Commit Graph

433 Commits

Author SHA1 Message Date
Patrick Baus
61af45e872 Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing. 2016-08-11 02:45:18 +02:00
Patrick Baus
dd6e9583a2 Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method, the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00
Patrick Baus
665dbc2690 Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the
HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
2016-08-11 01:32:41 +02:00
mr-GreyWolf
599d55700d Update functions.php 2016-03-30 23:07:02 +04:00
gulikoza
726190e5b8 Fix moving entries when confirm['copy'] is set.
If 'Delete after copy (move)' is selected and confirm['copy'] is set (which is default),
the entry will be copyied (created) not moved. This patch will skip confirm when entry
is being moved as there is no reason to confirm the move again.
2016-01-24 12:02:42 +01:00
gulikoza
0b8375fd2a Add additional check that full dn has been entered on login.
Fixes 'invalid dn syntax (34) for user' error when fallback_dn set and username was not found while trying to use it as dn.
2016-01-24 11:52:21 +01:00
Deon George
fa88250f0e Merge pull request #32 from jsdevel/fixing-sflogo-protocol-for-reverse-proxies
Changing the sourceforge logo to be protocol relative.
2015-12-07 16:56:41 +11:00
jsdevel
0491916d90 Changing the sourceforge logo to be protocol relative.
* This allows the browser to resolve the URL against the protocol the user used, not what a reverse proxy used.
2015-12-05 23:02:11 -07:00
Deon George
c004a291d7 Merge pull request #19 from scollin/master
Fix some monitor information problems
2015-02-23 12:40:32 -08:00
Sébastien Collin
54191d7ffb Fix some monitor information problems
Fix some monitor information problems as reported by @brendankearney
2015-01-30 13:56:29 +01:00
Deon George
9e283f369f Merge pull request #13 from DevoKun/master
Changed password_hash to pla_password_hash in a few places where it was still password_hash.
2014-10-08 12:30:58 +11:00
Devon Hubner
19114385fc Changed password_hash to pla_password_hash in a few places where it was still password_hash. 2014-10-07 14:25:32 -04:00
Deon George
7701e98bcc Merge pull request #11 from robgloess/patch-1
Fixed parse error in TemplateRender.php
2014-10-07 12:54:51 +11:00
robgloess
d4c2fb52ab Update TemplateRender.php
Fixed typo on 1682 - parse issue, non escaped " ' " causing error to be thrown
2014-09-30 22:28:09 +01:00
Deon George
7cbdd0c8db Merge pull request #9 from uda/master
Minor doc changes
2014-09-23 15:59:42 +10:00
Yehuda Deutsch
afec12d163 Rename INSTALL to INSTALL.md 2014-09-21 11:11:07 +03:00
Yehuda Deutsch
a4a602b6ec Created README.md 2014-09-21 11:10:30 +03:00
Deon George
e1952cddb6 Merge pull request #6 from marclaporte/patch-2
typos
2014-09-18 12:32:56 +10:00
Deon George
ee415fe8c6 Merge pull request #5 from marclaporte/patch-1
typo
2014-09-18 12:32:08 +10:00
Deon George
eca5c4ea9f Merge pull request #8 from pteague/master
Modified posixAccount Shell selection
2014-09-18 12:31:19 +10:00
Patrick Teague
a01752a68c * Fixed posixAccount Shell so that 'Bash' is actually bash and not shell. Also added Shell, Dash, False, and No Login 2014-09-16 14:53:52 -05:00
Marc Laporte
ba90f86e7b typos 2014-07-25 23:04:40 -04:00
Marc Laporte
6135f94a51 typo 2014-07-25 20:36:21 -04:00
Deon George
f7c4bd311a Merge pull request #4 from ivdmeer/master
Bugfix: fixed call to renamed function pla_password_hash.
2014-06-05 13:00:27 +10:00
Ivo van der Meer
c736ecd8c2 Bugfix: fixed call to renamed function pla_password_hash. 2014-06-04 10:48:06 +02:00
Deon George
d2a800878f Merge pull request #3 from bchavet/master
Use preg_replace_callback instead of /e in preg_replace
2014-06-04 13:43:52 +10:00
Ben Chavet
5a7edc892f Use preg_replace_callback instead of /e in preg_replace to fix E_DEPRECATED warnings 2014-05-29 18:57:44 +00:00
Deon George
d258398b68 Merge pull request #2 from archayl/php55fix
Php55fix
2014-05-14 09:05:39 +10:00
Mohamad Elrashidin Bin Sajeli
b082cf1742 Changed preg_replace to preg_replace callback 2014-05-08 20:40:57 +08:00
Mohamad Elrashidin Bin Sajeli
e673df3ba8 Changed password_hash to pla_password_hash 2014-05-08 20:22:30 +08:00
Deon George
cfbee19721 Release 1.2.3 2012-10-01 16:54:14 +10:00
Deon George
092db24f99 Update template to show multiselect values 2012-10-01 16:47:53 +10:00
Deon George
927e515df3 Language update from launchpad for 1.2.3 (also see #30) 2012-09-06 13:00:06 +10:00
Deon George
bbedf18b7e SF Bug #3531956 - Search / Show Attributes must be lowercase 2012-09-05 22:44:46 +10:00
Deon George
f1ed59a35e SF Bug #3518548 - Missing attributes on some custom forms 2012-09-05 22:18:31 +10:00
Deon George
55fa21af26 SF Bug #3513210 - Export to VCARD only exports the last entry in the list 2012-09-05 21:57:17 +10:00
Deon George
f28d535948 SF Bug #3510648 - Cannot copy between servers 2012-09-05 21:54:42 +10:00
Deon George
2f70eb41b3 SF Bug #3510114 - Unable to check passwords when samba hashes are in lowercase 2012-09-05 21:25:50 +10:00
Deon George
6b9834a054 SF Bug #3452416 - templates <order> non-functional 2012-09-05 20:23:17 +10:00
Deon George
caf24e3662 SF Bug #3427748 - value id is ignored in select attribute 2012-09-05 20:02:14 +10:00
Roland Gruber
c4b6695beb SF Bug #3448530 - Treat krbExtraData and krbPrincipalKey as binary 2012-09-04 15:09:24 +10:00
Deon George
74434e5ca3 SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables 2012-09-03 07:16:34 +10:00
Deon George
88d41216f9 SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY'] 2012-09-03 06:19:19 +10:00
Paweł Tomulik
09c5e3a8da SF Feature #3555472 - User-friendly items in entry chooser window. 2012-09-01 11:43:14 +10:00
Jean-Philippe Ghibaudo
21959715c3 SF Feature #3509651 - Add support for SHA512 with OpenLDAP 2012-09-01 11:31:38 +10:00
Roland Gruber
3690ad16f0 SF Patch #3469148 - Display mass edit actions as buttons 2012-08-29 22:01:43 +10:00
Deon George
7dc8d57d69 SF Bug #3477910 - XSS vulnerability in query 2012-01-24 12:38:47 +11:00
Deon George
dece0f496f Release 1.2.2 2011-10-27 13:07:09 +11:00
Deon George
d58f011fbb Language Translation merge from launchpad 2011-10-27 13:06:53 +11:00
Deon George
696c266eee Additional fix for SF Feature #3387473 2011-10-27 12:55:24 +11:00