nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/app
History
Jonne Haß 0a70e51f74 Add a token the filename for exported user data 
Also redirect to it for download, for Amazon S3
compatibility.

Prior to this patch an attacker could obtain an
users export by guessing the filename with a high
chance of success. Fully authenticating the
download request is a lot harder due to our diverse
deployment scenarios.

This brings the used method in line with the photo
export feature.

Thanks to @tomekr for the report.
2015-04-22 20:19:17 +02:00
..
assets Merge pull request #5875 from SuperTux88/add-mumble-protocol 2015-04-21 22:17:43 +02:00
controllers Add a token the filename for exported user data 2015-04-22 20:19:17 +02:00
helpers Lazily initialize Contact proxy in service helper 2015-04-10 19:19:16 +02:00
mailers Exports user photos as zip file 2015-03-03 19:45:57 -03:00
models added specs and validations for Role model 2015-03-18 09:16:15 -07:00
presenters On reshare insert the reshare built from the response 2015-03-23 23:02:23 +01:00
serializers/export Add created_at to json posts for #5585 2015-01-28 10:21:16 +13:00
uploaders Add a token the filename for exported user data 2015-04-22 20:19:17 +02:00
views Fix uppercase registration/login labels and btn style 2015-04-21 20:48:30 +02:00
workers Rescue correct constant in Workers::ReceiveLocalBatch 2015-04-01 04:01:40 +02:00