Deon George
ef8d0ce94c
Fix mistake in patch #176 as identified in #170
2023-02-15 17:33:47 +11:00
Eric Lavault
15cc6f5382
Issue #165 Proper check for memory_limit config ( #180 )
...
* fix #165 : Handle shorthand notation for PHP memory_limit check
* fix config default memory threshold.
2023-02-15 17:24:19 +11:00
bendem
364c0565a2
don't apply preventXSS on 'filter' parameters in export and search ( #168 )
...
fixes #98
2023-01-20 20:08:49 +11:00
jmptbl
d09aa72a42
Inactivity message format fix ( #171 )
2023-01-20 20:08:07 +11:00
Klaus Tachtler
7226cea874
#170 - issue - openssl 3.0 patch ( #176 )
...
* Updated README with info on PLA v2
* Fix broken git command in readme - closes #124
* #170 - issue - openssl 3.0 patch
Co-authored-by: Deon George <deon@leenooks.net>
2023-01-20 20:06:44 +11:00
Benjamin Renard
43bac58990
Add support of argon2i & argon2id password hash types
...
Closes pull-request #158
2022-08-05 10:49:10 +10:00
Patrick Monnerat
9488fe2ed7
Avoid passing a null value to PHP functions where another type is expected.
...
PHP 8.1 deprecates this feature.
Closes pull-request #149 and closes #150
2022-08-05 10:48:56 +10:00
Patrick Monnerat
5e9b95f9a8
Avoid 32-bit signed integer overflow in Blowfish computations.
...
PHP 8.1 deprecates float to int truncation.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
aeebf3faa6
Replace calls to strftime() by calls to date().
...
PHP 8.1 deprecates strftime().
2022-08-05 10:48:56 +10:00
Patrick Monnerat
b035e8a0f4
Do not use function is_resource().
...
PHP 8.1 replaces some kind of resources by built-in class instances.
As is_resource() is always used to test for failures, replace calls by
simple Boolean checks.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
f129579f45
Adapt app_error_handler() to PHP 8.
...
In an '@ error suppression context, PHP 8 error_reporting() no longer
returns 0 but an error mask of errors that cannot be supressed and
passes the effective error number to the error handler (instead of 0).
Adapt the test in a compatible way.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
c90dc06af2
Rename class Attribute to PLAAttribute.
...
As PHP 8 introduces a built-in Attribute class, a name clash occurs
without this commit.
Class names are used by the Visitor class to dynamically build method
names. To avoid having to also rename the target methods, a class name
mapping is introduced for this purpose. This map may be augmented
whenever another similar case occurs.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
3a75a32100
Mandatory function arguments must be listed before optional ones.
...
PHP 8 deprecates the ability to have
function whatever($arg1, $arg2='something', $arg3)
This commit reorders arguments of functions set_cached_item() and
draw_jpeg_photo() to meet this new requirement.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
3ec9c23d58
Do not call get_magic_quote_gpc() when running in PHP version >= 5.4.
...
This deprecated function has been removed in PHP 8.
2022-08-05 10:48:56 +10:00
KuhnChris
857f0c539c
sanity-fix: gettext and session mod check
...
Closes pull-request #152
2022-08-05 10:48:56 +10:00
Andrés Maldonado
97eed9d9cd
Prevent strftime overflow on 32 bit systems
...
Fixes "strftime() expects parameter 2 to be integer, float given"
Closes pull request #156 and closes #155
2022-08-05 10:48:31 +10:00
Deon George
386d6ab83b
Fix syntax error created by a0de69b - thanks to Bert Van de Poel for testing this and identifying the error
2021-12-12 13:25:28 +11:00
Deon George
a0de69bd58
foreach error in lib_ldap_pla.php:checkUniqueAttrs when uidpool is turned on - closes #20
2021-12-10 16:05:01 +11:00
EtienneBarbier
a8c9abe22b
Add option to list available password types - closes #143
2021-12-10 15:56:58 +11:00
Bert Van de Poel
1c7340ce48
Correct incorrent mixing of tabs and spaces.
...
All code (including code originating from the blowfish PR) now correctly use tabs. Spaces are only used for alignment in comments where necessary.
2021-12-10 15:18:26 +11:00
Bert Van de Poel
24ce5d5833
Replace salt function with a more modern, cryptographically secure pseudo-random method
...
Set minimum PHP version to 7.0.0 for random_bytes
2021-12-10 15:18:18 +11:00
Bert Van de Poel
fe3798f8ec
Modernize sha1 and md5 password hash and check functions: remove unnecessary pack, no longer use very old fallbacks, and use random_salt
2021-12-10 15:18:09 +11:00
Bert Van de Poel
1a09e4ff3c
Modernize sha512 hash code: replace openssl_digest with the generic hash function, remove check no longer necessary in minimum version
2021-12-10 15:18:01 +11:00
Bert Van de Poel
bc1691f5d2
Add hash support for ssha512
2021-12-10 15:17:54 +11:00
Bert Van de Poel
54bb4743aa
Add hash support for salted and non-salted sha256 and sha384 (therefore adding full support for all hashes in the sha2 openLDAP module)
2021-12-10 15:17:43 +11:00
Franky Van Liedekerke
46cc4a1b13
Take into account empty arguments
...
If no argument is given to the function call, don't try to pass an empty array as some php functions don't allow arguments (like the time function)
2021-12-10 15:09:18 +11:00
Maarten
45aa1e5208
Added script comment for the Autofill A flag
2021-12-10 15:06:36 +11:00
Maarten
02b047c1f5
Bug fix: typo in regex
2021-12-10 15:06:36 +11:00
Maarten
6d4aff8733
Added optional delimiter to /K autofill function
2021-12-10 15:06:36 +11:00
Scott Shambarger
00683b3ea7
Added TLS client certificate support
...
Adds configuration for TLS client certificates to secure TLS connection
(requires PHP 7.1+ to use).
Updates use of ldap_set_option to report errors if settings fail.
Modifies connection logic to fail if connection preparation fails
(eg. to avoid connections over insecure links if requested TLS fails).
2021-12-10 15:02:31 +11:00
Scott Shambarger
da69ebf06a
Added SASL EXTERNAL authentication support
...
New auth_type 'sasl_external'. Login is hard coded as 'external'
2021-12-10 14:59:02 +11:00
Deon George
0c334f0385
Fix for issue #103 - hexdec() causes an deprecation notice when invalid chars are used
2020-09-19 17:09:29 +10:00
Nic Bernstein
f4c8c3d31e
SF Bug #1008 getContainerPath doesn't properly traverse to baseDN and back & #1009 - return_ldap_hash should not return container object in result set
2020-08-31 08:49:02 +10:00
Andy Beefeater
e45e71fd08
SF Feature #356 - HTMLTree icons formatting
2020-08-31 08:48:49 +10:00
Deon George
0011184a3f
Documenting OID 1.3.6.1.1.22 - Thank you. Closes #102
2020-08-30 22:27:03 +10:00
Gurvinder Dadyala
bdfd68c3b6
Added Bcrypt support ( #116 )
...
* Set minimum PHP version to 5.5.0| Bcrypt Support
* Added Bcrypt hash support
* Update Install.md
2020-08-30 21:58:50 +10:00
Armin Leuprecht
fb437b037e
Decode plainpassword before check ( #115 )
...
When the user's password contains HTML special chars
the password check would always fail if the
the given plainpassword is not decoded first.
2020-08-30 21:57:40 +10:00
Bennet Bleßmann
34d4f20222
Fixes usage of deprecated array/string access syntax. ( #97 )
...
PHP 7.4 Compatibility.
2020-08-30 21:56:25 +10:00
JamesCordell
0b65747110
Changes required so the sudoRole objectClass will present a link so members can be modified by default. ( #101 )
2020-02-20 09:17:37 +11:00
Jakub Filak
4661aa2114
Hooks fixes ( #99 )
...
* repace deprecated each with foreach
I tried to enable the example.php hooks and the use of the keyword each
was causing crashes in the docker image osixia/phpldapadmin:0.9.0
* check if DEBUG_ENABLED is defined
I enabled the hooks example.php and I started getting crashes caused by
undefined constant.
Tested with the docker image osixia/phpldapadmin:0.9.0
2020-02-20 09:17:01 +11:00
sshambar
0a57b2f80e
Added appearance option show_authz ( #94 )
...
Enabling displays the authorization ID rather than the authentication ID,
similar to using ldapwhoami. Requires PHP 7.2+
2020-02-20 09:14:18 +11:00
sshambar
0fe1758572
Add SASL PLAIN authentication support ( #92 )
...
Adds a new sasl mech 'plain' which converts all simple authentication
methods to SASL PLAIN. NOTE: doesn't use auth_type 'sasl' as
credentials may come from login form, stored in cookies etc...
2020-02-20 09:12:39 +11:00
Noone404
4eb3737d31
Added option to use template string for bind DN ( #90 )
...
* Language update from launchpad
* Added login option 'bind_dn_template'
2020-02-20 09:11:17 +11:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA ( #87 )
...
* reCaptcha config
* config reCaptcha
* check reCAPTCHA
* add reCAPTCHA to form login
* config attributes for reCAPTCHA
* Function to verify request with reCAPTCHA
* doc reCaptcha
2020-02-20 09:04:20 +11:00
Genaro Contreras Gutierrez
c87571f6b7
Fix error and set by default to preventXSS
2019-07-31 08:21:14 -07:00
Genaro Contreras Gutierrez
0b10c30c79
other usage of function preventXSS
...
Other example of usage:
preventXSS(get_request('cmd','REQUEST'))
Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false
2019-07-30 08:49:41 -07:00
Genaro Contreras Gutierrez
c22c98c463
update get_request when an error occurs
...
Example to use to prevent XSS attack from get_request
get_request('cmd','REQUEST',false,null,true)
2019-07-30 08:44:10 -07:00
Genaro Contreras Gutierrez
25cbb26e1d
update function get_request to preventXSS
...
The XSS prevent function was created and used
2019-07-30 08:38:14 -07:00
Genaro Contreras Gutierrez
08c21fe7ca
Prevent XSS attack since function get_request
...
The $preventXSS parameter was added to the get_request function to avoid XSS attacks.
It was not set by default as $preventXSS=true, because it can affect fields such as passwords.
Using "htmlspecialchars" and "addslashes" functions of PHP.
2019-07-30 08:29:17 -07:00
Deon George
7b1f6b5132
Fix for PHP 7.3 - deprecated continue in switch
2019-05-14 15:00:28 +10:00