Mirrors/Part-DB-server
2
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-20 22:28:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
5b7f44f4eaacad8a79bcedec32780e00d7347099
Part-DB-server/templates
History
Sascha Lenk dc906bfb0f vulnerability XSS fix 
The "trans with" command is not automatically escaping the string, so this is a XSS (Cross-Site Scripting) vulnerability.
Tested string: https://URL-TO-PART-DB-SERVER/de/parts/search?keyword=%22'%3E%3Cqss%20a%3D X147208852Y1_1Z%3E

QUALYS Enterprise WAS Scan Report classifies this as level 5 security risk
2023-02-25 22:42:03 +01:00
..
admin
Show entity preview image on admin page
2023-02-05 20:00:11 +01:00
bundles/TwigBundle/Exception
Fixed error page styling
2022-10-05 23:01:19 +02:00
components
Fixed problems with non-unique prototype names when using nested collection type, which prevented to create nested entries with mulitple new sub entries.
2023-02-19 22:39:26 +01:00
form
Renamed form/ templates folder to recommended snake_case style
2023-02-04 23:21:36 +01:00
label_system
Renamed label_system templates folder to recommended snake_style style
2023-02-04 23:15:11 +01:00
log_system
Renamed log_system template folder to recommended snake_case style
2023-02-04 23:09:36 +01:00
mail
Moved email CSS files to its own directory
2022-12-11 23:07:15 +01:00
parts
vulnerability XSS fix
2023-02-25 22:42:03 +01:00
projects
Fixed image display style for odd shaped (very small) images.
2023-02-20 00:24:12 +01:00
security
Renamed security template folder to recommended snake_case style
2023-02-04 22:59:43 +01:00
tools
Renamed security template folder to recommended snake_case style
2023-02-04 22:59:43 +01:00
users
Renamed users templates folder to recommended snake_case
2023-02-04 22:49:28 +01:00
_navbar_search.html.twig
Update the navbar on logout
2022-10-09 19:47:03 +02:00
_navbar.html.twig
Show user avatar next to its name, in all possible locations
2023-01-23 23:01:57 +01:00
_sidebar.html.twig
Allow to configure which tree panels are shown in the sidebar
2022-08-04 23:13:43 +02:00
_toast_container.html.twig
Fixed toast position on large screens
2023-02-06 22:47:41 +01:00
_toast.html.twig
Fixed styling of toasts.
2022-07-24 18:19:57 +02:00
_turbo_control.html.twig
Fixed issue that change of language via language selector did not changed the navbar and sidebar
2022-10-09 20:11:48 +02:00
attachment_list.html.twig
Added filter possibility to attachment list
2022-09-11 02:00:22 +02:00
base.html.twig
Moved favicon.ico to web root folder, as this is the location where a browser expects it
2023-02-05 00:18:07 +01:00
helper.twig
Improved styling of the parts info page
2023-02-05 20:50:19 +01:00
homepage.html.twig
Link to docs.part-db.de
2023-02-09 00:14:36 +01:00
main_card.html.twig
Show the permissions a user have on the user info page.
2019-09-13 19:38:22 +02:00