summaryrefslogtreecommitdiffstats
path: root/web/template/tu_details.php
AgeCommit message (Collapse)AuthorFilesLines
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-0/+1
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer1-4/+6
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-03TU: Use htmlspecialchars instead of htmlentities.Loui Chang1-1/+1
Let the utf8 shine through. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-23tu: Bring Trusted User interface in line with the rest of the site.Loui Chang1-6/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-13Change layout of tu_details.Loui Chang1-13/+19
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-13List TUs that voted on a proposal.Angel 'angvp' Velasquez1-1/+14
This patch lists who voted on a proposal after the proposal is closed. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-22Make some translatable strings friendlier to common usage.Loui Chang1-4/+4
Removing trailing colons and whitespace makes them more usable. Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-10-05Major rearrangement of tu.php, strings setup for translationCallan Barrett1-0/+62
All the strings are set up to be translated now, HTML of tu.php has been moved to templates and the worst of it rewritten (there's no longer a massive function in it) Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>