AContent icon indicating copy to clipboard operation
AContent copied to clipboard
verified publisher icon atutor

Protect against XSS and CSRF + some improvements

Open metamorfosec opened this issue 7 years ago • 2 comments

Hello.., This is a pull request for issue #29 .

metamorfosec avatar Sep 19 '18 02:09 metamorfosec

There are some new problems with the content editor and rendered content contain page templates. When a page template is added the reorder buttons and a rouge X gets rendered when the content is displayed. The reorder button should only appear in the Page Template preview in the content editor.

content_screen

Can any of the HTML Purifier files be eliminated. There seems to be a lot of files that are not required. Also things like the form_demo.php in the crsf folder should be cleaned out.

I have not done a thorough code review. This pull request should be broken down into smaller more manageable chunks. And, a little more description provided with each.

As it is I can't merge this pull request.

atutor avatar Sep 22 '18 13:09 atutor

Hello.., Thanks for fast response. I have updated the files as your suggestion and the issue above should be fixed now. However, I still have faced some warning messages as in original work also behaves like that. I will provide the updates with more descriptive in smaller more manageable chunks as your suggestion. Regards.

metamorfosec avatar Sep 24 '18 00:09 metamorfosec