Ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-07 03:22:21 +03:00

History

Jesse Dijkstra f546a5ce1d Remove open redirect by removing double slashes from redirects (#7247 ) no issue Double slashes are treated as a HTTP calls as specified in [RFC1801](http://www.ietf.org/rfc/rfc1808.txt). Because of this behaviour the uncapitalise created an open redirect. By removing double slashes in the path we ensure open redirects cannot be created. As an example, please click the following URL: https://dev.ghost.org///Google.com/. This issue has been reported by pentesters of our product [LearningSpaces.io](http://learningspaces.io).		2016-08-23 13:47:59 +02:00
..
functional	Remove open redirect by removing double slashes from redirects (#7247 )	2016-08-23 13:47:59 +02:00
integration	fix: delete unused theme endpoints (#7231 )	2016-08-22 10:54:54 +01:00
unit	improvement: ensure custom storage adapter has required functions (#7234 )	2016-08-22 22:51:42 +01:00
utils	fix: error handling when login via test env (#7228 )	2016-08-19 12:02:07 +01:00
.jshintrc	Remove jshint rules that are no longer supported	2015-01-23 21:00:37 +00:00