oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

took additional measures to prevent sql injection

Browse source
This commit is contained in:
JT Smith 2004-05-02 16:15:33 +00:00
parent 045997bc93
commit a293678acd
10 changed files with 29 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/changelog/6.x.x.txt
View file

@ -9,12 +9,15 @@
Manager and USS to the standard pagination variables.
- A very special thanks to Len Kranendonk for the following security
improvements.
- Disabled anonymous registration by default for better security.
- Set session timeout to 1 hour by default for better security.
- Disabled anonymous registration by default.
- Set session timeout to 1 hour by default.
- Sessions now auto end themselves if they are used after their
expires timeout and before the scheduler has cleaned them up.
- Macros are now negated on user profile fields and authentication
fields.
- Sessions are now validated against IP address to help prevent
session theft.
- Took additional measures to prevent SQL injection.
- Bugfix [ 930425 ] Bug in EventsCalender, causing other wobjects to fail.
- Bugfix [ 925586 ] HttpProxy ignores javascript in <HEAD> (thanks to
Nicklous Roberts).