Skip to content
Snippets Groups Projects
  1. Apr 11, 2016
    • Andreas Gohr's avatar
      URI scheme is only relevant for TLS if not proxy connection #1526 · c67b1dab
      Andreas Gohr authored
      This should fix the test problems errors in #1527. When requesting a
      HTTPS URI from a HTTP only proxy, the initial connection is *not* TLS
      secured. The URI scheme is only relevant when directly connecting.
      
      This also changes the (wrong) assumption that everything on port 443 is
      always TLS secured. Only the URI scheme should decide that.
      c67b1dab
    • Michael Grosse's avatar
      use SSL if scheme is https · 4167de31
      Michael Grosse authored
      This is to ensure that we use SSL/TLS if a custom port is defined an no
      proxy is used.
      
      Fixes #1526
      4167de31
  2. Apr 07, 2016
  3. Apr 02, 2016
  4. Mar 31, 2016
    • Andreas Gohr's avatar
      avoid HTTP Response Splitting attacks via redirects #1513 · 98ca30d2
      Andreas Gohr authored
      The header() method of PHP is vulnerable to HTTP Response Splitting
      attacks.
      
      This change makes sure the URL passed to send_redirect (and thus to
      header()) does not contain any control characters that would be needed
      to execute such an attack.
      
      Cleaning input is recommended anyway.
      98ca30d2
  5. Mar 24, 2016
  6. Mar 22, 2016
  7. Mar 19, 2016
  8. Mar 15, 2016
  9. Mar 12, 2016
  10. Mar 11, 2016
  11. Mar 04, 2016
  12. Mar 02, 2016
  13. Feb 24, 2016
  14. Feb 22, 2016
  15. Feb 19, 2016
Loading