Deon George
aa5be41b06
Add autocomplete=off - closes #122
2020-08-30 22:09:52 +10:00
JamesCordell
0b65747110
Changes required so the sudoRole objectClass will present a link so members can be modified by default. ( #101 )
2020-02-20 09:17:37 +11:00
Noone404
4eb3737d31
Added option to use template string for bind DN ( #90 )
...
* Language update from launchpad
* Added login option 'bind_dn_template'
2020-02-20 09:11:17 +11:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA ( #87 )
...
* reCaptcha config
* config reCaptcha
* check reCAPTCHA
* add reCAPTCHA to form login
* config attributes for reCAPTCHA
* Function to verify request with reCAPTCHA
* doc reCaptcha
2020-02-20 09:04:20 +11:00
Deon George
1bd14ddf68
Removed reference to missing function - closes #65
2019-07-15 14:49:52 +10:00
Deon George
73b7795bc0
Fixes #21 - Undefined variable: _SESSION
2019-04-18 23:17:24 +10:00
Deon George
6a55d808a2
Merge pull request #69 from RoyChaudhuri/master
...
Fix for bug #68 , long redirect response
2019-04-18 11:56:25 +10:00
Antoine Beaupré
4484129a41
Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
...
Closes : #50
From: Ismail Belkacim <xd4rker@gmail.com>
2018-10-31 14:04:44 -04:00
Roy Chaudhuri
2e43cf95b9
Fix for bug #68 , exit after redirect response when URI parameter is received by index.php
2018-09-17 15:45:42 +01:00
Deon George
733a10a1c5
Merge pull request #40 from PatrickBaus/master
...
Fixed detection of SSL encryption behind proxy server
2016-10-30 16:53:36 +08:00
Patrick Baus
61af45e872
Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing.
2016-08-11 02:45:18 +02:00
Patrick Baus
dd6e9583a2
Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
...
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method , the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00
Patrick Baus
665dbc2690
Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
...
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the
HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
2016-08-11 01:32:41 +02:00
gulikoza
726190e5b8
Fix moving entries when confirm['copy'] is set.
...
If 'Delete after copy (move)' is selected and confirm['copy'] is set (which is default),
the entry will be copyied (created) not moved. This patch will skip confirm when entry
is being moved as there is no reason to confirm the move again.
2016-01-24 12:02:42 +01:00
Sébastien Collin
54191d7ffb
Fix some monitor information problems
...
Fix some monitor information problems as reported by @brendankearney
2015-01-30 13:56:29 +01:00
Marc Laporte
6135f94a51
typo
2014-07-25 20:36:21 -04:00
Deon George
f28d535948
SF Bug #3510648 - Cannot copy between servers
2012-09-05 21:54:42 +10:00
Deon George
74434e5ca3
SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables
2012-09-03 07:16:34 +10:00
Deon George
88d41216f9
SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY']
2012-09-03 06:19:19 +10:00
Paweł Tomulik
09c5e3a8da
SF Feature #3555472 - User-friendly items in entry chooser window.
2012-09-01 11:43:14 +10:00
Roland Gruber
6c8b623788
SF Patch #3391371 - Fix for schema link deactivation
2011-10-06 11:57:06 +11:00
Deon George
d5744b055a
SF Bug #3370546 - AjaxEnabled create and delete entry fails on IE9
2011-10-06 09:12:54 +11:00
Deon George
64668e882b
Remove XSS vulnerabilty in debug code
2011-07-27 07:30:06 +10:00
Deon George
6c93c1fc72
Fix deletion special char DNs, and refresh tree on delete
2011-05-04 00:02:33 +10:00
Marcel van Dorp
880a86f666
SF Feature #3122736 - HTTP authentication realm
2011-04-29 12:46:49 +10:00
Deon George
a35298e7f3
SF Bug #3036033 - Error if CN begins with a % sign
2011-04-29 12:08:38 +10:00
Deon George
2ea1fc6314
SF Bug #3003777 - Multivalue attributes with hundred of values hangs on modify
2011-04-29 00:19:53 +10:00
Deon George
1f9308dc4d
Fixes for jpegPhoto attributes during copy operations
2011-04-28 23:20:06 +10:00
Deon George
9e9960bc3d
SF Bug #3003779 - Unable to check password for NT and LN samba hashed
2011-04-27 21:53:47 +10:00
Deon George
6e5ec75b55
SF Bug #3077852 - Default template being used after modificaiton of entry
2011-04-27 00:02:05 +10:00
Deon George
97eff7383c
SF Bug #3276528 - Problem with + and , signs in dn
2011-04-26 23:21:19 +10:00
Deon George
be623ce3f5
SF Bug #3136564 - Undefined variable: result (E_NOTICE)
2011-04-26 11:40:35 +10:00
Deon George
2cf20fcf44
SF Bug #2981355 - rawurldecode killing complex passwords
2011-04-26 10:10:43 +10:00
Deon George
c5f045756e
SF Bug #2980701 - Creation templates get used for modification post creation
2011-04-26 00:10:58 +10:00
Deon George
7980d1c131
SF Patch #2974901 - enable modify member form to use netgroups
2010-11-16 22:05:18 +11:00
Deon George
7d17676fd7
Enabled create_base
2010-03-18 13:25:53 +11:00
Deon George
1c467a6115
New feature: Copy a DN and edit values before creation
2010-03-18 13:24:04 +11:00
Deon George
2e8e9625d6
AJAX work on create/update
2010-03-15 09:37:37 +11:00
Deon George
f713afc8d1
HTML Validation work
2010-03-15 09:37:35 +11:00
Deon George
0f782569e9
SF Bug #2969826 - XSS found in cmd.php
2010-03-14 23:57:16 +11:00
Deon George
676a675c7c
SF Bug #2901854 - E_WARNING: implode(): Invalid arguments passed
2010-01-30 15:10:00 +11:00
Deon George
2393c5d5e3
Trim _REQUEST vars mainly to avoid null terminated strings
2009-12-23 09:03:13 +11:00
Deon George
efd1860a91
SF Bug #2554402 - template autofill command not work on appearance,date_attrs
2009-11-21 12:11:45 +11:00
Deon George
23a2da1f26
SF Bug #2898426 - Can't update own password
2009-11-21 11:17:53 +11:00
Deon George
a6dc80616b
Fix rendering of js_calendar on add_attr, when no previous DateAttributes existed
2009-09-20 11:44:26 +10:00
Deon George
f0a6d312ab
Enable control of creating children in templates
2009-09-20 11:44:23 +10:00
Deon George
3ffe6878f3
Minor updates
2009-09-07 00:13:58 +10:00
Deon George
9cb27e3a70
Miscellaneous minor updates
2009-08-29 00:11:23 +10:00
Deon George
b93b92f430
Rework javascript
2009-08-22 21:30:50 +10:00
Deon George
6e6a7a6e4e
Multiple fixes, changes and enhancements
...
* mass edit selection,
* child search during edit,
* attr login with bind_id,
* performance fix broke ldapservers that dont have havesubordinate attrs),
* enable "login,class",
* enable "login,base".
2009-08-21 15:02:12 +10:00