Deon George
fc7ab06358
Fix broken git command in readme - closes #124
2021-12-10 15:05:13 +11:00
Deon George
a4924f7453
Updated README with info on PLA v2
2020-09-12 22:41:52 +10:00
Deon George
0011184a3f
Documenting OID 1.3.6.1.1.22 - Thank you. Closes #102
2020-08-30 22:27:03 +10:00
Deon George
aa5be41b06
Add autocomplete=off - closes #122
2020-08-30 22:09:52 +10:00
Gurvinder Dadyala
bdfd68c3b6
Added Bcrypt support ( #116 )
...
* Set minimum PHP version to 5.5.0| Bcrypt Support
* Added Bcrypt hash support
* Update Install.md
2020-08-30 21:58:50 +10:00
Armin Leuprecht
fb437b037e
Decode plainpassword before check ( #115 )
...
When the user's password contains HTML special chars
the password check would always fail if the
the given plainpassword is not decoded first.
2020-08-30 21:57:40 +10:00
Bennet Bleßmann
34d4f20222
Fixes usage of deprecated array/string access syntax. ( #97 )
...
PHP 7.4 Compatibility.
2020-08-30 21:56:25 +10:00
JamesCordell
0b65747110
Changes required so the sudoRole objectClass will present a link so members can be modified by default. ( #101 )
2020-02-20 09:17:37 +11:00
Jakub Filak
4661aa2114
Hooks fixes ( #99 )
...
* repace deprecated each with foreach
I tried to enable the example.php hooks and the use of the keyword each
was causing crashes in the docker image osixia/phpldapadmin:0.9.0
* check if DEBUG_ENABLED is defined
I enabled the hooks example.php and I started getting crashes caused by
undefined constant.
Tested with the docker image osixia/phpldapadmin:0.9.0
2020-02-20 09:17:01 +11:00
sshambar
0a57b2f80e
Added appearance option show_authz ( #94 )
...
Enabling displays the authorization ID rather than the authentication ID,
similar to using ldapwhoami. Requires PHP 7.2+
2020-02-20 09:14:18 +11:00
sshambar
0fe1758572
Add SASL PLAIN authentication support ( #92 )
...
Adds a new sasl mech 'plain' which converts all simple authentication
methods to SASL PLAIN. NOTE: doesn't use auth_type 'sasl' as
credentials may come from login form, stored in cookies etc...
2020-02-20 09:12:39 +11:00
Noone404
4eb3737d31
Added option to use template string for bind DN ( #90 )
...
* Language update from launchpad
* Added login option 'bind_dn_template'
2020-02-20 09:11:17 +11:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA ( #87 )
...
* reCaptcha config
* config reCaptcha
* check reCAPTCHA
* add reCAPTCHA to form login
* config attributes for reCAPTCHA
* Function to verify request with reCAPTCHA
* doc reCaptcha
2020-02-20 09:04:20 +11:00
Deon George
8f4ced96f9
Release 1.2.5
2019-08-20 22:24:40 +10:00
Deon George
722fefad1c
Merge pull request #84 from nayo/patch-2
...
Fix error and set by default to preventXSS. Closes #84 and #85
2019-08-07 16:34:53 +10:00
Genaro Contreras Gutierrez
c87571f6b7
Fix error and set by default to preventXSS
2019-07-31 08:21:14 -07:00
Deon George
cb9c0cce3e
Merge pull request #82 from nayo/patch-1
...
Function to prevent XSS attacks
2019-07-31 07:38:06 +08:00
Genaro Contreras Gutierrez
0b10c30c79
other usage of function preventXSS
...
Other example of usage:
preventXSS(get_request('cmd','REQUEST'))
Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false
2019-07-30 08:49:41 -07:00
Genaro Contreras Gutierrez
c22c98c463
update get_request when an error occurs
...
Example to use to prevent XSS attack from get_request
get_request('cmd','REQUEST',false,null,true)
2019-07-30 08:44:10 -07:00
Genaro Contreras Gutierrez
25cbb26e1d
update function get_request to preventXSS
...
The XSS prevent function was created and used
2019-07-30 08:38:14 -07:00
Genaro Contreras Gutierrez
08c21fe7ca
Prevent XSS attack since function get_request
...
The $preventXSS parameter was added to the get_request function to avoid XSS attacks.
It was not set by default as $preventXSS=true, because it can affect fields such as passwords.
Using "htmlspecialchars" and "addslashes" functions of PHP.
2019-07-30 08:29:17 -07:00
Deon George
1bd14ddf68
Removed reference to missing function - closes #65
2019-07-15 14:49:52 +10:00
Deon George
95411c05e1
Release 1.2.4
2019-05-14 15:01:32 +10:00
Deon George
7b1f6b5132
Fix for PHP 7.3 - deprecated continue in switch
2019-05-14 15:00:28 +10:00
Deon George
3c0ca27477
Remove SF branding
2019-04-21 23:37:10 +10:00
Deon George
511ead3ec6
Revert #63 - Add attribute not rendering correctly
2019-04-20 15:39:48 +10:00
Deon George
e37b498de1
PHP 7.2 compatibility fixes - closes #64
2019-04-19 22:48:22 +10:00
Deon George
29d7d4b2f7
Fixes #31 - Glue entries are not browsable through phpldapadmin
2019-04-19 21:01:02 +10:00
Deon George
c494078550
Closes pull request #22 and fixes #18 - preg_replace_callback changes
2019-04-19 20:08:53 +10:00
Deon George
73b7795bc0
Fixes #21 - Undefined variable: _SESSION
2019-04-18 23:17:24 +10:00
Deon George
c1af05f403
Merge pull request #63 from dago/renderfix
...
Fixes for translation of "Add new attribute"
2019-04-18 12:34:00 +10:00
Deon George
49ef60f26b
Merge pull request #62 from spagu/patch-1
...
Fix php7.2 errors for function __autoload and create_function as they were deprecated.
2019-04-18 12:31:49 +10:00
Deon George
aa11e318ec
Merge pull request #60 from NHellFire/php7.1
...
Use OpenSSL for blowfish when available (fixes #58 )
2019-04-18 12:16:08 +10:00
Deon George
f3aad72b57
Merge pull request #66 from MichaelIT/master
...
Incompatable with openLDAP >=2.1.2
2019-04-18 11:58:12 +10:00
Deon George
6a55d808a2
Merge pull request #69 from RoyChaudhuri/master
...
Fix for bug #68 , long redirect response
2019-04-18 11:56:25 +10:00
Deon George
aec5053f55
Merge pull request #71 from anarcat/CVE-2017-11107
...
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
2019-04-18 11:54:45 +10:00
Antoine Beaupré
4484129a41
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
...
Closes : #50
From: Ismail Belkacim <xd4rker@gmail.com>
2018-10-31 14:04:44 -04:00
Roy Chaudhuri
2e43cf95b9
Fix for bug #68 , exit after redirect response when URI parameter is received by index.php
2018-09-17 15:45:42 +01:00
Michael
7569423f11
Update functions.php
...
Since openLDAP >=2.1.2,ldap_explode_dn turns unprintable chars (in the ASCII sense, UTF8 encoded) into \<hexcode>.
2018-07-17 19:59:11 +08:00
Dagobert Michelsen
5c0f787fbf
Add URL for translation
2018-04-20 13:10:20 +02:00
Dagobert Michelsen
6c85d61525
Fix invocation of layout in TemplateRenderer
2018-04-20 12:33:58 +02:00
spagu
884cce1475
Update functions.php
2018-04-19 11:10:12 +01:00
NHellFire
53e005c1f4
Use OpenSSL for blowfish when available ( fixes #58 )
2018-02-11 07:22:36 +00:00
Deon George
733a10a1c5
Merge pull request #40 from PatrickBaus/master
...
Fixed detection of SSL encryption behind proxy server
2016-10-30 16:53:36 +08:00
Deon George
708bc5ed83
Merge pull request #37 from mr-GreyWolf/patch-1
...
Update functions.php
2016-10-30 16:53:05 +08:00
Deon George
e46579b34e
Merge pull request #34 from gulikoza/master
...
Fix moving ldap entries and login error with 'fallback_dn'
2016-10-30 16:52:22 +08:00
Deon George
4fefe2aa8c
Merge pull request #42 from ptomulik/crypt-sha
...
add support for SHA-256 and SHA-512 via crypt(3)
2016-10-30 16:47:44 +08:00
Paweł Tomulik
ee9034f24c
add support for SHA-256 and SHA-512 via crypt(3)
2016-10-08 21:24:33 +02:00
Patrick Baus
61af45e872
Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing.
2016-08-11 02:45:18 +02:00
Patrick Baus
dd6e9583a2
Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
...
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method , the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00