[Mahara-contributors] [Bug 1470281] A change has been merged
Reviewed: https://reviews.mahara.org/4821 Committed: https://git.nzoss.org.nz/mahara/mahara/commit/96b117e5e37cc4a9f630902c51f1dfeaa45f8a9a Submitter: Aaron Wells (aar...@catalyst.net.nz) Branch:master commit 96b117e5e37cc4a9f630902c51f1dfeaa45f8a9a Author: Yuliya Bozhko yuliya.boz...@totaralms.com Date: Thu Jun 4 08:24:53 2015 +0100 Use nosniff header to prevent potential XSS via untrusted files in IE Bug 1470281 See https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. Change-Id: Ic46d02f65d9ed1cb57fb50e8fab2cbc9f62428a1 Signed-off-by: Yuliya Bozhko yuliya.boz...@totaralms.com Signed-off-by: Aaron Wells aar...@catalyst.net.nz -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1470281 Title: Use nosniff header to prevent potential XSS via untrusted files in IE Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.10 series: Fix Committed Status in Mahara 1.9 series: Fix Committed Status in Mahara 15.04 series: In Progress Status in Mahara 15.10 series: Fix Committed Bug description: Yuliya posted this one directly into Gerrit: https://reviews.mahara.org/#/c/4821/ Use nosniff header to prevent potential XSS via untrusted files in IE See - https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx - https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1470281/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1470281] A change has been merged
Reviewed: https://reviews.mahara.org/4950 Committed: https://git.nzoss.org.nz/mahara/mahara/commit/7b9b434ba2b6232d0a69379f9baea5f4b09e2672 Submitter: Aaron Wells (aar...@catalyst.net.nz) Branch:1.9_STABLE commit 7b9b434ba2b6232d0a69379f9baea5f4b09e2672 Author: Yuliya Bozhko yuliya.boz...@totaralms.com Date: Thu Jun 4 08:24:53 2015 +0100 Use nosniff header to prevent potential XSS via untrusted files in IE Bug 1470281 See https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. Change-Id: Ic46d02f65d9ed1cb57fb50e8fab2cbc9f62428a1 Signed-off-by: Yuliya Bozhko yuliya.boz...@totaralms.com Signed-off-by: Aaron Wells aar...@catalyst.net.nz (cherry picked from commit 96b117e5e37cc4a9f630902c51f1dfeaa45f8a9a) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1470281 Title: Use nosniff header to prevent potential XSS via untrusted files in IE Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.10 series: Fix Committed Status in Mahara 1.9 series: Fix Committed Status in Mahara 15.04 series: In Progress Status in Mahara 15.10 series: Fix Committed Bug description: Yuliya posted this one directly into Gerrit: https://reviews.mahara.org/#/c/4821/ Use nosniff header to prevent potential XSS via untrusted files in IE See - https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx - https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1470281/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1470281] A change has been merged
Reviewed: https://reviews.mahara.org/4948 Committed: https://git.nzoss.org.nz/mahara/mahara/commit/890b2bf5ca7ebaca37a6b4474b73215eb4635ed2 Submitter: Aaron Wells (aar...@catalyst.net.nz) Branch:15.04_STABLE commit 890b2bf5ca7ebaca37a6b4474b73215eb4635ed2 Author: Yuliya Bozhko yuliya.boz...@totaralms.com Date: Thu Jun 4 08:24:53 2015 +0100 Use nosniff header to prevent potential XSS via untrusted files in IE Bug 1470281 See https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. Change-Id: Ic46d02f65d9ed1cb57fb50e8fab2cbc9f62428a1 Signed-off-by: Yuliya Bozhko yuliya.boz...@totaralms.com Signed-off-by: Aaron Wells aar...@catalyst.net.nz (cherry picked from commit 96b117e5e37cc4a9f630902c51f1dfeaa45f8a9a) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1470281 Title: Use nosniff header to prevent potential XSS via untrusted files in IE Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.10 series: Fix Committed Status in Mahara 1.9 series: Fix Committed Status in Mahara 15.04 series: In Progress Status in Mahara 15.10 series: Fix Committed Bug description: Yuliya posted this one directly into Gerrit: https://reviews.mahara.org/#/c/4821/ Use nosniff header to prevent potential XSS via untrusted files in IE See - https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx - https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1470281/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1470281] A change has been merged
Reviewed: https://reviews.mahara.org/4949 Committed: https://git.nzoss.org.nz/mahara/mahara/commit/b380dfc7c9b98864b6d837da7838eb96ddf441f5 Submitter: Aaron Wells (aar...@catalyst.net.nz) Branch:1.10_STABLE commit b380dfc7c9b98864b6d837da7838eb96ddf441f5 Author: Yuliya Bozhko yuliya.boz...@totaralms.com Date: Thu Jun 4 08:24:53 2015 +0100 Use nosniff header to prevent potential XSS via untrusted files in IE Bug 1470281 See https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. Change-Id: Ic46d02f65d9ed1cb57fb50e8fab2cbc9f62428a1 Signed-off-by: Yuliya Bozhko yuliya.boz...@totaralms.com Signed-off-by: Aaron Wells aar...@catalyst.net.nz (cherry picked from commit 96b117e5e37cc4a9f630902c51f1dfeaa45f8a9a) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1470281 Title: Use nosniff header to prevent potential XSS via untrusted files in IE Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.10 series: Fix Committed Status in Mahara 1.9 series: Fix Committed Status in Mahara 15.04 series: In Progress Status in Mahara 15.10 series: Fix Committed Bug description: Yuliya posted this one directly into Gerrit: https://reviews.mahara.org/#/c/4821/ Use nosniff header to prevent potential XSS via untrusted files in IE See - https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx - https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1470281/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp