Fix persistent XSS vulnerabilities in AJAX editing

Based on merge request #22 from Jean-Lou Hau, but does the escaping for everything and in a different place.
author: Paul Arthur <paul.arthur@flowerysong.com> 2013-02-07 15:20:44 -0500
committer: Paul Arthur <paul.arthur@flowerysong.com> 2013-02-07 15:20:44 -0500
commit: 266f7cea9bd51df298cc45fbb8abb39a1375acd2 (patch)
tree: f35aef5619aa5fe9d099dd46af91a81722b9f96e /docs/CHANGELOG
parent: 79b6eb98e7506c9074d737c452e90732c6cd4afd (diff)
download: ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.tar.gz
ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.tar.bz2
ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index c0cec19a..82ffa1a6 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,8 @@
 
 --------------------------------------------------------------------------
   v.3.6-FUTURE
+    - Fixed persistent XSS vulnerabilities in AJAX object editing (reported by
+        Jean-Lou Hau)
     - Fixed character set detection for ID3v1 tags
     - Added matroska to the list of known tag types
     - Made the getID3 metadata source work better with tag types that Ampache
author	Paul Arthur <paul.arthur@flowerysong.com>	2013-02-07 15:20:44 -0500
committer	Paul Arthur <paul.arthur@flowerysong.com>	2013-02-07 15:20:44 -0500
commit	266f7cea9bd51df298cc45fbb8abb39a1375acd2 (patch)
tree	f35aef5619aa5fe9d099dd46af91a81722b9f96e /docs/CHANGELOG
parent	79b6eb98e7506c9074d737c452e90732c6cd4afd (diff)
download	ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.tar.gz ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.tar.bz2 ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.zip