N1z6QsTG

1commit e987f91a375f2d0a858eef169036d1ebdf41d283
2Author: root <root@localhost.localdomain>
3Date:   Mon Dec 3 13:35:44 2018 +0000
4
5    Added CSRF protection to all State changing GET requests through a token url parameter which has the sessions csrf token
6
7commit 19029414264198ea8fda0b3fe1ffbda1833c79f2
8Author: root <root@localhost.localdomain>
9Date:   Mon Dec 3 12:45:30 2018 +0000
10
11    Removed some leftover status messages used for debugging queries
12
13commit 532a5afa4948079efb819008a2053b545fed0a1f
14Author: root <root@localhost.localdomain>
15Date:   Mon Dec 3 11:12:06 2018 +0000
16
17    Removed a backdoor in the controller class which would allow a malicious user to be able to send any php code to the site to be excecuted
18
19commit f936f756ad8ab1a34cc3815917d7f165b79cb9d2
20Author: root <root@localhost.localdomain>
21Date:   Mon Dec 3 11:04:22 2018 +0000
22
23    Fixed faulty application logic in the search which would expose drafts by adding published IS NOT NULL to the query that the blog controller uses to search
24
25commit c435a8146114a27faf9c37a3b164fb169511e46d
26Author: root <root@localhost.localdomain>
27Date:   Mon Dec 3 01:49:58 2018 +0000
28
29    Made changes in CSRF token handling in form and Controller in order to change CSRF tokens to last for each session, also fixed a bug in CSRF checking in Controller where it would only check CSRF if a csrfToken paramater was POSTed
30
31commit 412db79027c381d70fe1e86ece24bc172a38c4f2
32Merge: b557734 cf893e4
33Author: root <root@localhost.localdomain>
34Date:   Mon Dec 3 01:44:43 2018 +0000
35
36    Merge branch 'master' of robpress.ecs.soton.ac.uk:.
37
38commit cf893e4a1b768fd434b8536f2ff50fd9f067af63
39Author: root <root@localhost.localdomain>
40Date:   Mon Dec 3 01:44:19 2018 +0000
41
42    Updated generate function to produce URL safe tokens, updated verify function not to unset token in session and added function allowing verification of token via query string
43
44commit b5577346dc88a016c6b9e53d50d71ed51ce828fb
45Author: root <root@localhost.localdomain>
46Date:   Mon Dec 3 00:47:43 2018 +0000
47
48    Implemented POST CSRF protection by adding CSRF tokens into each form and checking the token in Controller->BeforeRoute
49
50commit c87ad0213246432119c4aedea74dfbe15e4d0408
51Author: root <root@localhost.localdomain>
52Date:   Mon Dec 3 00:14:22 2018 +0000
53
54    Added CSRF helper class to aid in the generation and verification of secure tokens for use in CSRF protection in forms
55
56commit 46195bc58a7160c154914c0ddefcffe3964a3b69
57Author: root <root@localhost.localdomain>
58Date:   Sun Dec 2 23:34:20 2018 +0000
59
60    Fixed a bug that we introduced in the pages model which would prevent admins from being able to create or delete pages with underscores in the Title
61
62commit 4b8ccf593bb2bde5ee6ea7a54bfa421c5fc3207e
63Author: root <root@localhost.localdomain>
64Date:   Sun Dec 2 23:02:06 2018 +0000
65
66    Modified fetchList in GenericModel such that it querys the database through sqlmapper rather than directly
67
68commit 3646a384a69597b0a4865795b31babc63e9aa2fa
69Author: root <root@localhost.localdomain>
70Date:   Sun Dec 2 22:43:30 2018 +0000
71
72    Updated error handling so it can deal with there not being an IP entry for users that have signed in with debug mode on
73
74commit 2497ee94dd1ebc91aee1bd75e10a621e0628a709
75Author: root <root@localhost.localdomain>
76Date:   Sun Dec 2 22:27:54 2018 +0000
77
78    Updated user controller so that upon a successful login the unsuccessful request count of an IP gets reset to 0
79
80commit da94088b5d0bb8a606864b4b10533fa1ac1d53c0
81Author: root <root@localhost.localdomain>
82Date:   Sun Dec 2 22:27:01 2018 +0000
83
84    Updated to include brute force IP logging and logic to temporarily block IPs for seconds up to 24 hours - primarily within the checkLogin function
85
86commit 239c5d4d1f075f4d3c10677e8ada822235326f66
87Author: root <root@localhost.localdomain>
88Date:   Sun Dec 2 22:24:57 2018 +0000
89
90    Updated SQL install to include requests table to store IP brute force tracking
91
92commit be0933cb345747c6b253b54be3507b95898b4273
93Author: root <root@localhost.localdomain>
94Date:   Sun Dec 2 21:18:07 2018 +0000
95
96    Modified the login code such that it accesses the database through the model rather than directly so that it iis no longer vulnerable to SQL injection
97
98commit ee4fe887b1148cccd50b9a005b732b9269270f04
99Author: root <root@localhost.localdomain>
100Date:   Sun Dec 2 21:17:25 2018 +0000
101
102    Replaced code in Search which directly accessed the database with code which accesses the database through the Model, upgraded the prepare() function in genericmodel to support OR and LIKE, also moved IS NOT NULL and IS NULL in prepare() to have to be in the key not the value so that users cannot abuse these special cases
103
104commit 74331e55b3c327006c963f3658d6cb0380d733e4
105Author: root <root@localhost.localdomain>
106Date:   Sun Dec 2 19:26:30 2018 +0000
107
108    Repaired the function which formats prepared statements in genericmodel by making it return an empty array on incorrect conditions and fixing a exploitable weakness in its match of the special cases IS NOT NULL and IS NULL
109
110commit 951c8fedf69f93b28db4c58b09842db43bd34762
111Author: root <root@localhost.localdomain>
112Date:   Sun Dec 2 17:19:53 2018 +0000
113
114    In order to test whether the beforeRoute and afterRoute functionallity which looks like a potential backdoor is ever utilized through normal operations, added a test that will var_dump and die() if they are used
115
116commit 5bf94a2cca6f202808f4bf5e5a2190b51dee7d5c
117Author: root <root@localhost.localdomain>
118Date:   Sun Dec 2 15:51:44 2018 +0000
119
120    Removed some leftover temp files created by texteditors which could contain sensitive information about RobPress sourcecode
121
122commit eaf1499d41e5ce46b9898462220a5281aa035a5b
123Author: root <root@localhost.localdomain>
124Date:   Sun Dec 2 15:02:27 2018 +0000
125
126    modified the admin add blog controller code to no longer use the extract() method
127
128commit 2dc61540fedf582c1066534f59f2e2b4c2c76bd6
129Author: root <root@localhost.localdomain>
130Date:   Sun Dec 2 14:59:44 2018 +0000
131
132    Changed the contact controller such that it no longer uses the extract() method to prevent parameter manipulation
133
134commit 9e931de39a10697f3201f8fdfd3dc95cab80c131
135Author: root <root@localhost.localdomain>
136Date:   Sun Dec 2 13:47:24 2018 +0000
137
138    Patched parameter manipulation in the admin edit user page by replacing
139    copyfrom('post') with a set of each of the defined fields, so that any
140    extra fields will not get set
141
142commit 028073f4739d675b2ee01a9dff494b0d93d6d974
143Author: root <root@localhost.localdomain>
144Date:   Sun Dec 2 13:46:58 2018 +0000
145
146    Added html purification of comment message in the 'awaiting moderation' and 'approved comments' listings in admin area. Removed our incorrect use of h() for comment message in the view
147
148commit 027ba558574143b2ff03073c87d5dc3fe98bdb55
149Author: root <root@localhost.localdomain>
150Date:   Sun Dec 2 13:35:27 2018 +0000
151
152    Prevented parameter manipulation in admin/comments by removing copyfrom() and instead only updating the status and message fields
153
154commit 80f81729a751cd578eac623e2696deb56d6d3bb0
155Author: root <root@localhost.localdomain>
156Date:   Sun Dec 2 13:29:30 2018 +0000
157
158    Added html purification on the comment message in the controller and removed our incorrect use of h() for comment messages in the view
159
160commit 37ba66da79d5f085cb9b2676b3b4d751d078d8a6
161Author: root <root@localhost.localdomain>
162Date:   Sun Dec 2 13:14:54 2018 +0000
163
164    Prevented parameter manipulation exploits in admin edit blog by removing the use of extract and copyfrom() to only utilize the POST parameters that should be there, ignoring others
165
166commit 10da7a233f360a4fe5e79ae3684e79e4472e09d2
167Merge: ddfd1f2 53f71ac
168Author: root <root@localhost.localdomain>
169Date:   Sun Dec 2 12:55:59 2018 +0000
170
171    Merge branch 'master' of robpress.ecs.soton.ac.uk:.
172
173commit ddfd1f2ac9659f054bc5a38681cdcaf7e5f33c2a
174Author: root <root@localhost.localdomain>
175Date:   Sun Dec 2 12:55:48 2018 +0000
176
177    Removed incorrect use of h() on bio from view and purified the bio in controller instead
178
179commit 53f71acccb830a390982807911bffebdbab10a64
180Author: root <root@localhost.localdomain>
181Date:   Sun Dec 2 12:40:28 2018 +0000
182
183    Prevented parameter manipulation in the update profile page by removing use of extract and copyfrom, and only updating the user parameters that the post request should have and ignoring any extra ones the user has added
184
185commit f10b16d30c9fd30b2cf9820eec454c69c8e4da07
186Author: root <root@localhost.localdomain>
187Date:   Sun Dec 2 12:38:20 2018 +0000
188
189    Added a if statement to patch rare bug where the code would try and delete a cookie that doesnt exist, this would only happen if a malicious user was editing their cookie id
190
191commit 2cc0e0850e45fe71ffef82f3aec91ffbfb83db30
192Author: root <root@localhost.localdomain>
193Date:   Sun Dec 2 12:33:38 2018 +0000
194
195    Purified blog content to prevent against xss and removed our use of h() on content in the view as this was incorrect due to content being set by wysiwyg
196
197commit 19abfbf61b0ab49e0c49f3abfff1264ab218e19d
198Author: root <root@localhost.localdomain>
199Date:   Sun Dec 2 11:52:47 2018 +0000
200
201    Prevented parameter manipulation on /user/add by removing the use of extract() which could overwrite variables dangerously and checking the data of the request with the inputvalidation helper class
202
203commit cce0360e2e9cff6f6a1eef0c9bbd56944d61e124
204Author: root <root@localhost.localdomain>
205Date:   Sun Dec 2 11:24:23 2018 +0000
206
207    Made it so that the inputvalidator and my code ignore extra fields added to POSTs rather than error on them- this was causing selftest to fail
208
209commit 75f7c24303089ba038d4592ad31a3fa35de85a2c
210Author: root <root@localhost.localdomain>
211Date:   Sat Dec 1 21:33:13 2018 +0000
212
213    Removed sleep test controller. It confirmed that sleep() is not an effective method against brute force on the live site!
214
215commit 8e4cae6e6fdd3ef924bbfa7f2a30564ab496815e
216Author: root <root@localhost.localdomain>
217Date:   Sat Dec 1 21:24:24 2018 +0000
218
219    Added testing controller in order to test if sleep throttles the whole server or just the single user
220
221commit 7534830bfae8b5e5b86b5582ca2619db9f567267
222Author: root <root@localhost.localdomain>
223Date:   Sat Dec 1 21:14:51 2018 +0000
224
225    Changed blog/search so that it no longer uses extract() on the variables from the POST request, as this could overwrite data if the user provides parameter names of global variables
226
227commit a82459289ff1efde63699baf70962f2607e74142
228Author: root <root@localhost.localdomain>
229Date:   Sat Dec 1 21:00:41 2018 +0000
230
231    Added parameter validation checking to /blog/comments
232
233commit d9790496ea1eee81b763c8d67b8f716a7eb3af7a
234Author: root <root@localhost.localdomain>
235Date:   Sat Dec 1 20:59:25 2018 +0000
236
237    Edited input validation utility class to take a 2d array of types and values as input and queue a status message explaining to the user why their POST request didn't pass the validation check
238
239commit 8e25ed89806d155fdc2aa9f55d73d1c4348a5e33
240Author: root <root@localhost.localdomain>
241Date:   Sat Dec 1 18:36:18 2018 +0000
242
243    Made it so that the search function only searches comment content when comments are enabled in the site settings
244
245commit 1d0d5db39c787a8e242286abf02b3095eca0df7d
246Author: root <root@localhost.localdomain>
247Date:   Sat Dec 1 18:30:51 2018 +0000
248
249    Prevented users from being able to comment by POSTing to /blog/comment when comments are disabled in the settings
250
251commit 7b3c06298f240f3a9dd1117fb3df2a4bdc36cefb
252Author: root <root@localhost.localdomain>
253Date:   Sat Dec 1 18:26:08 2018 +0000
254
255    Added html purification on pages being displayed via /page/display
256
257commit 38c0459e544a82e413cf2fce683855c26405067f
258Author: root <root@localhost.localdomain>
259Date:   Sat Dec 1 18:24:18 2018 +0000
260
261    Added the creation and configuration of HTML Purifier object in controller and made it available to the child classes by making it a class property
262
263commit fc3f58869ba1c1701db9d1d57fc46f257915c02e
264Author: root <root@localhost.localdomain>
265Date:   Sat Dec 1 17:55:25 2018 +0000
266
267    Removed use of dangerous eval() that could execute arbritrary code and replaced with a regex replace <?=BASE?> with the site base, this allows the Rob page to work
268
269commit 3a8deda86f00809aa856563a108bedc4136cb558
270Author: root <root@localhost.localdomain>
271Date:   Sat Dec 1 17:21:34 2018 +0000
272
273    Installed HTML Purifier library, ready for use on the wysiwyg imputs
274
275commit 9a082ea9365c713be9707d429dfa57b15eaf5ca1
276Author: root <root@localhost.localdomain>
277Date:   Sat Dec 1 17:11:18 2018 +0000
278
279    Updated composer files to represent the version updated to in the Rob Press patch (3.6.4)
280
281commit 153e3473c293040ab099459c7a3107a5bf2e0d5c
282Author: root <root@localhost.localdomain>
283Date:   Sat Dec 1 16:42:02 2018 +0000
284
285    Replaced the generate random bytes function used to openssl_random_pseud0_bytes() so that it would work on the live server which cant run php7 functions
286
287commit 2f416d00183bbc0e7b33c362c1ed3b0bd270f350
288Merge: a0b2147 f8209b6
289Author: root <root@localhost.localdomain>
290Date:   Sat Dec 1 16:38:17 2018 +0000
291
292    Merge branch 'master' of robpress.ecs.soton.ac.uk:.
293
294commit f8209b681b5da1d41d0836cda9cdec06b24fec85
295Merge: 1a567d1 f7c426f
296Author: root <root@localhost.localdomain>
297Date:   Sat Dec 1 16:21:06 2018 +0000
298
299    Merge branch 'master' of robpress.ecs.soton.ac.uk:.
300
301commit 1a567d1f8846a328950356a958f68f91c63e6882
302Author: root <root@localhost.localdomain>
303Date:   Sat Dec 1 16:12:42 2018 +0000
304
305    Changed implementation used to rename uploaded images to use openssl_random_sudo_bytes. This will decrease probability of overwriting happening within uploads folder
306
307commit a0b2147a24675d33cb6c675cae59c6f789d57b7f
308Author: root <root@localhost.localdomain>
309Date:   Sat Dec 1 15:56:57 2018 +0000
310
311    Fixed issue where after updating the settings to turn on debug mode, you would have to refresh the page to see the debug mode navbar
312
313commit f7c426f79dddf0e4eee05a89ac3213cf62355fd0
314Author: root <root@localhost.localdomain>
315Date:   Sat Dec 1 15:52:26 2018 +0000
316
317    Fixed bugs introduced by the cookie update
318
319commit d3ce48e69cfafd86c128516a0accf926a35d10f3
320Author: root <root@localhost.localdomain>
321Date:   Sat Dec 1 15:11:56 2018 +0000
322
323    Fixed insecure robpress cookie by setting it to httponly and reworking it to reference a table of cookieId userId pairs which cant be directly manipulated#
324
325commit a6809ea2adff76677f87e88979648ef8acc5d807
326Author: root <root@localhost.localdomain>
327Date:   Sat Dec 1 12:27:28 2018 +0000
328
329    Added upload handling such that when a user's profile upload fails or succeeds, they are informed via a status message
330
331commit 5c928ec0db2977ed8af64b80845d64076d4f4351
332Author: root <root@localhost.localdomain>
333Date:   Sat Dec 1 12:19:11 2018 +0000
334
335    Added image verification logic which checks MIME, extension, file contents and handles the re-naming of the file ready for storage on the server
336
337commit 6d86164ad866eede65c9dc0f92d73f019fff7d1a
338Author: root <root@localhost.localdomain>
339Date:   Sat Dec 1 02:20:29 2018 +0000
340
341    Added an input validation class with validation helper methods to check that the provided variable is a int, or is alphanumeric
342
343commit 43e1051b05decc45264d5451b2a255c81fae3fad
344Author: root <root@localhost.localdomain>
345Date:   Fri Nov 30 20:26:05 2018 +0000
346
347    Removed hidden userid field in the comment form in the blog view and instead get the id of the commenter in the blog controller
348
349commit aee98977f34255e76f26ec673a4ef40707b9e2a5
350Author: root <root@localhost.localdomain>
351Date:   Fri Nov 30 20:05:58 2018 +0000
352
353    Removed hidden field for recipient from the contact page, now get the reciepient in the controller
354
355commit 3cfd890509e67c88e09a30928de37643a8946eb1
356Author: root <root@localhost.localdomain>
357Date:   Fri Nov 30 16:06:07 2018 +0000
358
359    temporarily removed sessionid change to fix livesite
360
361commit dc5212237b33a9daa20517a4c63549aaa6837600
362Author: root <root@localhost.localdomain>
363Date:   Fri Nov 30 15:42:00 2018 +0000
364
365    Updated to RobPress 0.6f from 0.6e by applying the 06f.patch, also changed header.htm such to not display the version of robpress that the site is using
366
367commit 8833a9033b74ff85d3fb686b4724abe98d41aaac
368Author: root <root@localhost.localdomain>
369Date:   Fri Nov 30 15:05:28 2018 +0000
370
371    Fixed session insecurities: Sessions are now generated with a unique id rather than md5 of userid, sessions are also now deleted properly
372
373commit fc1e7971b20cc7b438f66f22e2ece7af86438178
374Author: root <root@localhost.localdomain>
375Date:   Fri Nov 30 12:52:21 2018 +0000
376
377    Fixed bug which was causing page editing to not work
378
379commit 76f62a842fca5cf6639595828c04cf7f86f36b2d
380Author: root <root@localhost.localdomain>
381Date:   Fri Nov 30 11:59:47 2018 +0000
382
383    Prevented file inclusion in /pages/ by only allowing created pages to have alphanumeric page names, and creating a function to safely check if a page exists and get its location
384
385commit bffa2b3629ba23a7a0ae63880934d41a25724dff
386Author: root <root@localhost.localdomain>
387Date:   Fri Nov 30 10:13:32 2018 +0000
388
389    Fixed a bug where the .htaccess file in /utility/ was blocking the wysiwyg image upload functionality
390
391commit 146f3f43218d0c63e2cecc71b0b6883a02a8ce7a
392Author: root <root@localhost.localdomain>
393Date:   Thu Nov 29 13:48:07 2018 +0000
394
395    Prevented open redirect on login by moving the redirect url to the session, not allowing users to be redirected back to site error pages such as 404
396
397commit c9f8db86cf133dece82b02ec1d35b6861d0fb955
398Author: root <root@localhost.localdomain>
399Date:   Thu Nov 29 12:09:42 2018 +0000
400
401    Fixed further authorisation bypass in blog by checking that a user is logged in before they can comment and moving the reset blog function to the admin area of the site
402
403commit d5176567dbef2a6240bb27790ceadfd5dc2cf3b7
404Author: root <root@localhost.localdomain>
405Date:   Thu Nov 29 11:26:37 2018 +0000
406
407    Prevented more authorisation bypass by removing a leftover function that allowed users to promote themselves, also by preventing users who arent logged in from accessing /user/profile (this previously took them to the admins profile)
408
409commit 9fa9660f0873ec7298368611fb037339da0f539a
410Author: root <root@localhost.localdomain>
411Date:   Thu Nov 29 10:54:40 2018 +0000
412
413    Fixed authorisation bypass on comment moderation by moving /blog/moderate to /admin/blog/moderate where the admincontroller will prevent non-admins from calling it
414
415commit ebba38ba0d41e19eb053cfc74137fa39c6336c5f
416Author: root <root@localhost.localdomain>
417Date:   Wed Nov 28 12:20:32 2018 +0000
418
419    Modified the admincontroller to reroute users with insufficient permission levels to the homepage, displaying an access denied status message
420
421commit c74b574c98be3033fefb0889f2ef9bc2895192a5
422Author: root <root@localhost.localdomain>
423Date:   Wed Nov 28 00:43:55 2018 +0000
424
425    Modified the .htaccess file in the root directory to deny users access to non-essential files
426
427commit e776eaa24a3cf0e7cec7e127fbef4724a011de62
428Author: root <root@localhost.localdomain>
429Date:   Fri Nov 23 02:06:21 2018 +0000
430
431    Modified and added .htaccess files to deny access to subdirectories the user shouldn't have access to
432
433commit 885c3e74eb8f5c7751e998faf7b9471fd50bf5d5
434Author: root <root@localhost.localdomain>
435Date:   Tue Nov 27 16:47:05 2018 +0000
436
437    Updated internal information patch such that the views no longer contain repeated logic and utilise the variables set by the errorer controller instead
438
439commit 50dc4c540bed853bb62bd7f9e3661ac909da4d38
440Author: root <root@localhost.localdomain>
441Date:   Tue Nov 27 16:42:58 2018 +0000
442
443    Updated internal information patch such that the errorer controller is now being utilised to set display errors and generic error message variables, for the view
444
445commit 8b424684db5444fef5a54caba68cdf686c6915b8
446Author: root <root@localhost.localdomain>
447Date:   Tue Nov 27 16:39:45 2018 +0000
448
449    Updated internal information patch such that the verfication of user rank and site state is now done in a single utility method
450
451commit e6685cb4813c439817e1cd4cd82ac91159128e28
452Author: root <root@localhost.localdomain>
453Date:   Mon Nov 26 14:21:53 2018 +0000
454
455    Patched internal information vuln. so stack trace only displays if user is admin level or site is in debug mode
456
457commit c94af66af53b58d638346e5a032523843ce5046c
458Author: root <root@localhost.localdomain>
459Date:   Sat Nov 24 14:12:54 2018 +0000
460
461    Patched XSS for user info in /user/view
462
463commit 2d5d64d1558895e260a643009e11aa82b2882097
464Author: root <root@localhost.localdomain>
465Date:   Sat Nov 24 14:08:53 2018 +0000
466
467    Patched XSS in profile username and avatar link in /user/profile
468
469commit 3230a80dd9144bf6add680d05bd3ad29fb1045fb
470Author: root <root@localhost.localdomain>
471Date:   Sat Nov 24 14:04:40 2018 +0000
472
473    Patched XSS in username in Edit User
474
475commit 2fe0cd94b9adf7c7004b444e9c5fe53ea5e9e324
476Author: root <root@localhost.localdomain>
477Date:   Sat Nov 24 14:03:36 2018 +0000
478
479    Patched XSS in displayed users in /admin/user
480
481commit ef8bd0bd06a96bc9d1b7e6a72dbf1e3c25949d20
482Author: root <root@localhost.localdomain>
483Date:   Sat Nov 24 13:50:01 2018 +0000
484
485    Patched XSS in title of /page/display
486
487commit 235fdd87ad0e645039fb75ea37db447824feff4e
488Author: root <root@localhost.localdomain>
489Date:   Sat Nov 24 13:49:09 2018 +0000
490
491    Patched XSS in site subtitle
492
493commit dd29af651b2b249f676ea44a509038a0eb276445
494Author: root <root@localhost.localdomain>
495Date:   Fri Nov 23 15:43:00 2018 +0000
496
497    Patched XSS in href links in /admin/page
498
499commit 27cb89eaae4a641f030a0bffebf9af9aaddbb04a
500Author: root <root@localhost.localdomain>
501Date:   Fri Nov 23 15:40:58 2018 +0000
502
503    Patched XSS in page title in /admin/page
504
505commit d85eaa0f04901954587719d463b8ac94d8820a1c
506Author: root <root@localhost.localdomain>
507Date:   Fri Nov 23 15:36:54 2018 +0000
508
509    Patched XSS in title in /admin/page/edit
510
511commit 1419b06e04717a764565a23c03ff929e4498eaa1
512Author: root <root@localhost.localdomain>
513Date:   Fri Nov 23 15:24:42 2018 +0000
514
515    Patched XSS in title
516
517commit f6ff0ac09877f925de2045e38e8a10958cdfaed8
518Author: root <root@localhost.localdomain>
519Date:   Fri Nov 23 15:21:09 2018 +0000
520
521    Patched XSS in error message and stack trace
522
523commit 9a2d607c7aa0b53bdabd77b691d49a0d8a98b2e0
524Author: root <root@localhost.localdomain>
525Date:   Fri Nov 23 15:19:58 2018 +0000
526
527    Patched XSS in error message and stack trace
528
529commit 66f4e46c7c0c30b2af0b9d7d0d98c268d480ba25
530Author: root <root@localhost.localdomain>
531Date:   Fri Nov 23 15:16:45 2018 +0000
532
533    Patched XSS in error message and stack trace
534
535commit 430de6ebfeb63105d44f79d587bb351215a4ef6d
536Author: root <root@localhost.localdomain>
537Date:   Fri Nov 23 15:06:30 2018 +0000
538
539    Patched XSS in /admin/comment
540
541commit 106af15a307c42607e4c175734b486d1525ee9f3
542Author: root <root@localhost.localdomain>
543Date:   Fri Nov 23 15:02:20 2018 +0000
544
545    Patched XSS in category title in /admin/category
546
547commit c486b48d022e3fa16b026532cb30acd70936ac47
548Author: root <root@localhost.localdomain>
549Date:   Fri Nov 23 15:00:00 2018 +0000
550
551    Patched XSS in title in /admin/category/edit
552
553commit 0a00945b5167f12d839a720f651f6c8bac3c22d6
554Author: root <root@localhost.localdomain>
555Date:   Fri Nov 23 14:54:13 2018 +0000
556
557    Patched XSS in /blog/view
558
559commit 908c5a0838c55aae3d356b9d28181cc8fc9228c5
560Author: root <root@localhost.localdomain>
561Date:   Fri Nov 23 14:37:22 2018 +0000
562
563    Patched XSS in blog search results in /blog/search
564
565commit 8e6f38e9b5493131ca4442fe0108fbd18b21145d
566Author: root <root@localhost.localdomain>
567Date:   Fri Nov 23 14:26:43 2018 +0000
568
569    Patched XSS in title, author name and summary
570
571commit c39730f418972208fb28d43f07d0253cbe90ec91
572Author: root <root@localhost.localdomain>
573Date:   Fri Nov 23 01:55:50 2018 +0000
574
575    Prevented XSS in admin/blog/edit summary
576
577commit 3e9c86b963e2b00d8edd29fb23292b8aec519bea
578Author: root <root@localhost.localdomain>
579Date:   Thu Nov 22 19:43:35 2018 +0000
580
581    Patched XSS in Form checkboxes
582
583commit be25949877937ff2b420418b85d16e97e88a8306
584Author: root <root@localhost.localdomain>
585Date:   Thu Nov 22 19:28:08 2018 +0000
586
587    Patched XSS in post title, post author and categories in /admin/blog
588
589commit 1779b3a0e9cd40ff47b6d925367ffca70198f84b
590Author: root <root@localhost.localdomain>
591Date:   Thu Nov 22 19:07:12 2018 +0000
592
593    Patched XSS in status messages
594
595commit 4ee27c68a38d229220c8f4059265326f236d9817
596Author: root <root@localhost.localdomain>
597Date:   Thu Nov 22 18:23:15 2018 +0000
598
599    Patched XSS in navbar username, sitename and pagenames
600
601commit 1aa43055dec88c555abd69e4df96f393e15b5945
602Author: team2 <team2@robpress.ecs.soton.ac.uk>
603Date:   Mon Nov 5 18:44:00 2018 +0000
604
605    System updated controllers/selftest.php
606
607commit d0e7ba40f32e5d89f9b797f939b72ba68b0bf00f
608Author: Oli <ob1a12@soton.ac.uk>
609Date:   Mon Nov 5 00:04:53 2018 +0000
610
611    Initial Commit