Patrick Baus
dd6e9583a2
Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
...
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method , the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00
Patrick Baus
665dbc2690
Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
...
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the
HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
2016-08-11 01:32:41 +02:00
Sébastien Collin
54191d7ffb
Fix some monitor information problems
...
Fix some monitor information problems as reported by @brendankearney
2015-01-30 13:56:29 +01:00
Marc Laporte
6135f94a51
typo
2014-07-25 20:36:21 -04:00
Deon George
f28d535948
SF Bug #3510648 - Cannot copy between servers
2012-09-05 21:54:42 +10:00
Deon George
74434e5ca3
SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables
2012-09-03 07:16:34 +10:00
Deon George
88d41216f9
SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY']
2012-09-03 06:19:19 +10:00
Paweł Tomulik
09c5e3a8da
SF Feature #3555472 - User-friendly items in entry chooser window.
2012-09-01 11:43:14 +10:00
Roland Gruber
6c8b623788
SF Patch #3391371 - Fix for schema link deactivation
2011-10-06 11:57:06 +11:00
Deon George
d5744b055a
SF Bug #3370546 - AjaxEnabled create and delete entry fails on IE9
2011-10-06 09:12:54 +11:00
Deon George
64668e882b
Remove XSS vulnerabilty in debug code
2011-07-27 07:30:06 +10:00
Deon George
6c93c1fc72
Fix deletion special char DNs, and refresh tree on delete
2011-05-04 00:02:33 +10:00
Marcel van Dorp
880a86f666
SF Feature #3122736 - HTTP authentication realm
2011-04-29 12:46:49 +10:00
Deon George
a35298e7f3
SF Bug #3036033 - Error if CN begins with a % sign
2011-04-29 12:08:38 +10:00
Deon George
2ea1fc6314
SF Bug #3003777 - Multivalue attributes with hundred of values hangs on modify
2011-04-29 00:19:53 +10:00
Deon George
1f9308dc4d
Fixes for jpegPhoto attributes during copy operations
2011-04-28 23:20:06 +10:00
Deon George
9e9960bc3d
SF Bug #3003779 - Unable to check password for NT and LN samba hashed
2011-04-27 21:53:47 +10:00
Deon George
6e5ec75b55
SF Bug #3077852 - Default template being used after modificaiton of entry
2011-04-27 00:02:05 +10:00
Deon George
97eff7383c
SF Bug #3276528 - Problem with + and , signs in dn
2011-04-26 23:21:19 +10:00
Deon George
be623ce3f5
SF Bug #3136564 - Undefined variable: result (E_NOTICE)
2011-04-26 11:40:35 +10:00
Deon George
2cf20fcf44
SF Bug #2981355 - rawurldecode killing complex passwords
2011-04-26 10:10:43 +10:00
Deon George
c5f045756e
SF Bug #2980701 - Creation templates get used for modification post creation
2011-04-26 00:10:58 +10:00
Deon George
7980d1c131
SF Patch #2974901 - enable modify member form to use netgroups
2010-11-16 22:05:18 +11:00
Deon George
7d17676fd7
Enabled create_base
2010-03-18 13:25:53 +11:00
Deon George
1c467a6115
New feature: Copy a DN and edit values before creation
2010-03-18 13:24:04 +11:00
Deon George
2e8e9625d6
AJAX work on create/update
2010-03-15 09:37:37 +11:00
Deon George
f713afc8d1
HTML Validation work
2010-03-15 09:37:35 +11:00
Deon George
0f782569e9
SF Bug #2969826 - XSS found in cmd.php
2010-03-14 23:57:16 +11:00
Deon George
676a675c7c
SF Bug #2901854 - E_WARNING: implode(): Invalid arguments passed
2010-01-30 15:10:00 +11:00
Deon George
2393c5d5e3
Trim _REQUEST vars mainly to avoid null terminated strings
2009-12-23 09:03:13 +11:00
Deon George
efd1860a91
SF Bug #2554402 - template autofill command not work on appearance,date_attrs
2009-11-21 12:11:45 +11:00
Deon George
23a2da1f26
SF Bug #2898426 - Can't update own password
2009-11-21 11:17:53 +11:00
Deon George
a6dc80616b
Fix rendering of js_calendar on add_attr, when no previous DateAttributes existed
2009-09-20 11:44:26 +10:00
Deon George
f0a6d312ab
Enable control of creating children in templates
2009-09-20 11:44:23 +10:00
Deon George
3ffe6878f3
Minor updates
2009-09-07 00:13:58 +10:00
Deon George
9cb27e3a70
Miscellaneous minor updates
2009-08-29 00:11:23 +10:00
Deon George
b93b92f430
Rework javascript
2009-08-22 21:30:50 +10:00
Deon George
6e6a7a6e4e
Multiple fixes, changes and enhancements
...
* mass edit selection,
* child search during edit,
* attr login with bind_id,
* performance fix broke ldapservers that dont have havesubordinate attrs),
* enable "login,class",
* enable "login,base".
2009-08-21 15:02:12 +10:00
Deon George
95aedef718
Remove CVS tags
2009-08-20 12:25:48 +10:00
Deon George
5669c92371
Improvements to debug_log
2009-08-19 13:39:37 +10:00
Deon George
a0816d068c
Sync menu/tree processing with other projects, variable/function naming
2009-08-12 23:53:14 +10:00
Deon George
29cb490571
Fixes for issues introduced by commit bbe87c6e2
2009-07-27 17:18:25 +10:00
Deon George
5938302012
Fix the simple ACL configuration
2009-07-26 01:21:23 +10:00
Deon George
bbe87c6e2f
SF Bug #2820854 - ldap_first_attribute error
2009-07-14 19:07:43 +10:00
Deon George
6627c7bea4
Fix spelling
2009-07-12 22:02:30 +10:00
Deon George
223086b58e
Fix for when invalid objectclass entered
2009-07-12 22:02:19 +10:00
Deon George
5481f61ce3
Use calls to getRootDSE()
2009-07-12 12:28:39 +10:00
Deon George
d364af141f
Minor display change
2009-07-11 14:19:04 +10:00
Deon George
4eed1d8982
Enabled HTTP auth
2009-07-11 10:18:48 +10:00
Deon George
664c05decd
Removed stylesheet from index
2009-07-08 20:17:35 +10:00