Commit Graph

82 Commits

Author SHA1 Message Date
Patrick Baus
dd6e9583a2 Fixed request smuggling vulnerability. See: https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_HTTP_Request/Response_Smuggling
According to https://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method, the header should be ignored anyway if those properties were set.
2016-08-11 01:48:12 +02:00
Patrick Baus
665dbc2690 Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the
HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
2016-08-11 01:32:41 +02:00
Sébastien Collin
54191d7ffb Fix some monitor information problems
Fix some monitor information problems as reported by @brendankearney
2015-01-30 13:56:29 +01:00
Marc Laporte
6135f94a51 typo 2014-07-25 20:36:21 -04:00
Deon George
f28d535948 SF Bug #3510648 - Cannot copy between servers 2012-09-05 21:54:42 +10:00
Deon George
74434e5ca3 SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables 2012-09-03 07:16:34 +10:00
Deon George
88d41216f9 SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY'] 2012-09-03 06:19:19 +10:00
Paweł Tomulik
09c5e3a8da SF Feature #3555472 - User-friendly items in entry chooser window. 2012-09-01 11:43:14 +10:00
Roland Gruber
6c8b623788 SF Patch #3391371 - Fix for schema link deactivation 2011-10-06 11:57:06 +11:00
Deon George
d5744b055a SF Bug #3370546 - AjaxEnabled create and delete entry fails on IE9 2011-10-06 09:12:54 +11:00
Deon George
64668e882b Remove XSS vulnerabilty in debug code 2011-07-27 07:30:06 +10:00
Deon George
6c93c1fc72 Fix deletion special char DNs, and refresh tree on delete 2011-05-04 00:02:33 +10:00
Marcel van Dorp
880a86f666 SF Feature #3122736 - HTTP authentication realm 2011-04-29 12:46:49 +10:00
Deon George
a35298e7f3 SF Bug #3036033 - Error if CN begins with a % sign 2011-04-29 12:08:38 +10:00
Deon George
2ea1fc6314 SF Bug #3003777 - Multivalue attributes with hundred of values hangs on modify 2011-04-29 00:19:53 +10:00
Deon George
1f9308dc4d Fixes for jpegPhoto attributes during copy operations 2011-04-28 23:20:06 +10:00
Deon George
9e9960bc3d SF Bug #3003779 - Unable to check password for NT and LN samba hashed 2011-04-27 21:53:47 +10:00
Deon George
6e5ec75b55 SF Bug #3077852 - Default template being used after modificaiton of entry 2011-04-27 00:02:05 +10:00
Deon George
97eff7383c SF Bug #3276528 - Problem with + and , signs in dn 2011-04-26 23:21:19 +10:00
Deon George
be623ce3f5 SF Bug #3136564 - Undefined variable: result (E_NOTICE) 2011-04-26 11:40:35 +10:00
Deon George
2cf20fcf44 SF Bug #2981355 - rawurldecode killing complex passwords 2011-04-26 10:10:43 +10:00
Deon George
c5f045756e SF Bug #2980701 - Creation templates get used for modification post creation 2011-04-26 00:10:58 +10:00
Deon George
7980d1c131 SF Patch #2974901 - enable modify member form to use netgroups 2010-11-16 22:05:18 +11:00
Deon George
7d17676fd7 Enabled create_base 2010-03-18 13:25:53 +11:00
Deon George
1c467a6115 New feature: Copy a DN and edit values before creation 2010-03-18 13:24:04 +11:00
Deon George
2e8e9625d6 AJAX work on create/update 2010-03-15 09:37:37 +11:00
Deon George
f713afc8d1 HTML Validation work 2010-03-15 09:37:35 +11:00
Deon George
0f782569e9 SF Bug #2969826 - XSS found in cmd.php 2010-03-14 23:57:16 +11:00
Deon George
676a675c7c SF Bug #2901854 - E_WARNING: implode(): Invalid arguments passed 2010-01-30 15:10:00 +11:00
Deon George
2393c5d5e3 Trim _REQUEST vars mainly to avoid null terminated strings 2009-12-23 09:03:13 +11:00
Deon George
efd1860a91 SF Bug #2554402 - template autofill command not work on appearance,date_attrs 2009-11-21 12:11:45 +11:00
Deon George
23a2da1f26 SF Bug #2898426 - Can't update own password 2009-11-21 11:17:53 +11:00
Deon George
a6dc80616b Fix rendering of js_calendar on add_attr, when no previous DateAttributes existed 2009-09-20 11:44:26 +10:00
Deon George
f0a6d312ab Enable control of creating children in templates 2009-09-20 11:44:23 +10:00
Deon George
3ffe6878f3 Minor updates 2009-09-07 00:13:58 +10:00
Deon George
9cb27e3a70 Miscellaneous minor updates 2009-08-29 00:11:23 +10:00
Deon George
b93b92f430 Rework javascript 2009-08-22 21:30:50 +10:00
Deon George
6e6a7a6e4e Multiple fixes, changes and enhancements
* mass edit selection,
* child search during edit,
* attr login with bind_id,
* performance fix broke ldapservers that dont have havesubordinate attrs),
* enable "login,class",
* enable "login,base".
2009-08-21 15:02:12 +10:00
Deon George
95aedef718 Remove CVS tags 2009-08-20 12:25:48 +10:00
Deon George
5669c92371 Improvements to debug_log 2009-08-19 13:39:37 +10:00
Deon George
a0816d068c Sync menu/tree processing with other projects, variable/function naming 2009-08-12 23:53:14 +10:00
Deon George
29cb490571 Fixes for issues introduced by commit bbe87c6e2 2009-07-27 17:18:25 +10:00
Deon George
5938302012 Fix the simple ACL configuration 2009-07-26 01:21:23 +10:00
Deon George
bbe87c6e2f SF Bug #2820854 - ldap_first_attribute error 2009-07-14 19:07:43 +10:00
Deon George
6627c7bea4 Fix spelling 2009-07-12 22:02:30 +10:00
Deon George
223086b58e Fix for when invalid objectclass entered 2009-07-12 22:02:19 +10:00
Deon George
5481f61ce3 Use calls to getRootDSE() 2009-07-12 12:28:39 +10:00
Deon George
d364af141f Minor display change 2009-07-11 14:19:04 +10:00
Deon George
4eed1d8982 Enabled HTTP auth 2009-07-11 10:18:48 +10:00
Deon George
664c05decd Removed stylesheet from index 2009-07-08 20:17:35 +10:00