1. 28 May, 2019 2 commits
  2. 24 May, 2019 1 commit
  3. 23 May, 2019 2 commits
  4. 10 May, 2019 1 commit
  5. 10 Apr, 2019 1 commit
  6. 05 Apr, 2019 1 commit
  7. 01 Apr, 2019 1 commit
  8. 17 Feb, 2019 1 commit
  9. 13 Dec, 2018 1 commit
  10. 04 Dec, 2018 2 commits
  11. 02 Dec, 2018 1 commit
  12. 24 Oct, 2018 1 commit
  13. 18 Jul, 2018 1 commit
    • Sean Madsen's avatar
      security/core#14 Validate "context" inputs · edc80cda
      Sean Madsen authored
      When "context" is passed as a GET parameter, ensure that its values is
      a valid "Alphanumeric" type. This helps prevent XSS when the "context"
      value finds its way into templates that lack HTML output encoding.
      
      Replace...
      
          CRM_Utils_Request::retrieve\((['"])context\1,(\s*)(['"])String\3
      
      ...with...
      
          CRM_Utils_Request::retrieve\($1context$1,$3Alphanumeric$3
      
      Also search for the following and manually fix:
      
          \$_GET\[(['"])context\1\]
          \$_POST\[(['"])context\1\]
          \$_REQUEST\[(['"])context\1\]
      edc80cda
  14. 19 Apr, 2018 1 commit
    • totten's avatar
      (NFC) Update version in header · fee14197
      totten authored
      This is a simple administrative update to the headers. It was generated with the command:
      
      ```
      rgrep '| CiviCRM version 4.7' CRM/ Civi ang api bin extern install/ settings/ templates -l \
        | xargs sed -i'' "s/| CiviCRM version 4.7/| CiviCRM version 5  /g"
      ```
      
      Tthe inclusion of `|` aimed to avoid matching any non-header text (e.g. inline docs that
      mentioned the version incidentally). But then I did a looser search and for just
      
      ```
      rgrep 'CiviCRM version 4.7'
      ````
      
      and manually patched the remainder.
      
      Note: I'm not really keen on doing this every month, so I relaxed the header
      statement -- instead of `CiviCRM version 5.0`, it's just `CiviCRM version 5`.
      fee14197
  15. 23 Feb, 2018 1 commit
  16. 19 Jan, 2018 1 commit
  17. 15 Jan, 2018 1 commit
  18. 02 Jan, 2017 1 commit
  19. 13 Nov, 2016 1 commit
  20. 11 Nov, 2016 1 commit
  21. 12 Aug, 2016 1 commit
  22. 20 May, 2016 1 commit
  23. 21 Mar, 2016 1 commit
  24. 26 Feb, 2016 1 commit
  25. 28 Dec, 2015 1 commit
  26. 21 Nov, 2015 4 commits
  27. 11 Nov, 2015 1 commit
  28. 05 Nov, 2015 3 commits
  29. 16 Aug, 2015 1 commit
  30. 03 Aug, 2015 1 commit
  31. 31 Jul, 2015 1 commit
  32. 17 Jul, 2015 1 commit