Commit Graph

99 Commits

Author SHA1 Message Date
Patrick Monnerat
9488fe2ed7 Avoid passing a null value to PHP functions where another type is expected.
PHP 8.1 deprecates this feature.

Closes pull-request #149 and closes #150
2022-08-05 10:48:56 +10:00
Patrick Monnerat
b035e8a0f4 Do not use function is_resource().
PHP 8.1 replaces some kind of resources by built-in class instances.
As is_resource() is always used to test for failures, replace calls by
simple Boolean checks.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
3a75a32100 Mandatory function arguments must be listed before optional ones.
PHP 8 deprecates the ability to have
	function whatever($arg1, $arg2='something', $arg3)

This commit reorders arguments of functions set_cached_item() and
draw_jpeg_photo() to meet this new requirement.
2022-08-05 10:48:56 +10:00
Deon George
1d26d435c2 Special character issue in password - closes #104 2021-12-10 16:14:04 +11:00
Deon George
a8fe6f3274 Revert part of 0b657471 to fix #105 - Problem with member select list to goun 2020-09-23 10:13:11 +10:00
Deon George
aa5be41b06 Add autocomplete=off - closes #122 2020-08-30 22:09:52 +10:00
JamesCordell
0b65747110
Changes required so the sudoRole objectClass will present a link so members can be modified by default. (#101) 2020-02-20 09:17:37 +11:00
Noone404
4eb3737d31
Added option to use template string for bind DN (#90)
* Language update from launchpad

* Added login option 'bind_dn_template'
2020-02-20 09:11:17 +11:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA (#87)
* reCaptcha config

* config reCaptcha

* check reCAPTCHA

* add reCAPTCHA to form login

* config attributes for reCAPTCHA

* Function to verify request with reCAPTCHA

* doc reCaptcha
2020-02-20 09:04:20 +11:00
Deon George
1bd14ddf68 Removed reference to missing function - closes #65 2019-07-15 14:49:52 +10:00
Deon George
73b7795bc0 Fixes #21 - Undefined variable: _SESSION 2019-04-18 23:17:24 +10:00
Deon George
6a55d808a2
Merge pull request #69 from RoyChaudhuri/master
Fix for bug #68, long redirect response
2019-04-18 11:56:25 +10:00
Antoine Beaupré
4484129a41
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
Closes: #50

From: Ismail Belkacim <xd4rker@gmail.com>
2018-10-31 14:04:44 -04:00
Roy Chaudhuri
2e43cf95b9 Fix for bug #68, exit after redirect response when URI parameter is received by index.php 2018-09-17 15:45:42 +01:00
Deon George
733a10a1c5 Merge pull request #40 from PatrickBaus/master
Fixed detection of SSL encryption behind proxy server
2016-10-30 16:53:36 +08:00
Patrick Baus
61af45e872 Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing. 2016-08-11 02:45:18 +02:00
Patrick Baus
dd6e9583a2 Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method, the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00
Patrick Baus
665dbc2690 Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the
HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
2016-08-11 01:32:41 +02:00
gulikoza
726190e5b8 Fix moving entries when confirm['copy'] is set.
If 'Delete after copy (move)' is selected and confirm['copy'] is set (which is default),
the entry will be copyied (created) not moved. This patch will skip confirm when entry
is being moved as there is no reason to confirm the move again.
2016-01-24 12:02:42 +01:00
Sébastien Collin
54191d7ffb Fix some monitor information problems
Fix some monitor information problems as reported by @brendankearney
2015-01-30 13:56:29 +01:00
Marc Laporte
6135f94a51 typo 2014-07-25 20:36:21 -04:00
Deon George
f28d535948 SF Bug #3510648 - Cannot copy between servers 2012-09-05 21:54:42 +10:00
Deon George
74434e5ca3 SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables 2012-09-03 07:16:34 +10:00
Deon George
88d41216f9 SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY'] 2012-09-03 06:19:19 +10:00
Paweł Tomulik
09c5e3a8da SF Feature #3555472 - User-friendly items in entry chooser window. 2012-09-01 11:43:14 +10:00
Roland Gruber
6c8b623788 SF Patch #3391371 - Fix for schema link deactivation 2011-10-06 11:57:06 +11:00
Deon George
d5744b055a SF Bug #3370546 - AjaxEnabled create and delete entry fails on IE9 2011-10-06 09:12:54 +11:00
Deon George
64668e882b Remove XSS vulnerabilty in debug code 2011-07-27 07:30:06 +10:00
Deon George
6c93c1fc72 Fix deletion special char DNs, and refresh tree on delete 2011-05-04 00:02:33 +10:00
Marcel van Dorp
880a86f666 SF Feature #3122736 - HTTP authentication realm 2011-04-29 12:46:49 +10:00
Deon George
a35298e7f3 SF Bug #3036033 - Error if CN begins with a % sign 2011-04-29 12:08:38 +10:00
Deon George
2ea1fc6314 SF Bug #3003777 - Multivalue attributes with hundred of values hangs on modify 2011-04-29 00:19:53 +10:00
Deon George
1f9308dc4d Fixes for jpegPhoto attributes during copy operations 2011-04-28 23:20:06 +10:00
Deon George
9e9960bc3d SF Bug #3003779 - Unable to check password for NT and LN samba hashed 2011-04-27 21:53:47 +10:00
Deon George
6e5ec75b55 SF Bug #3077852 - Default template being used after modificaiton of entry 2011-04-27 00:02:05 +10:00
Deon George
97eff7383c SF Bug #3276528 - Problem with + and , signs in dn 2011-04-26 23:21:19 +10:00
Deon George
be623ce3f5 SF Bug #3136564 - Undefined variable: result (E_NOTICE) 2011-04-26 11:40:35 +10:00
Deon George
2cf20fcf44 SF Bug #2981355 - rawurldecode killing complex passwords 2011-04-26 10:10:43 +10:00
Deon George
c5f045756e SF Bug #2980701 - Creation templates get used for modification post creation 2011-04-26 00:10:58 +10:00
Deon George
7980d1c131 SF Patch #2974901 - enable modify member form to use netgroups 2010-11-16 22:05:18 +11:00
Deon George
7d17676fd7 Enabled create_base 2010-03-18 13:25:53 +11:00
Deon George
1c467a6115 New feature: Copy a DN and edit values before creation 2010-03-18 13:24:04 +11:00
Deon George
2e8e9625d6 AJAX work on create/update 2010-03-15 09:37:37 +11:00
Deon George
f713afc8d1 HTML Validation work 2010-03-15 09:37:35 +11:00
Deon George
0f782569e9 SF Bug #2969826 - XSS found in cmd.php 2010-03-14 23:57:16 +11:00
Deon George
676a675c7c SF Bug #2901854 - E_WARNING: implode(): Invalid arguments passed 2010-01-30 15:10:00 +11:00
Deon George
2393c5d5e3 Trim _REQUEST vars mainly to avoid null terminated strings 2009-12-23 09:03:13 +11:00
Deon George
efd1860a91 SF Bug #2554402 - template autofill command not work on appearance,date_attrs 2009-11-21 12:11:45 +11:00
Deon George
23a2da1f26 SF Bug #2898426 - Can't update own password 2009-11-21 11:17:53 +11:00
Deon George
a6dc80616b Fix rendering of js_calendar on add_attr, when no previous DateAttributes existed 2009-09-20 11:44:26 +10:00