Commit Graph

86 Commits

Author SHA1 Message Date
Roy Chaudhuri
2e43cf95b9 Fix for bug #68, exit after redirect response when URI parameter is received by index.php 2018-09-17 15:45:42 +01:00
Deon George
733a10a1c5 Merge pull request #40 from PatrickBaus/master
Fixed detection of SSL encryption behind proxy server
2016-10-30 16:53:36 +08:00
Patrick Baus
61af45e872 Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing. 2016-08-11 02:45:18 +02:00
Patrick Baus
dd6e9583a2 Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method, the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00
Patrick Baus
665dbc2690 Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the
HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
2016-08-11 01:32:41 +02:00
gulikoza
726190e5b8 Fix moving entries when confirm['copy'] is set.
If 'Delete after copy (move)' is selected and confirm['copy'] is set (which is default),
the entry will be copyied (created) not moved. This patch will skip confirm when entry
is being moved as there is no reason to confirm the move again.
2016-01-24 12:02:42 +01:00
Sébastien Collin
54191d7ffb Fix some monitor information problems
Fix some monitor information problems as reported by @brendankearney
2015-01-30 13:56:29 +01:00
Marc Laporte
6135f94a51 typo 2014-07-25 20:36:21 -04:00
Deon George
f28d535948 SF Bug #3510648 - Cannot copy between servers 2012-09-05 21:54:42 +10:00
Deon George
74434e5ca3 SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables 2012-09-03 07:16:34 +10:00
Deon George
88d41216f9 SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY'] 2012-09-03 06:19:19 +10:00
Paweł Tomulik
09c5e3a8da SF Feature #3555472 - User-friendly items in entry chooser window. 2012-09-01 11:43:14 +10:00
Roland Gruber
6c8b623788 SF Patch #3391371 - Fix for schema link deactivation 2011-10-06 11:57:06 +11:00
Deon George
d5744b055a SF Bug #3370546 - AjaxEnabled create and delete entry fails on IE9 2011-10-06 09:12:54 +11:00
Deon George
64668e882b Remove XSS vulnerabilty in debug code 2011-07-27 07:30:06 +10:00
Deon George
6c93c1fc72 Fix deletion special char DNs, and refresh tree on delete 2011-05-04 00:02:33 +10:00
Marcel van Dorp
880a86f666 SF Feature #3122736 - HTTP authentication realm 2011-04-29 12:46:49 +10:00
Deon George
a35298e7f3 SF Bug #3036033 - Error if CN begins with a % sign 2011-04-29 12:08:38 +10:00
Deon George
2ea1fc6314 SF Bug #3003777 - Multivalue attributes with hundred of values hangs on modify 2011-04-29 00:19:53 +10:00
Deon George
1f9308dc4d Fixes for jpegPhoto attributes during copy operations 2011-04-28 23:20:06 +10:00
Deon George
9e9960bc3d SF Bug #3003779 - Unable to check password for NT and LN samba hashed 2011-04-27 21:53:47 +10:00
Deon George
6e5ec75b55 SF Bug #3077852 - Default template being used after modificaiton of entry 2011-04-27 00:02:05 +10:00
Deon George
97eff7383c SF Bug #3276528 - Problem with + and , signs in dn 2011-04-26 23:21:19 +10:00
Deon George
be623ce3f5 SF Bug #3136564 - Undefined variable: result (E_NOTICE) 2011-04-26 11:40:35 +10:00
Deon George
2cf20fcf44 SF Bug #2981355 - rawurldecode killing complex passwords 2011-04-26 10:10:43 +10:00
Deon George
c5f045756e SF Bug #2980701 - Creation templates get used for modification post creation 2011-04-26 00:10:58 +10:00
Deon George
7980d1c131 SF Patch #2974901 - enable modify member form to use netgroups 2010-11-16 22:05:18 +11:00
Deon George
7d17676fd7 Enabled create_base 2010-03-18 13:25:53 +11:00
Deon George
1c467a6115 New feature: Copy a DN and edit values before creation 2010-03-18 13:24:04 +11:00
Deon George
2e8e9625d6 AJAX work on create/update 2010-03-15 09:37:37 +11:00
Deon George
f713afc8d1 HTML Validation work 2010-03-15 09:37:35 +11:00
Deon George
0f782569e9 SF Bug #2969826 - XSS found in cmd.php 2010-03-14 23:57:16 +11:00
Deon George
676a675c7c SF Bug #2901854 - E_WARNING: implode(): Invalid arguments passed 2010-01-30 15:10:00 +11:00
Deon George
2393c5d5e3 Trim _REQUEST vars mainly to avoid null terminated strings 2009-12-23 09:03:13 +11:00
Deon George
efd1860a91 SF Bug #2554402 - template autofill command not work on appearance,date_attrs 2009-11-21 12:11:45 +11:00
Deon George
23a2da1f26 SF Bug #2898426 - Can't update own password 2009-11-21 11:17:53 +11:00
Deon George
a6dc80616b Fix rendering of js_calendar on add_attr, when no previous DateAttributes existed 2009-09-20 11:44:26 +10:00
Deon George
f0a6d312ab Enable control of creating children in templates 2009-09-20 11:44:23 +10:00
Deon George
3ffe6878f3 Minor updates 2009-09-07 00:13:58 +10:00
Deon George
9cb27e3a70 Miscellaneous minor updates 2009-08-29 00:11:23 +10:00
Deon George
b93b92f430 Rework javascript 2009-08-22 21:30:50 +10:00
Deon George
6e6a7a6e4e Multiple fixes, changes and enhancements
* mass edit selection,
* child search during edit,
* attr login with bind_id,
* performance fix broke ldapservers that dont have havesubordinate attrs),
* enable "login,class",
* enable "login,base".
2009-08-21 15:02:12 +10:00
Deon George
95aedef718 Remove CVS tags 2009-08-20 12:25:48 +10:00
Deon George
5669c92371 Improvements to debug_log 2009-08-19 13:39:37 +10:00
Deon George
a0816d068c Sync menu/tree processing with other projects, variable/function naming 2009-08-12 23:53:14 +10:00
Deon George
29cb490571 Fixes for issues introduced by commit bbe87c6e2 2009-07-27 17:18:25 +10:00
Deon George
5938302012 Fix the simple ACL configuration 2009-07-26 01:21:23 +10:00
Deon George
bbe87c6e2f SF Bug #2820854 - ldap_first_attribute error 2009-07-14 19:07:43 +10:00
Deon George
6627c7bea4 Fix spelling 2009-07-12 22:02:30 +10:00
Deon George
223086b58e Fix for when invalid objectclass entered 2009-07-12 22:02:19 +10:00