Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
FIX Security fixes (filter onload js, less verbose error message in
download and viewimage, show info to encourage dolibarr_main_prod=1)
- Loading branch information
Showing
7 changed files
with
215 additions
and
211 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
d26b2a6
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FIX SQL injection on admin/menus/edit.php parameter menuId. Discovered by ADLab of Venustech
FIX Multiple cross-site scripting (XSS) on admin/company.php parameter CompanyName,CompanyAddress,CompanyZip,CompanyTown,Phone.... Discovered by ADLab of Venustech
FIX cross-site scripting (XSS) on admin/menus/edit.php parameter Title Discovered by ADLab of Venustech
FIX Sensitive information disclosure on document.php parameter file Discovered by ADLab of Venustech