In an '@ error suppression context, PHP 8 error_reporting() no longer
returns 0 but an error mask of errors that cannot be supressed and
passes the effective error number to the error handler (instead of 0).
Adapt the test in a compatible way.
As PHP 8 introduces a built-in Attribute class, a name clash occurs
without this commit.
Class names are used by the Visitor class to dynamically build method
names. To avoid having to also rename the target methods, a class name
mapping is introduced for this purpose. This map may be augmented
whenever another similar case occurs.
PHP 8 deprecates the ability to have
function whatever($arg1, $arg2='something', $arg3)
This commit reorders arguments of functions set_cached_item() and
draw_jpeg_photo() to meet this new requirement.
Adds configuration for TLS client certificates to secure TLS connection
(requires PHP 7.1+ to use).
Updates use of ldap_set_option to report errors if settings fail.
Modifies connection logic to fail if connection preparation fails
(eg. to avoid connections over insecure links if requested TLS fails).
* repace deprecated each with foreach
I tried to enable the example.php hooks and the use of the keyword each
was causing crashes in the docker image osixia/phpldapadmin:0.9.0
* check if DEBUG_ENABLED is defined
I enabled the hooks example.php and I started getting crashes caused by
undefined constant.
Tested with the docker image osixia/phpldapadmin:0.9.0
Adds a new sasl mech 'plain' which converts all simple authentication
methods to SASL PLAIN. NOTE: doesn't use auth_type 'sasl' as
credentials may come from login form, stored in cookies etc...
* reCaptcha config
* config reCaptcha
* check reCAPTCHA
* add reCAPTCHA to form login
* config attributes for reCAPTCHA
* Function to verify request with reCAPTCHA
* doc reCaptcha
Other example of usage:
preventXSS(get_request('cmd','REQUEST'))
Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false
The $preventXSS parameter was added to the get_request function to avoid XSS attacks.
It was not set by default as $preventXSS=true, because it can affect fields such as passwords.
Using "htmlspecialchars" and "addslashes" functions of PHP.