common/djangoapps/student/tests · f351b05031dfeda252518ea66f6e007884aa433d · edx / edx-platform

Fixing email link injection bug · f351b050

Several templates used a variable set by the user (the request host header).  This led to a vulnerability where an attacker could inject their domain name into these templates (i.e., activation emails).  This patch fixes this vulnerability.

LMS-532

committed Dec 18, 2013

f351b050

Name	Last commit	Last update
..
__init__.py		Loading commit data...
factories.py		Loading commit data...
test_auto_auth.py		Loading commit data...
test_bulk_email_settings.py		Loading commit data...
test_email.py		Loading commit data...
test_login.py		Loading commit data...
test_userstanding.py		Loading commit data...
tests.py		Loading commit data...