Details des Tickets

Beschreibung,Kommentare und Anhänge

merge request id 966
TitelFeature/ll csti security client side template injection
Beschreibunghttp://jira.learningsystem.de/browse/LL-1777 Sicherheitslücke (RCSS) in der UWL
Statusmerged
Created at 2024-05-15T08:45:08.165Z
Updated at 2024-05-15T10:24:36.176Z
Source branchfeature/LL-CSTI-security-client-side-template-injection
Target branchrelease/4.7.0
AuthorGregor Gabriel
AssigneeSascha Immig

Discussion notes

changed the description Sascha Immig 2024-05-15T10:24:22.043Z
changed target branch from `develop` to `release/4.7.0` Sascha Immig 2024-05-15T10:24:22.129Z
merged Sascha Immig 2024-05-15T10:24:36.228Z
mentioned in commit 6e357e706f69633464d128acb79fa1212a1f6114 Sascha Immig 2024-05-15T10:24:36.315Z

Merge Commits

Title Id Author Created at Message
used "v-pre" to secure : 02ff3d910226fe515624cfac2fc14bb9cdc80705 TUV\gabrielg 2024-05-08T09:13:37.000Z used "v-pre" to secure : - dashboard - my trainings - catalog - training requests - user - groups - client for evil basic-free customer - notifications
+ adapted SSO-Benutzer-ID field name to expected field name in User-Import 1bb01d2a5d467cc68e28c3e5f21656ac41bf2ac0 TUV\gabrielg 2024-05-15T08:42:53.000Z + adapted SSO-Benutzer-ID field name to expected field name in User-Import + secured user import
+ handling problem, when mycomptence url is not configired in .env file 20feb350f5733a8654b0b861124a21b104df04f3 TUV\gabrielg 2024-05-13T12:31:45.000Z + handling problem, when mycomptence url is not configired in .env file + secured orgsanizational units + secured client api keys + secured classroom trainings
added csti user input validation for user form, client forn (without addresse),… 3555cf95d24cd7864ce153b1cc00c8a8a0cb7d6a TUV\gabrielg 2024-05-14T12:04:17.000Z added csti user input validation for user form, client forn (without addresse), group form, organizational unit form, reminder template form, corresponcences - address form, registration form and profile is still to be done
secured profil form 3fbc7f80a5faf09422bcf238938d2b2e00e78725 TUV\gabrielg 2024-05-14T12:31:19.000Z secured profil form
secured simple registration 45faad597d5f49f6f009fe65b270226a70802270 TUV\gabrielg 2024-05-14T14:59:39.000Z secured simple registration
added some v-pre attributes or fixed parameter passing so that only reports are… 5916a38d99dd1d455bfda6e16976de884b222f8e TUV\gabrielg 2024-05-08T16:37:55.000Z added some v-pre attributes or fixed parameter passing so that only reports are missing for basic-free clients
secured address forms 62992a558d1e52aa8302726ced4d993ac2b06724 TUV\gabrielg 2024-05-14T12:32:10.000Z secured address forms
made sure CSTI does not affect basic-free admin reports 81c2ac4fff615aa2605585e9551ad50c12b5acf4 TUV\gabrielg 2024-05-08T16:54:12.000Z made sure CSTI does not affect basic-free admin reports
added v-pre for user name and client name display for some places 96f25bbed4a0518f235aef8758af5914094b2531 TUV\gabrielg 2024-05-07T11:18:31.000Z added v-pre for user name and client name display for some places
secured full registration e3e4f0a4020eb0d8f09967430784f89b847bb843 TUV\gabrielg 2024-05-14T14:52:34.000Z secured full registration !!! there is no display of validation errors at the moment !!!
made sure one gets feedback about bad input f146f693c51f029f9782fa45bfa167ab0fa90315 TUV\gabrielg 2024-05-15T07:26:44.000Z made sure one gets feedback about bad input