Commit Graph

346 Commits

Author SHA1 Message Date
Deon George
aec5053f55
Merge pull request #71 from anarcat/CVE-2017-11107
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
2019-04-18 11:54:45 +10:00
Antoine Beaupré
4484129a41
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
Closes: #50

From: Ismail Belkacim <xd4rker@gmail.com>
2018-10-31 14:04:44 -04:00
Roy Chaudhuri
2e43cf95b9 Fix for bug #68, exit after redirect response when URI parameter is received by index.php 2018-09-17 15:45:42 +01:00
Michael
7569423f11
Update functions.php
Since openLDAP >=2.1.2,ldap_explode_dn turns unprintable chars (in the ASCII sense, UTF8 encoded) into \<hexcode>.
2018-07-17 19:59:11 +08:00
Dagobert Michelsen
5c0f787fbf Add URL for translation 2018-04-20 13:10:20 +02:00
Dagobert Michelsen
6c85d61525 Fix invocation of layout in TemplateRenderer 2018-04-20 12:33:58 +02:00
spagu
884cce1475
Update functions.php 2018-04-19 11:10:12 +01:00
NHellFire
53e005c1f4 Use OpenSSL for blowfish when available (fixes #58) 2018-02-11 07:22:36 +00:00
Deon George
733a10a1c5 Merge pull request #40 from PatrickBaus/master
Fixed detection of SSL encryption behind proxy server
2016-10-30 16:53:36 +08:00
Deon George
708bc5ed83 Merge pull request #37 from mr-GreyWolf/patch-1
Update functions.php
2016-10-30 16:53:05 +08:00
Deon George
e46579b34e Merge pull request #34 from gulikoza/master
Fix moving ldap entries and login error with 'fallback_dn'
2016-10-30 16:52:22 +08:00
Deon George
4fefe2aa8c Merge pull request #42 from ptomulik/crypt-sha
add support for SHA-256 and SHA-512 via crypt(3)
2016-10-30 16:47:44 +08:00
Paweł Tomulik
ee9034f24c add support for SHA-256 and SHA-512 via crypt(3) 2016-10-08 21:24:33 +02:00
Patrick Baus
61af45e872 Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing. 2016-08-11 02:45:18 +02:00
Patrick Baus
dd6e9583a2 Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method, the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00
Patrick Baus
665dbc2690 Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the
HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
2016-08-11 01:32:41 +02:00
mr-GreyWolf
599d55700d Update functions.php 2016-03-30 23:07:02 +04:00
gulikoza
726190e5b8 Fix moving entries when confirm['copy'] is set.
If 'Delete after copy (move)' is selected and confirm['copy'] is set (which is default),
the entry will be copyied (created) not moved. This patch will skip confirm when entry
is being moved as there is no reason to confirm the move again.
2016-01-24 12:02:42 +01:00
gulikoza
0b8375fd2a Add additional check that full dn has been entered on login.
Fixes 'invalid dn syntax (34) for user' error when fallback_dn set and username was not found while trying to use it as dn.
2016-01-24 11:52:21 +01:00
Deon George
fa88250f0e Merge pull request #32 from jsdevel/fixing-sflogo-protocol-for-reverse-proxies
Changing the sourceforge logo to be protocol relative.
2015-12-07 16:56:41 +11:00
jsdevel
0491916d90 Changing the sourceforge logo to be protocol relative.
* This allows the browser to resolve the URL against the protocol the user used, not what a reverse proxy used.
2015-12-05 23:02:11 -07:00
Deon George
c004a291d7 Merge pull request #19 from scollin/master
Fix some monitor information problems
2015-02-23 12:40:32 -08:00
Sébastien Collin
54191d7ffb Fix some monitor information problems
Fix some monitor information problems as reported by @brendankearney
2015-01-30 13:56:29 +01:00
Deon George
9e283f369f Merge pull request #13 from DevoKun/master
Changed password_hash to pla_password_hash in a few places where it was still password_hash.
2014-10-08 12:30:58 +11:00
Devon Hubner
19114385fc Changed password_hash to pla_password_hash in a few places where it was still password_hash. 2014-10-07 14:25:32 -04:00
Deon George
7701e98bcc Merge pull request #11 from robgloess/patch-1
Fixed parse error in TemplateRender.php
2014-10-07 12:54:51 +11:00
robgloess
d4c2fb52ab Update TemplateRender.php
Fixed typo on 1682 - parse issue, non escaped " ' " causing error to be thrown
2014-09-30 22:28:09 +01:00
Deon George
7cbdd0c8db Merge pull request #9 from uda/master
Minor doc changes
2014-09-23 15:59:42 +10:00
Yehuda Deutsch
afec12d163 Rename INSTALL to INSTALL.md 2014-09-21 11:11:07 +03:00
Yehuda Deutsch
a4a602b6ec Created README.md 2014-09-21 11:10:30 +03:00
Deon George
e1952cddb6 Merge pull request #6 from marclaporte/patch-2
typos
2014-09-18 12:32:56 +10:00
Deon George
ee415fe8c6 Merge pull request #5 from marclaporte/patch-1
typo
2014-09-18 12:32:08 +10:00
Deon George
eca5c4ea9f Merge pull request #8 from pteague/master
Modified posixAccount Shell selection
2014-09-18 12:31:19 +10:00
Patrick Teague
a01752a68c * Fixed posixAccount Shell so that 'Bash' is actually bash and not shell. Also added Shell, Dash, False, and No Login 2014-09-16 14:53:52 -05:00
Marc Laporte
ba90f86e7b typos 2014-07-25 23:04:40 -04:00
Marc Laporte
6135f94a51 typo 2014-07-25 20:36:21 -04:00
Deon George
f7c4bd311a Merge pull request #4 from ivdmeer/master
Bugfix: fixed call to renamed function pla_password_hash.
2014-06-05 13:00:27 +10:00
Ivo van der Meer
c736ecd8c2 Bugfix: fixed call to renamed function pla_password_hash. 2014-06-04 10:48:06 +02:00
Deon George
d2a800878f Merge pull request #3 from bchavet/master
Use preg_replace_callback instead of /e in preg_replace
2014-06-04 13:43:52 +10:00
Ben Chavet
5a7edc892f Use preg_replace_callback instead of /e in preg_replace to fix E_DEPRECATED warnings 2014-05-29 18:57:44 +00:00
Deon George
d258398b68 Merge pull request #2 from archayl/php55fix
Php55fix
2014-05-14 09:05:39 +10:00
Mohamad Elrashidin Bin Sajeli
b082cf1742 Changed preg_replace to preg_replace callback 2014-05-08 20:40:57 +08:00
Mohamad Elrashidin Bin Sajeli
e673df3ba8 Changed password_hash to pla_password_hash 2014-05-08 20:22:30 +08:00
Deon George
cfbee19721 Release 1.2.3 2012-10-01 16:54:14 +10:00
Deon George
092db24f99 Update template to show multiselect values 2012-10-01 16:47:53 +10:00
Deon George
927e515df3 Language update from launchpad for 1.2.3 (also see #30) 2012-09-06 13:00:06 +10:00
Deon George
bbedf18b7e SF Bug #3531956 - Search / Show Attributes must be lowercase 2012-09-05 22:44:46 +10:00
Deon George
f1ed59a35e SF Bug #3518548 - Missing attributes on some custom forms 2012-09-05 22:18:31 +10:00
Deon George
55fa21af26 SF Bug #3513210 - Export to VCARD only exports the last entry in the list 2012-09-05 21:57:17 +10:00
Deon George
f28d535948 SF Bug #3510648 - Cannot copy between servers 2012-09-05 21:54:42 +10:00