phpldapadmin

Author	SHA1	Message	Date
Deon George	aa5be41b06	Add autocomplete=off - closes #122	2020-08-30 22:09:52 +10:00
Gurvinder Dadyala	bdfd68c3b6	Added Bcrypt support (#116 ) * Set minimum PHP version to 5.5.0\| Bcrypt Support * Added Bcrypt hash support * Update Install.md	2020-08-30 21:58:50 +10:00
Armin Leuprecht	fb437b037e	Decode plainpassword before check (#115 ) When the user's password contains HTML special chars the password check would always fail if the the given plainpassword is not decoded first.	2020-08-30 21:57:40 +10:00
Bennet Bleßmann	34d4f20222	Fixes usage of deprecated array/string access syntax. (#97 ) PHP 7.4 Compatibility.	2020-08-30 21:56:25 +10:00
JamesCordell	0b65747110	Changes required so the sudoRole objectClass will present a link so members can be modified by default. (#101 )	2020-02-20 09:17:37 +11:00
Jakub Filak	4661aa2114	Hooks fixes (#99 ) * repace deprecated each with foreach I tried to enable the example.php hooks and the use of the keyword each was causing crashes in the docker image osixia/phpldapadmin:0.9.0 * check if DEBUG_ENABLED is defined I enabled the hooks example.php and I started getting crashes caused by undefined constant. Tested with the docker image osixia/phpldapadmin:0.9.0	2020-02-20 09:17:01 +11:00
sshambar	0a57b2f80e	Added appearance option show_authz (#94 ) Enabling displays the authorization ID rather than the authentication ID, similar to using ldapwhoami. Requires PHP 7.2+	2020-02-20 09:14:18 +11:00
sshambar	0fe1758572	Add SASL PLAIN authentication support (#92 ) Adds a new sasl mech 'plain' which converts all simple authentication methods to SASL PLAIN. NOTE: doesn't use auth_type 'sasl' as credentials may come from login form, stored in cookies etc...	2020-02-20 09:12:39 +11:00
Noone404	4eb3737d31	Added option to use template string for bind DN (#90 ) * Language update from launchpad * Added login option 'bind_dn_template'	2020-02-20 09:11:17 +11:00
Genaro Contreras Gutierrez	cbdc0dacd6	Auth Form wiht Google reCAPTCHA (#87 ) * reCaptcha config * config reCaptcha * check reCAPTCHA * add reCAPTCHA to form login * config attributes for reCAPTCHA * Function to verify request with reCAPTCHA * doc reCaptcha	2020-02-20 09:04:20 +11:00
Deon George	8f4ced96f9	Release 1.2.5	2019-08-20 22:24:40 +10:00
Deon George	722fefad1c	Merge pull request #84 from nayo/patch-2 Fix error and set by default to preventXSS. Closes #84 and #85	2019-08-07 16:34:53 +10:00
Genaro Contreras Gutierrez	c87571f6b7	Fix error and set by default to preventXSS	2019-07-31 08:21:14 -07:00
Deon George	cb9c0cce3e	Merge pull request #82 from nayo/patch-1 Function to prevent XSS attacks	2019-07-31 07:38:06 +08:00
Genaro Contreras Gutierrez	0b10c30c79	other usage of function preventXSS Other example of usage: preventXSS(get_request('cmd','REQUEST')) Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false	2019-07-30 08:49:41 -07:00
Genaro Contreras Gutierrez	c22c98c463	update get_request when an error occurs Example to use to prevent XSS attack from get_request get_request('cmd','REQUEST',false,null,true)	2019-07-30 08:44:10 -07:00
Genaro Contreras Gutierrez	25cbb26e1d	update function get_request to preventXSS The XSS prevent function was created and used	2019-07-30 08:38:14 -07:00
Genaro Contreras Gutierrez	08c21fe7ca	Prevent XSS attack since function get_request The $preventXSS parameter was added to the get_request function to avoid XSS attacks. It was not set by default as $preventXSS=true, because it can affect fields such as passwords. Using "htmlspecialchars" and "addslashes" functions of PHP.	2019-07-30 08:29:17 -07:00
Deon George	1bd14ddf68	Removed reference to missing function - closes #65	2019-07-15 14:49:52 +10:00
Deon George	95411c05e1	Release 1.2.4	2019-05-14 15:01:32 +10:00
Deon George	7b1f6b5132	Fix for PHP 7.3 - deprecated continue in switch	2019-05-14 15:00:28 +10:00
Deon George	3c0ca27477	Remove SF branding	2019-04-21 23:37:10 +10:00
Deon George	511ead3ec6	Revert #63 - Add attribute not rendering correctly	2019-04-20 15:39:48 +10:00
Deon George	e37b498de1	PHP 7.2 compatibility fixes - closes #64	2019-04-19 22:48:22 +10:00
Deon George	29d7d4b2f7	Fixes #31 - Glue entries are not browsable through phpldapadmin	2019-04-19 21:01:02 +10:00
Deon George	c494078550	Closes pull request #22 and fixes #18 - preg_replace_callback changes	2019-04-19 20:08:53 +10:00
Deon George	73b7795bc0	Fixes #21 - Undefined variable: _SESSION	2019-04-18 23:17:24 +10:00
Deon George	c1af05f403	Merge pull request #63 from dago/renderfix Fixes for translation of "Add new attribute"	2019-04-18 12:34:00 +10:00
Deon George	49ef60f26b	Merge pull request #62 from spagu/patch-1 Fix php7.2 errors for function __autoload and create_function as they were deprecated.	2019-04-18 12:31:49 +10:00
Deon George	aa11e318ec	Merge pull request #60 from NHellFire/php7.1 Use OpenSSL for blowfish when available (fixes #58)	2019-04-18 12:16:08 +10:00
Deon George	f3aad72b57	Merge pull request #66 from MichaelIT/master Incompatable with openLDAP >=2.1.2	2019-04-18 11:58:12 +10:00
Deon George	6a55d808a2	Merge pull request #69 from RoyChaudhuri/master Fix for bug #68, long redirect response	2019-04-18 11:56:25 +10:00
Deon George	aec5053f55	Merge pull request #71 from anarcat/CVE-2017-11107 Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)	2019-04-18 11:54:45 +10:00
Antoine Beaupré	4484129a41	Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107) Closes: #50 From: Ismail Belkacim <xd4rker@gmail.com>	2018-10-31 14:04:44 -04:00
Roy Chaudhuri	2e43cf95b9	Fix for bug #68 , exit after redirect response when URI parameter is received by index.php	2018-09-17 15:45:42 +01:00
Michael	7569423f11	Update functions.php Since openLDAP >=2.1.2,ldap_explode_dn turns unprintable chars (in the ASCII sense, UTF8 encoded) into \<hexcode>.	2018-07-17 19:59:11 +08:00
Dagobert Michelsen	5c0f787fbf	Add URL for translation	2018-04-20 13:10:20 +02:00
Dagobert Michelsen	6c85d61525	Fix invocation of layout in TemplateRenderer	2018-04-20 12:33:58 +02:00
spagu	884cce1475	Update functions.php	2018-04-19 11:10:12 +01:00
NHellFire	53e005c1f4	Use OpenSSL for blowfish when available (fixes #58 )	2018-02-11 07:22:36 +00:00
Deon George	733a10a1c5	Merge pull request #40 from PatrickBaus/master Fixed detection of SSL encryption behind proxy server	2016-10-30 16:53:36 +08:00
Deon George	708bc5ed83	Merge pull request #37 from mr-GreyWolf/patch-1 Update functions.php	2016-10-30 16:53:05 +08:00
Deon George	e46579b34e	Merge pull request #34 from gulikoza/master Fix moving ldap entries and login error with 'fallback_dn'	2016-10-30 16:52:22 +08:00
Deon George	4fefe2aa8c	Merge pull request #42 from ptomulik/crypt-sha add support for SHA-256 and SHA-512 via crypt(3)	2016-10-30 16:47:44 +08:00
Paweł Tomulik	ee9034f24c	add support for SHA-256 and SHA-512 via crypt(3)	2016-10-08 21:24:33 +02:00
Patrick Baus	61af45e872	Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing.	2016-08-11 02:45:18 +02:00
Patrick Baus	dd6e9583a2	Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method, the header should be ignored anyway if those properties were set.	2016-08-11 01:48:12 +02:00
Patrick Baus	665dbc2690	Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption. If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed	2016-08-11 01:32:41 +02:00
mr-GreyWolf	599d55700d	Update functions.php	2016-03-30 23:07:02 +04:00
gulikoza	726190e5b8	Fix moving entries when confirm['copy'] is set. If 'Delete after copy (move)' is selected and confirm['copy'] is set (which is default), the entry will be copyied (created) not moved. This patch will skip confirm when entry is being moved as there is no reason to confirm the move again.	2016-01-24 12:02:42 +01:00

1 2 3 4 5 ...

328 Commits