Commits for galt

v392_base to v393_preview (2020-01-06 to 2020-01-13) v393

86351e141ea3ce1d6465d0293a5247164b0494eb Mon Jan 6 11:13:33 2020 -0800

• If ipv6 is disabled, retry with ipv4-only listening socket. Tweak packet ip address filtering routine to tolerate the ipv4 address format. fixes #24730.
  • src/lib/net.c - lines changed 90, context: html, text, full: html, text

3f71cd4547c5afb1a52d80d9290fb76fc826e0a0 Fri Jan 10 15:18:12 2020 -0800

• expanding filtering to take in just "//" since it is equivalent to "://" and we want to forbid both. This url pattern is a protocol-agnostic form which uses the context of the page. Reported to us as XSS violation. refs#24750.
  • src/hg/cartReset/cartReset.c - lines changed 1, context: html, text, full: html, text

62c9e871dba2a1b400d00422a1fd4b21f7c650f8 Fri Jan 10 18:08:04 2020 -0800

• Fixing htcDnaNearGene to use cartWebStart so that it has a standard header protecting the page with CSP. refs#24750
  • src/hg/hgc/hgc.c - lines changed 1, context: html, text, full: html, text

38d05d1d1259c64a71c7d46444a9e9bb91e21676 Fri Jan 10 23:46:22 2020 -0800

• Changing cartReset to use CSP meta head to suppress XSS javascript in the destination CGI parameter. refs#24750
  • src/hg/cartReset/cartReset.c - lines changed 17, context: html, text, full: html, text