Files @ 9b74296e6af6
Branch filter:

Location: kallithea/MANIFEST.in - annotation

9b74296e6af6 839 B text/plain Show Source Show as Raw Download as Raw
Søren Løvborg
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)

Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).

This commit blocks such GET request, preventing CSRF attacks.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
2d7a94f3eaae
0e6035a85980
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
ff08d3cf9aef
7e5f8c12a3fc
ff08d3cf9aef
ff08d3cf9aef
19267f233d39
ff08d3cf9aef

include           Apache-License-2.0.txt
include           CONTRIBUTORS
include           COPYING
include           LICENSE-MERGELY.html
include           LICENSE.md
include           MIT-Permissive-License.txt
include           README.rst
include           development.ini
recursive-include docs *
recursive-include init.d *
include           kallithea/bin/ldap_sync.conf
include           kallithea/bin/template.ini.mako
include           kallithea/config/deployment.ini_tmpl
recursive-include kallithea/i18n *
recursive-include kallithea/lib/dbmigrate *.py_tmpl README migrate.cfg
recursive-include kallithea/public *
recursive-include kallithea/templates *
recursive-include kallithea/tests/fixtures *
recursive-include kallithea/tests/scripts *
include           kallithea/tests/test.ini
include           kallithea/tests/vcs/aconfig
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.