[ Index ] |
PHP Cross Reference of vtigercrm-6.1.0 |
[Summary view] [Print] [Text view]
1 2 [[ news ]] 3 4 1.0.4 released 2013-07-17 5 6 [SECURITY FIXES] 7 8 - When secret key was not explicitly set, it was not being used 9 by the csrf_hash() function. Thanks sparticvs for reporting. 10 11 [FEATURES] 12 13 - The default 'CSRF check failed' page now offers a handy 'Try 14 again' button, which resubmits the form. 15 16 [BUG FIXES] 17 18 - The fix for 1.0.3 inadvertantly turned off XMLHttpRequest 19 overloading for all browsers; it has now been fixed to only 20 apply to IE. 21 22 1.0.3 released 2012-01-31 23 24 [BUG FIXES] 25 26 - Internet Explorer 8 adds support for XMLHttpRequest.prototype, 27 but this support is broken for method overloading. We 28 explicitly disable JavaScript overloading for Internet Explorer. 29 Thanks Kelly Lu for reporting. <[email protected]> 30 31 - A global declaration was omitted, resulting in a variable 32 not being properly introduced in PHP 5.3. Thanks Whitney Beck for 33 reporting. <[email protected]> 34 35 1.0.2 released 2009-03-08 36 37 [SECURITY FIXES] 38 39 - Due to a typo, csrf-magic accidentally treated the secret key 40 as always present. This means that there was a possible CSRF 41 attack against users without any cookies. No attacks in the 42 wild were known at the time of this release. Thanks Jakub 43 Vrána for reporting. 44 45 1.0.1 released 2008-11-02 46 47 [NEW FEATURES] 48 49 - Support for composite tokens; this also fixes a bug with using 50 IP-based tokens for users with cookies disabled. 51 52 - Native support cookie tokens; use csrf_conf('cookie', $name) to 53 specify the name of a cookie that the CSRF token should be 54 placed in. This is useful if you have a Squid cache, and need 55 to configure it to ignore this token. 56 57 - Tips/tricks section in README.txt. 58 59 - There is now a two hour expiration time on all tokens. This 60 can be modified using csrf_conf('expires', $seconds). 61 62 - ClickJacking protection using an iframe breaker. Disable with 63 csrf_conf('frame-breaker', false). 64 65 [BUG FIXES] 66 67 - CsrfMagic.send() incorrectly submitted GET requests twice, 68 once without the magic token and once with the token. Reported 69 by Kelly Lu <[email protected]>.
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Fri Nov 28 20:08:37 2014 | Cross-referenced by PHPXref 0.7.1 |