Marcus Krause
- Login: mkrause
- Registered on: 2008-04-27
- Last sign in: 2015-05-05
Issues
open | closed | Total | |
---|---|---|---|
Assigned issues | 0 | 39 | 39 |
Reported issues | 0 | 66 | 66 |
Activity
2014-12-18
- 14:02 TYPO3 Core Feature #21779: Integrate OWASP ESAPI for PHP
- FYI: ESAPI for PHP is dead.
Nonetheless, the idea to have something like this is good. - 13:57 TYPO3 Core Feature #28230: Add support for PBKDF2 to hashing
- I started with this feature in March 2013 - see https://twitter.com/t3sec/status/313413250693881858
Let's see if I c...
2014-05-22
- 09:34 TYPO3 Core Revision 6c6ae4b6: [SECURITY] XSS in new content element wizard
- Sanitize user-input colPos in new content element wizard.
Change-Id: Ifa90ea1ede3b6c2a5436c505993c533803306d01
Fixes... - 09:33 TYPO3 Core Revision 12741ad6: [SECURITY] XSS in new content element wizard
- Sanitize user-input colPos in new content element wizard.
Change-Id: I68ee05a9113b2a0266c0be612b1a10272cb986a2
Fixes... - 09:32 TYPO3 Core Revision 00f00b15: [SECURITY] XSS in new content element wizard
- Sanitize user-input colPos in new content element wizard.
Change-Id: Ic43566fc93fadf6a1d997ff73bf027468001fb38
Fixes...
2013-12-10
- 10:55 TYPO3 Core Revision 226d624a: [SECURITY] XSS in colorpicker wizard
- Encode user-input in JavaScript context for colorpicker.
Change-Id: I1121d6d20c90e476a2d0ea4f000b180e843a4ce0
Fixes:... - 10:54 TYPO3 Core Revision cb8db286: [SECURITY] XSS in colorpicker wizard
- Encode user-input in JavaScript context for colorpicker.
Change-Id: If3da2b476a98efa67815bf84095843ab2f65949f
Fixes:... - 10:53 TYPO3 Core Revision 0f1e28b9: [SECURITY] XSS in colorpicker wizard
- Encode user-input in JavaScript context for colorpicker.
Change-Id: I83790887c4239d62b6783fd6269169085607b7d4
Fixes:... - 10:52 TYPO3 Core Revision 573f7209: [SECURITY] XSS vulnerability in extension manager
- Add escaping on extension meta data when rendering.
Change-Id: I6f65cb5fb4f0d290349c15c03a3d52f4b0d18fda
Fixes: #208... - 10:51 TYPO3 Core Revision 0bc4fc4f: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
- If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Also available in: Atom