Hulihan Applications Software Development System

07/26/2010

09:10 PM Opal Feature #219: Add Multi-Language support

We should add multiple language support to Opal.

07:39 PM Opal Feature #218: Update Rails to 2.3.8

I've updated Opal's included Rails to 2.3.8.

06:14 AM BXR Bug #204 (Closed): Vulnerability: HTB22507

I've fixed this issue by sanitizing tag values in _app/views/folder/list.rhtml_, using Rails' native _h_ function(which escapes/sanitizes html in text values). On line 77, I changed: ...

06:09 AM BXR Bug #203 (Closed): Vulnerability: HTB22506

06:07 AM BXR Bug #203: Vulnerability: HTB22506

I completely revamped the insecure order code for looking up files/folders in _app/controllers/folder_controller.rb_. Mischa's old code passed direct url variables into ActiveRecord's *order* option. Aughhh!! I fixed this easily by adding a...

04:41 AM BXR Bug #205 (Closed): Vulnerability: HTB22503

To fix this issue, I've updated Rails to 2.3.2 and added Rails' native forgery protection function to app/controllers/application_controller.rb: ...

04:39 AM BXR Feature #215: Update Rails to 2.3.2

Rails in BXR has been updated to 2.3.2.

04:34 AM BXR Bug #201 (Closed): Vulnerability: HTB22505

I've sanitized the user-inputted search query in _app/views/search/show_results.html.erb_ by using Rails' native h function, on line 3: ...

04:32 AM BXR Bug #206 (Closed): Vulnerability: HTB22504

I've sanitized all inputted setting values in _app/views/shared/_list_settings.rhtml_ by using Rails' native _h_ function.

04:21 AM Amethyst Bug #210 (Closed): Vulnerability: HTB22502

Any supplied user input for the file: _app/views/admin/edit.rhtml_ is now sanitized. Here's what a title is outputted as when saved with javascript in the title: ...