sshambar
0fe1758572
Add SASL PLAIN authentication support ( #92 )
...
Adds a new sasl mech 'plain' which converts all simple authentication
methods to SASL PLAIN. NOTE: doesn't use auth_type 'sasl' as
credentials may come from login form, stored in cookies etc...
2020-02-20 09:12:39 +11:00
Noone404
4eb3737d31
Added option to use template string for bind DN ( #90 )
...
* Language update from launchpad
* Added login option 'bind_dn_template'
2020-02-20 09:11:17 +11:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA ( #87 )
...
* reCaptcha config
* config reCaptcha
* check reCAPTCHA
* add reCAPTCHA to form login
* config attributes for reCAPTCHA
* Function to verify request with reCAPTCHA
* doc reCaptcha
2020-02-20 09:04:20 +11:00
Deon George
8f4ced96f9
Release 1.2.5
2019-08-20 22:24:40 +10:00
Deon George
722fefad1c
Merge pull request #84 from nayo/patch-2
...
Fix error and set by default to preventXSS. Closes #84 and #85
2019-08-07 16:34:53 +10:00
Genaro Contreras Gutierrez
c87571f6b7
Fix error and set by default to preventXSS
2019-07-31 08:21:14 -07:00
Deon George
cb9c0cce3e
Merge pull request #82 from nayo/patch-1
...
Function to prevent XSS attacks
2019-07-31 07:38:06 +08:00
Genaro Contreras Gutierrez
0b10c30c79
other usage of function preventXSS
...
Other example of usage:
preventXSS(get_request('cmd','REQUEST'))
Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false
2019-07-30 08:49:41 -07:00
Genaro Contreras Gutierrez
c22c98c463
update get_request when an error occurs
...
Example to use to prevent XSS attack from get_request
get_request('cmd','REQUEST',false,null,true)
2019-07-30 08:44:10 -07:00
Genaro Contreras Gutierrez
25cbb26e1d
update function get_request to preventXSS
...
The XSS prevent function was created and used
2019-07-30 08:38:14 -07:00
Genaro Contreras Gutierrez
08c21fe7ca
Prevent XSS attack since function get_request
...
The $preventXSS parameter was added to the get_request function to avoid XSS attacks.
It was not set by default as $preventXSS=true, because it can affect fields such as passwords.
Using "htmlspecialchars" and "addslashes" functions of PHP.
2019-07-30 08:29:17 -07:00
Deon George
1bd14ddf68
Removed reference to missing function - closes #65
2019-07-15 14:49:52 +10:00
Deon George
95411c05e1
Release 1.2.4
2019-05-14 15:01:32 +10:00
Deon George
7b1f6b5132
Fix for PHP 7.3 - deprecated continue in switch
2019-05-14 15:00:28 +10:00
Deon George
3c0ca27477
Remove SF branding
2019-04-21 23:37:10 +10:00
Deon George
511ead3ec6
Revert #63 - Add attribute not rendering correctly
2019-04-20 15:39:48 +10:00
Deon George
e37b498de1
PHP 7.2 compatibility fixes - closes #64
2019-04-19 22:48:22 +10:00
Deon George
29d7d4b2f7
Fixes #31 - Glue entries are not browsable through phpldapadmin
2019-04-19 21:01:02 +10:00
Deon George
c494078550
Closes pull request #22 and fixes #18 - preg_replace_callback changes
2019-04-19 20:08:53 +10:00
Deon George
73b7795bc0
Fixes #21 - Undefined variable: _SESSION
2019-04-18 23:17:24 +10:00
Deon George
c1af05f403
Merge pull request #63 from dago/renderfix
...
Fixes for translation of "Add new attribute"
2019-04-18 12:34:00 +10:00
Deon George
49ef60f26b
Merge pull request #62 from spagu/patch-1
...
Fix php7.2 errors for function __autoload and create_function as they were deprecated.
2019-04-18 12:31:49 +10:00
Deon George
aa11e318ec
Merge pull request #60 from NHellFire/php7.1
...
Use OpenSSL for blowfish when available (fixes #58 )
2019-04-18 12:16:08 +10:00
Deon George
f3aad72b57
Merge pull request #66 from MichaelIT/master
...
Incompatable with openLDAP >=2.1.2
2019-04-18 11:58:12 +10:00
Deon George
6a55d808a2
Merge pull request #69 from RoyChaudhuri/master
...
Fix for bug #68 , long redirect response
2019-04-18 11:56:25 +10:00
Deon George
aec5053f55
Merge pull request #71 from anarcat/CVE-2017-11107
...
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
2019-04-18 11:54:45 +10:00
Antoine Beaupré
4484129a41
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
...
Closes : #50
From: Ismail Belkacim <xd4rker@gmail.com>
2018-10-31 14:04:44 -04:00
Roy Chaudhuri
2e43cf95b9
Fix for bug #68 , exit after redirect response when URI parameter is received by index.php
2018-09-17 15:45:42 +01:00
Michael
7569423f11
Update functions.php
...
Since openLDAP >=2.1.2,ldap_explode_dn turns unprintable chars (in the ASCII sense, UTF8 encoded) into \<hexcode>.
2018-07-17 19:59:11 +08:00
Dagobert Michelsen
5c0f787fbf
Add URL for translation
2018-04-20 13:10:20 +02:00
Dagobert Michelsen
6c85d61525
Fix invocation of layout in TemplateRenderer
2018-04-20 12:33:58 +02:00
spagu
884cce1475
Update functions.php
2018-04-19 11:10:12 +01:00
NHellFire
53e005c1f4
Use OpenSSL for blowfish when available ( fixes #58 )
2018-02-11 07:22:36 +00:00
Deon George
733a10a1c5
Merge pull request #40 from PatrickBaus/master
...
Fixed detection of SSL encryption behind proxy server
2016-10-30 16:53:36 +08:00
Deon George
708bc5ed83
Merge pull request #37 from mr-GreyWolf/patch-1
...
Update functions.php
2016-10-30 16:53:05 +08:00
Deon George
e46579b34e
Merge pull request #34 from gulikoza/master
...
Fix moving ldap entries and login error with 'fallback_dn'
2016-10-30 16:52:22 +08:00
Deon George
4fefe2aa8c
Merge pull request #42 from ptomulik/crypt-sha
...
add support for SHA-256 and SHA-512 via crypt(3)
2016-10-30 16:47:44 +08:00
Paweł Tomulik
ee9034f24c
add support for SHA-256 and SHA-512 via crypt(3)
2016-10-08 21:24:33 +02:00
Patrick Baus
61af45e872
Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing.
2016-08-11 02:45:18 +02:00
Patrick Baus
dd6e9583a2
Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
...
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method , the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00
Patrick Baus
665dbc2690
Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
...
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the
HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
2016-08-11 01:32:41 +02:00
mr-GreyWolf
599d55700d
Update functions.php
2016-03-30 23:07:02 +04:00
gulikoza
726190e5b8
Fix moving entries when confirm['copy'] is set.
...
If 'Delete after copy (move)' is selected and confirm['copy'] is set (which is default),
the entry will be copyied (created) not moved. This patch will skip confirm when entry
is being moved as there is no reason to confirm the move again.
2016-01-24 12:02:42 +01:00
gulikoza
0b8375fd2a
Add additional check that full dn has been entered on login.
...
Fixes 'invalid dn syntax (34) for user' error when fallback_dn set and username was not found while trying to use it as dn.
2016-01-24 11:52:21 +01:00
Deon George
fa88250f0e
Merge pull request #32 from jsdevel/fixing-sflogo-protocol-for-reverse-proxies
...
Changing the sourceforge logo to be protocol relative.
2015-12-07 16:56:41 +11:00
jsdevel
0491916d90
Changing the sourceforge logo to be protocol relative.
...
* This allows the browser to resolve the URL against the protocol the user used, not what a reverse proxy used.
2015-12-05 23:02:11 -07:00
Deon George
c004a291d7
Merge pull request #19 from scollin/master
...
Fix some monitor information problems
2015-02-23 12:40:32 -08:00
Sébastien Collin
54191d7ffb
Fix some monitor information problems
...
Fix some monitor information problems as reported by @brendankearney
2015-01-30 13:56:29 +01:00
Deon George
9e283f369f
Merge pull request #13 from DevoKun/master
...
Changed password_hash to pla_password_hash in a few places where it was still password_hash.
2014-10-08 12:30:58 +11:00
Devon Hubner
19114385fc
Changed password_hash to pla_password_hash in a few places where it was still password_hash.
2014-10-07 14:25:32 -04:00