X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=CHANGELOG.txt;h=da6f5bba79773e86638410a26da6cd45bd404449;hb=5928cc0bb4164cfd1dfc77f279f6b12d7806294f;hp=4c0191fa9202edd2f344add2163c3baecedfe01f;hpb=48db6fc21c2e10bf6627faedf9f4bf34ac0ac2b6;p=fa-stable.git

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 4c0191fa..da6f5bba 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,62 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+18-Apr-2008 Joe Hunt
+! Module gl sealed against XSS Attacks
+$ /gl/includes/db/gl_db_accounts.inc
+  /gl/includes/db/gl_db_account_types.inc
+  /gl/includes/db/gl_db_bank_accounts.inc
+  /gl/includes/db/gl_db_bank_trans.inc
+  /gl/includes/db/gl_db_bank_trans_types.inc
+  /gl/includes/db/gl_db_currencies.inc
+  /gl/includes/db/gl_db_trans.inc
+  
+18-Apr-2008 Janusz Dobrowolski
+! Modules admin and dimensions sealed against XSS attacks
+$ /admin/payment_terms.php
+  /admin/shipping_companies.php
+  /admin/db/company_db.inc
+  /admin/db/maintenance_db.inc
+  /admin/db/users_db.inc
+  /admin/db/voiding_db.inc
+  /dimensions/includes/dimensions_db.inc
+
+18-Apr-2008 Joe Hunt
+! Modules includes, inventory and manufacturing sealed against XSS attacks
+$ /includes/db/comments_db.inc
+  /includes/db/inventory_db.inc
+  /includes/db/references_db.inc
+  /inventory/includes/db/items_category_db.inc
+  /inventory/includes/db/items_db.inc
+  /inventory/includes/db/items_locations_db.inc
+  /inventory/includes/db/items_units_db.inc
+  /inventory/includes/db/movement_types_db.inc
+  /manufacturing/includes/db/work_centres_db.inc
+  /manufacturing/includes/db/work_orders_db.inc
+  /manufacturing/includes/db/work_orders_quick_db.inc
+  /manufacturing/includes/db/work_order_issues_db.inc
+  /manufacturing/includes/db/work_order_produce_items_db.inc
+  
+18-Apr-2008 Janusz Dobrowolski
+! Changed db_escape function to avoid XSS attacks via js db injection
+$ /includes/db/connect_db.inc
+# Database inserts/updates secured against js injection
+$ /admin/db/maintenance_db.inc
+  /gl/includes/db/gl_db_accounts.inc
+  /purchasing/includes/db/po_db.inc
+  /sales/sales_order_entry.php
+  /sales/includes/db/sales_order_db.inc
+
+16-Apr-2008 Joe Hunt
+# Bug in /includes/ui/ui_lists.inc:914. Sql clause was cut.
+$ /includes/ui/ui_lists.inc
+
+09-Apr-2008 Janusz Dobrowolski
+# Fixed number formatting bug in standard cost update.
+$ /inventory/cost_update.php
+
+-------------------- 2,0 Beta - released ----------------------------
+
 06-Apr-2008 Joe Hunt
 ! Changed install.html and update.html to fit the new unstable release 2.0
 ! Changed demo sql script to fit the 2.0 unstable.