Commit Graph

5 Commits

Author SHA1 Message Date
Erik Skultety b08017ca54 maint: Replace tabs with spaces in all source files in repo
So we have a syntax-check rule to catch all tab indents but it naturally
can't catch tab spacing, i.e. as a delimiter. This patch is a result of
running 'vim -en +retab +wq'
(using tabstop=8 softtabstop=4 shiftwidth=4 expandtab) on each file from
a list generated by the following:
find . -regextype gnu-awk \
         -regex ".*\.(rng|syms|html|s?[ch]|py|pl|php(\.code)?)(\.in)?" \
         | xargs git grep -lP "\t"

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-18 13:25:10 +02:00
Martin Kletzander f27dd53402 docs: Properly quote self uri in search.php
This removes the classical XSS vulnerability of using unquoted
PHP_SELF.

Reported-by: John Lightsey <john@nixnuts.net>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-07-10 13:44:00 +02:00
Daniel Veillard cf739b3568 better patch for the XSS search issue
Since the query string could be output when displaying the results too
2015-07-03 21:04:24 +08:00
Daniel Veillard d51876bc8e Avoid XSS vulnerability on the search engine
Raised by https://www.xssposed.org/incidents/69566/
Need to escape the user provided query before displaying it back
2015-07-03 20:47:08 +08:00
Martin Kletzander 2818359075 docs: autogenerate search.php
This patch makes search.php autogenerated from search.php.in, thus
removing hardcoded menus, footer etc. and the search.php is added to
.gitignore.

There is new rule added for *.php files (to make it bit less
hardcoded) that takes *.php.code.in and injects it inside the
generated *.php (xslt was not happy about php code in the source xml).
2012-08-10 10:58:38 +02:00