Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-08-07 | init.php: urldecode() QUERY_STRING and REQUEST_URI before cleaning | Erich Eckner | |
2019-03-20 | init.php: do not try to decode %## - it should never appear in valid queries ↵ | Erich Eckner | |
- simply delete it | |||
2019-03-19 | init.php: encode less: only specialchars are ancoded + ampersand in ↵ | Erich Eckner | |
QUERY_STRING and REQUEST_URI is /not/ encoded (otherwise parameter separation is broken) | |||
2019-03-18 | init.php: clean up $_GET, $_SERVER["REQUEST_URI"] and ↵ | Erich Eckner | |
$_SERVER["QUERY_STRING"] against xss | |||
2018-06-19 | Fix include path by generating absolute paths | Tyler Dence | |