to avoid matching any non-header text (e.g. inline docs that
      mentioned the version incidentally). But then I did a looser search and for just
      
      ```
      rgrep 'CiviCRM version 4.7'
      ````
      
      and manually patched the remainder.
      
      Note: I'm not really keen on doing this every month, so I relaxed the header
      statement -- instead of `CiviCRM version 5.0`, it's just `CiviCRM version 5`.
      fee14197
  7. 23 Feb, 2018 1 commit
  8. 12 Jan, 2017 1 commit
  9. 02 Jan, 2017 1 commit
  10. 21 Mar, 2016 1 commit
  11. 27 Jan, 2016 1 commit
  12. 01 Oct, 2015 1 commit
  13. 30 Sep, 2015 1 commit
  14. 04 Aug, 2015 2 commits
  15. 31 Jul, 2015 1 commit
  16. 29 Jul, 2015 1 commit
  17. 27 Mar, 2015 1 commit
  18. 04 Feb, 2015 1 commit
  19. 20 Jan, 2015 2 commits
  20. 14 Jan, 2015 1 commit
  21. 11 Jan, 2015 1 commit
  22. 09 Jan, 2015 1 commit
  23. 31 Dec, 2014 2 commits
    • totten's avatar
      Style - Remove @access · 681aa547
      totten authored
      1. These annotations are useful in PHP4-style code.
      2. These annotations are useless in PHP5-style code. Either they're redundant with the code, or they contradict the code.
      3. In cases where there are contradictions, I don't think there's anyway for us to generally resolve the contradiction except to say, "The code is right."
      4. As a developer reading .php files, I look at the code and *never* look at @access.
      681aa547
    • totten's avatar
      00be9182
  24. 23 Dec, 2014 1 commit
  25. 09 May, 2014 1 commit
  26. 28 Mar, 2014 1 commit
  27. 26 Nov, 2013 1 commit
  28. 20 Nov, 2013 1 commit
  29. 15 Aug, 2013 1 commit
  30. 03 Jul, 2013 1 commit
  31. 01 Mar, 2013 1 commit