deon/phpldapadmin
1
0
Fork 0
Code Issues 36 Pull Requests Packages Projects Releases Wiki Activity
331 Commits 12 Branches 53 Tags 14 MiB
fc7ab06358
Commit Graph

331 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Deon George
fc7ab06358 Fix broken git command in readme - closes #124 2021-12-10 15:05:13 +11:00
Deon George
a4924f7453 Updated README with info on PLA v2 2020-09-12 22:41:52 +10:00
Deon George
0011184a3f Documenting OID 1.3.6.1.1.22 - Thank you. Closes #102 2020-08-30 22:27:03 +10:00
Deon George
aa5be41b06 Add autocomplete=off - closes #122 2020-08-30 22:09:52 +10:00
Gurvinder Dadyala
bdfd68c3b6
Added Bcrypt support (#116) 
* Set minimum PHP version to 5.5.0| Bcrypt Support
* Added Bcrypt hash support
* Update Install.md
 2020-08-30 21:58:50 +10:00
Armin Leuprecht
fb437b037e
Decode plainpassword before check (#115) 
When the user's password contains HTML special chars
the password check would always fail if the
the given plainpassword is not decoded first.
 2020-08-30 21:57:40 +10:00
Bennet Bleßmann
34d4f20222
Fixes usage of deprecated array/string access syntax. (#97) 
PHP 7.4 Compatibility.
 2020-08-30 21:56:25 +10:00
JamesCordell
0b65747110
Changes required so the sudoRole objectClass will present a link so members can be modified by default. (#101) 2020-02-20 09:17:37 +11:00
Jakub Filak
4661aa2114
Hooks fixes (#99) 
* repace deprecated each with foreach

I tried to enable the example.php hooks and the use of the keyword each
was causing crashes in the docker image osixia/phpldapadmin:0.9.0

* check if DEBUG_ENABLED is defined

I enabled the hooks example.php and I started getting crashes caused by
undefined constant.

Tested with the docker image osixia/phpldapadmin:0.9.0
 2020-02-20 09:17:01 +11:00
sshambar
0a57b2f80e
Added appearance option show_authz (#94) 
Enabling displays the authorization ID rather than the authentication ID,
similar to using ldapwhoami.  Requires PHP 7.2+
 2020-02-20 09:14:18 +11:00
sshambar
0fe1758572
Add SASL PLAIN authentication support (#92) 
Adds a new sasl mech 'plain' which converts all simple authentication
methods to SASL PLAIN.  NOTE: doesn't use auth_type 'sasl' as
credentials may come from login form, stored in cookies etc...
 2020-02-20 09:12:39 +11:00
Noone404
4eb3737d31
Added option to use template string for bind DN (#90) 
* Language update from launchpad

* Added login option 'bind_dn_template'
 2020-02-20 09:11:17 +11:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA (#87) 
* reCaptcha config

* config reCaptcha

* check reCAPTCHA

* add reCAPTCHA to form login

* config attributes for reCAPTCHA

* Function to verify request with reCAPTCHA

* doc reCaptcha
 2020-02-20 09:04:20 +11:00
Deon George
8f4ced96f9 Release 1.2.5 2019-08-20 22:24:40 +10:00
Deon George
722fefad1c
Merge pull request #84 from nayo/patch-2 
Fix error and set by default to preventXSS. Closes #84 and #85
 2019-08-07 16:34:53 +10:00
Genaro Contreras Gutierrez
c87571f6b7
Fix error and set by default to preventXSS 2019-07-31 08:21:14 -07:00
Deon George
cb9c0cce3e
Merge pull request #82 from nayo/patch-1 
Function to prevent XSS attacks
 2019-07-31 07:38:06 +08:00
Genaro Contreras Gutierrez
0b10c30c79
other usage of function preventXSS 
Other example of usage:
preventXSS(get_request('cmd','REQUEST'))

Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false
 2019-07-30 08:49:41 -07:00
Genaro Contreras Gutierrez
c22c98c463
update get_request when an error occurs 
Example to use to prevent XSS attack from get_request

get_request('cmd','REQUEST',false,null,true)
 2019-07-30 08:44:10 -07:00
Genaro Contreras Gutierrez
25cbb26e1d
update function get_request to preventXSS 
The XSS prevent function was created and used
 2019-07-30 08:38:14 -07:00
Genaro Contreras Gutierrez
08c21fe7ca
Prevent XSS attack since function get_request 
The $preventXSS parameter was added to the get_request function to avoid XSS attacks.
It was not set by default as $preventXSS=true, because it can affect fields such as passwords.

Using "htmlspecialchars" and "addslashes" functions of PHP.
 2019-07-30 08:29:17 -07:00
Deon George
1bd14ddf68 Removed reference to missing function - closes #65 2019-07-15 14:49:52 +10:00
Deon George
95411c05e1 Release 1.2.4 2019-05-14 15:01:32 +10:00
Deon George
7b1f6b5132 Fix for PHP 7.3 - deprecated continue in switch 2019-05-14 15:00:28 +10:00
Deon George
3c0ca27477 Remove SF branding 2019-04-21 23:37:10 +10:00
Deon George
511ead3ec6 Revert #63 - Add attribute not rendering correctly 2019-04-20 15:39:48 +10:00
Deon George
e37b498de1 PHP 7.2 compatibility fixes - closes #64 2019-04-19 22:48:22 +10:00
Deon George
29d7d4b2f7 Fixes #31 - Glue entries are not browsable through phpldapadmin 2019-04-19 21:01:02 +10:00
Deon George
c494078550 Closes pull request #22 and fixes #18 - preg_replace_callback changes 2019-04-19 20:08:53 +10:00
Deon George
73b7795bc0 Fixes #21 - Undefined variable: _SESSION 2019-04-18 23:17:24 +10:00
Deon George
c1af05f403
Merge pull request #63 from dago/renderfix 
Fixes for translation of "Add new attribute"
 2019-04-18 12:34:00 +10:00
Deon George
49ef60f26b
Merge pull request #62 from spagu/patch-1 
Fix php7.2 errors for function __autoload and create_function as they were deprecated.
 2019-04-18 12:31:49 +10:00
Deon George
aa11e318ec
Merge pull request #60 from NHellFire/php7.1 
Use OpenSSL for blowfish when available (fixes #58)
 2019-04-18 12:16:08 +10:00
Deon George
f3aad72b57
Merge pull request #66 from MichaelIT/master 
Incompatable with openLDAP >=2.1.2
 2019-04-18 11:58:12 +10:00
Deon George
6a55d808a2
Merge pull request #69 from RoyChaudhuri/master 
Fix for bug #68, long redirect response
 2019-04-18 11:56:25 +10:00
Deon George
aec5053f55
Merge pull request #71 from anarcat/CVE-2017-11107 
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
 2019-04-18 11:54:45 +10:00
Antoine Beaupré
4484129a41
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107) 
Closes: #50

From: Ismail Belkacim <xd4rker@gmail.com>
 2018-10-31 14:04:44 -04:00
Roy Chaudhuri
2e43cf95b9 Fix for bug #68, exit after redirect response when URI parameter is received by index.php 2018-09-17 15:45:42 +01:00
Michael
7569423f11
Update functions.php 
Since openLDAP >=2.1.2,ldap_explode_dn turns unprintable chars (in the ASCII sense, UTF8 encoded) into \<hexcode>.
 2018-07-17 19:59:11 +08:00
Dagobert Michelsen
5c0f787fbf Add URL for translation 2018-04-20 13:10:20 +02:00
Dagobert Michelsen
6c85d61525 Fix invocation of layout in TemplateRenderer 2018-04-20 12:33:58 +02:00
spagu
884cce1475
Update functions.php 2018-04-19 11:10:12 +01:00
NHellFire
53e005c1f4 Use OpenSSL for blowfish when available (fixes #58) 2018-02-11 07:22:36 +00:00
Deon George
733a10a1c5 Merge pull request #40 from PatrickBaus/master 
Fixed detection of SSL encryption behind proxy server
 2016-10-30 16:53:36 +08:00
Deon George
708bc5ed83 Merge pull request #37 from mr-GreyWolf/patch-1 
Update functions.php
 2016-10-30 16:53:05 +08:00
Deon George
e46579b34e Merge pull request #34 from gulikoza/master 
Fix moving ldap entries and login error with 'fallback_dn'
 2016-10-30 16:52:22 +08:00
Deon George
4fefe2aa8c Merge pull request #42 from ptomulik/crypt-sha 
add support for SHA-256 and SHA-512 via crypt(3)
 2016-10-30 16:47:44 +08:00
Paweł Tomulik
ee9034f24c add support for SHA-256 and SHA-512 via crypt(3) 2016-10-08 21:24:33 +02:00
Patrick Baus
61af45e872 Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing. 2016-08-11 02:45:18 +02:00
Patrick Baus
dd6e9583a2 Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling 
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method, the header should be ignored anyway if those properties were set.
 2016-08-11 01:48:12 +02:00