common/djangoapps · f351b05031dfeda252518ea66f6e007884aa433d · edx / edx-platform

Fixing email link injection bug · f351b050

Several templates used a variable set by the user (the request host header).  This led to a vulnerability where an attacker could inject their domain name into these templates (i.e., activation emails).  This patch fixes this vulnerability.

LMS-532

committed Dec 18, 2013

f351b050

Name	Last commit	Last update
..
cache_toolbox		Loading commit data...
contentserver		Loading commit data...
course_groups		Loading commit data...
course_modes		Loading commit data...
datadog		Loading commit data...
django_comment_common		Loading commit data...
django_future		Loading commit data...
edxmako		Loading commit data...
external_auth		Loading commit data...
heartbeat		Loading commit data...
monitoring		Loading commit data...
pipeline_js		Loading commit data...
pipeline_mako		Loading commit data...
request_cache		Loading commit data...
service_status		Loading commit data...
static_replace		Loading commit data...
status		Loading commit data...
student		Loading commit data...
terrain		Loading commit data...
track		Loading commit data...
util		Loading commit data...
xmodule_modifiers.py		Loading commit data...