Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #16213: SQL injection in the "SVN core" commits browser

Download Browse

Also fixes a XSS via the same injection point. Change-Id: Ib33199b7d0ec5f8a07a65d74766477f23df4a75b

+62 −25
Thomas Gerbet (tgerbet) 2020-08-12 12:36
Thomas Gerbet (tgerbet) 2020-08-12 13:01
ab12b686ced4cf233d3b15b08da008e0553eb6a6
29022e25f508c6668204a4a5e3eb48e62bcfff9f
git #tuleap/stable/ab12b686ced4cf233d3b15b08da008e0553eb6a6

Modified Files

Side by side diff
Inline diff
Name
M src/common/Widget/Widget_MyLatestSvnCommits.class.php +2 −2 Go to diff View file
M src/common/Widget/Widget_ProjectLatestSvnCommits.class.php +1 −1 Go to diff View file
M src/common/svn/SVN_LogFactory.class.php +2 −2 Go to diff View file
M src/www/svn/browse_revision.php +2 −2 Go to diff View file
M src/www/svn/svn_utils.php +50 −17 Go to diff View file
M tests/psalm/tuleap-baseline.xml +5 −1 Go to diff View file