Commit Graph

378 Commits

Author SHA1 Message Date
a0117e4ad8 Mandatory function arguments must be listed before optional ones. Alternate fix for 3a75a32 2023-04-02 10:42:25 +10:00
3bfd55de08 Revert "Mandatory function arguments must be listed before optional ones."
This reverts commit 3a75a32100.

Since calls to those functions had the arguements fully populated, just remove the default configured arg values.
2023-04-02 10:42:25 +10:00
d1dae60f05 get_magic_quotes_gpc() was deprecrated as of PHP 7.4 2023-04-02 10:42:25 +10:00
f29e200b96 Revert "Do not call get_magic_quote_gpc() when running in PHP version >= 5.4."
This reverts commit 3ec9c23d58.

The minimum requirement for PLA is 7.0
2023-04-02 10:42:25 +10:00
e5aa9eb1e7 each() deprecated in php 7.2 2023-04-02 10:42:25 +10:00
Deon George
30abeffc30 Fix for Implicit conversion from float 0.75 in createlm - fixes #193 2023-04-02 00:58:00 +11:00
d4b19d07db Updated version to 1.2.6.6 2023-04-02 00:46:16 +11:00
85f8c61e80 Fix for Setting of IV length for AEAD mode failed - closes #183 2023-04-02 00:36:15 +11:00
1650d6a921 Another fix for CVE-2020-35132 - closes #137, missed from #130 2023-04-02 00:25:47 +11:00
Deon George
c84b2d6d91 Updated version to 1.2.6.5 2023-02-15 17:36:15 +11:00
Deon George
ef8d0ce94c Fix mistake in patch #176 as identified in #170 2023-02-15 17:33:47 +11:00
Eric Lavault
15cc6f5382
Issue #165 Proper check for memory_limit config (#180)
* fix #165 : Handle shorthand notation for PHP memory_limit check

* fix config default memory threshold.
2023-02-15 17:24:19 +11:00
bendem
364c0565a2
don't apply preventXSS on 'filter' parameters in export and search (#168)
fixes #98
2023-01-20 20:08:49 +11:00
jmptbl
d09aa72a42
Inactivity message format fix (#171) 2023-01-20 20:08:07 +11:00
Klaus Tachtler
7226cea874
#170 - issue - openssl 3.0 patch (#176)
* Updated README with info on PLA v2

* Fix broken git command in readme - closes #124

* #170 - issue - openssl 3.0 patch

Co-authored-by: Deon George <deon@leenooks.net>
2023-01-20 20:06:44 +11:00
bendem
d15bd2dab3
Don't do any decoding on the password field (#163)
Fixes #162
2022-08-18 10:44:43 +10:00
Benjamin Renard
43bac58990 Add support of argon2i & argon2id password hash types
Closes pull-request #158
2022-08-05 10:49:10 +10:00
Patrick Monnerat
9488fe2ed7 Avoid passing a null value to PHP functions where another type is expected.
PHP 8.1 deprecates this feature.

Closes pull-request #149 and closes #150
2022-08-05 10:48:56 +10:00
Patrick Monnerat
5e9b95f9a8 Avoid 32-bit signed integer overflow in Blowfish computations.
PHP 8.1 deprecates float to int truncation.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
aeebf3faa6 Replace calls to strftime() by calls to date().
PHP 8.1 deprecates strftime().
2022-08-05 10:48:56 +10:00
Patrick Monnerat
b035e8a0f4 Do not use function is_resource().
PHP 8.1 replaces some kind of resources by built-in class instances.
As is_resource() is always used to test for failures, replace calls by
simple Boolean checks.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
f129579f45 Adapt app_error_handler() to PHP 8.
In an '@ error suppression context, PHP 8 error_reporting() no longer
returns 0 but an error mask of errors that cannot be supressed and
passes the effective error number to the error handler (instead of 0).

Adapt the test in a compatible way.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
c90dc06af2 Rename class Attribute to PLAAttribute.
As PHP 8 introduces a built-in Attribute class, a name clash occurs
without this commit.

Class names are used by the Visitor class to dynamically build method
names. To avoid having to also rename the target methods, a class name
mapping is introduced for this purpose. This map may be augmented
whenever another similar case occurs.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
3a75a32100 Mandatory function arguments must be listed before optional ones.
PHP 8 deprecates the ability to have
	function whatever($arg1, $arg2='something', $arg3)

This commit reorders arguments of functions set_cached_item() and
draw_jpeg_photo() to meet this new requirement.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
3ec9c23d58 Do not call get_magic_quote_gpc() when running in PHP version >= 5.4.
This deprecated function has been removed in PHP 8.
2022-08-05 10:48:56 +10:00
KuhnChris
857f0c539c sanity-fix: gettext and session mod check
Closes pull-request #152
2022-08-05 10:48:56 +10:00
Andrés Maldonado
97eed9d9cd Prevent strftime overflow on 32 bit systems
Fixes "strftime() expects parameter 2 to be integer, float given"

Closes pull request #156 and closes #155
2022-08-05 10:48:31 +10:00
Deon George
d4cae5065b Updated version to 1.2.6.3 2021-12-12 13:35:51 +11:00
Deon George
386d6ab83b Fix syntax error created by a0de69b - thanks to Bert Van de Poel for testing this and identifying the error 2021-12-12 13:25:28 +11:00
Deon George
1d26d435c2 Special character issue in password - closes #104 2021-12-10 16:14:04 +11:00
Deon George
a0de69bd58 foreach error in lib_ldap_pla.php:checkUniqueAttrs when uidpool is turned on - closes #20 2021-12-10 16:05:01 +11:00
EtienneBarbier
a8c9abe22b Add option to list available password types - closes #143 2021-12-10 15:56:58 +11:00
Bert Van de Poel
1c7340ce48 Correct incorrent mixing of tabs and spaces.
All code (including code originating from the blowfish PR) now correctly use tabs. Spaces are only used for alignment in comments where necessary.
2021-12-10 15:18:26 +11:00
Bert Van de Poel
24ce5d5833 Replace salt function with a more modern, cryptographically secure pseudo-random method
Set minimum PHP version to 7.0.0 for random_bytes
2021-12-10 15:18:18 +11:00
Bert Van de Poel
fe3798f8ec Modernize sha1 and md5 password hash and check functions: remove unnecessary pack, no longer use very old fallbacks, and use random_salt 2021-12-10 15:18:09 +11:00
Bert Van de Poel
1a09e4ff3c Modernize sha512 hash code: replace openssl_digest with the generic hash function, remove check no longer necessary in minimum version 2021-12-10 15:18:01 +11:00
Bert Van de Poel
bc1691f5d2 Add hash support for ssha512 2021-12-10 15:17:54 +11:00
Bert Van de Poel
54bb4743aa Add hash support for salted and non-salted sha256 and sha384 (therefore adding full support for all hashes in the sha2 openLDAP module) 2021-12-10 15:17:43 +11:00
Franky Van Liedekerke
46cc4a1b13 Take into account empty arguments
If no argument is given to the function call, don't try to pass an empty array as some php functions don't allow arguments (like the time function)
2021-12-10 15:09:18 +11:00
Maarten
45aa1e5208 Added script comment for the Autofill A flag 2021-12-10 15:06:36 +11:00
Maarten
02b047c1f5 Bug fix: typo in regex 2021-12-10 15:06:36 +11:00
Maarten
6d4aff8733 Added optional delimiter to /K autofill function 2021-12-10 15:06:36 +11:00
Scott Shambarger
00683b3ea7 Added TLS client certificate support
Adds configuration for TLS client certificates to secure TLS connection
(requires PHP 7.1+ to use).
Updates use of ldap_set_option to report errors if settings fail.
Modifies connection logic to fail if connection preparation fails
(eg. to avoid connections over insecure links if requested TLS fails).
2021-12-10 15:02:31 +11:00
Scott Shambarger
da69ebf06a Added SASL EXTERNAL authentication support
New auth_type 'sasl_external'.  Login is hard coded as 'external'
2021-12-10 14:59:02 +11:00
Deon George
a8fe6f3274 Revert part of 0b657471 to fix #105 - Problem with member select list to goun 2020-09-23 10:13:11 +10:00
Deon George
0c334f0385 Fix for issue #103 - hexdec() causes an deprecation notice when invalid chars are used 2020-09-19 17:09:29 +10:00
Deon George
9fac4b415a Release 1.2.6 2020-09-19 13:45:09 +10:00
Nic Bernstein
f4c8c3d31e SF Bug #1008 getContainerPath doesn't properly traverse to baseDN and back & #1009 - return_ldap_hash should not return container object in result set 2020-08-31 08:49:02 +10:00
Andy Beefeater
e45e71fd08 SF Feature #356 - HTMLTree icons formatting 2020-08-31 08:48:49 +10:00
Deon George
0011184a3f Documenting OID 1.3.6.1.1.22 - Thank you. Closes #102 2020-08-30 22:27:03 +10:00