summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-09-16add: Policy Mailing script for notification about the new CCA as of 2014-07-20.Benny Baumann
2014-08-30bug 1301: Fix issue with missing default for the encodingbug-1301Benny Baumann
2014-08-28Merge branch 'bug-1293' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1297' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1298' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1292' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1276' into releaseBenny Baumann
2014-08-19bug 1293: Additional changes to CCA by Benediktbug-1293Benny Baumann
2014-08-19bug 1293: Updated latest CCA version by Benedikt 2014-08-19 20:56Benny Baumann
2014-08-18bug 1293: Renewed version provided by the EditorBenny Baumann
2014-08-17Updated Policy document by the EditorBenny Baumann
2014-08-17bug 1293: Remove the icon according to W3C guidelinesBenny Baumann
This change is as we currently do not pass validation and therefore would be infridging on the usage rights.
2014-08-14bug 1293: Replace DOCTYPE by HTML5 declaration to avoid conflicts with PHP ↵Benny Baumann
and the XML declaration for XHTML 1.1
2014-08-09Merge branch 'bug-1291' into releaseBenny Baumann
2014-08-09bug-1298: Update the used SHA-import in the commmodulebug-1298Felix Dörre
As already suggested in the bug report.
2014-08-09bug-1297: update openssl regexes to openssl 1.0.1bug-1297Felix Dörre
Some keywords in the "req"-output have changed.
2014-07-29bug 1291: Update wothash calculation for modified behaviourbug-1291Benny Baumann
2014-07-29bug 1293: Add new DRAFT version of current CCA as of 2014-ß7-27Benny Baumann
2014-07-27bug 1291: Another XSSBenny Baumann
2014-07-27bug 1291: Fix XSS in WoT 15Felix Dörre
2014-07-27bug-1292: prohibit keys with public exponent smaller than 65536bug-1292Felix Dörre
This is in accordance to what is recommended on the referenced wiki page: http://wiki.cacert.org/WeakKeys#SmallExponent
2014-07-15Merge branch 'bug-1226' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1283' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1281' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1280' into releaseBenny Baumann
2014-06-22bug 1226: Only consider values above 1900 as the year when returning a ↵bug-1226Benny Baumann
pre-filled form
2014-06-21bug 1226: Properly use sprintfMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1226: Treat the date values as integerMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1226: Remove really redundant codeMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1280: Implement normalisation in of language codes in the L10n classbug-1280Michael Tänzer
and use it (in set_translation() and the Assurer contact form) Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1280: Remove trailing white spaceMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21Revert "bug-1280: Parse the language code from the locale."Michael Tänzer
This reverts commit f3885b3bc9ff61da78fb541151f16b0ecfdf62eb.
2014-06-21Revert "bug-1280: Handle more different types of "languages":"Michael Tänzer
This reverts commit 0730c9df3eb440205d7963e3c0762765d9b47031.
2014-06-21Revert "bug-1280: Variable naming, formatting, php-syntax-error"Michael Tänzer
This reverts commit 6b1cd2a57b0aaa88374b1098df40cc6f73cdff5d.
2014-06-15bug 1273: Move the one "escapeshellarg" in a new row.Felix Dörre
2014-06-15bug 1273: use runCommand where former "echo"-syntax was usedFelix Dörre
2014-06-15bug 1273: replace backtick operators with shell_execFelix Dörre
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'
2014-06-13Merge branch 'bug-807' into releaseBenny Baumann
2014-06-13Merge branch 'release' into bug-807Benny Baumann
Conflicts: includes/account.php includes/lib/account.php pages/account/16.php
2014-06-11bug-1280: Variable naming, formatting, php-syntax-errorFelix Dörre
2014-06-11bug-1280: Handle more different types of "languages":Felix Dörre
- zh_CN => zh-cn (in various cases: ZH_cn, zh_cn, ...) - de => de (what the current GUI produces) - de_DE => de, en_AU => en, EN_AU => en (what may be left in the database) ... and more creative upper/lower-cases
2014-06-11bug-1280: Parse the language code from the locale.Felix Dörre
Splitting the string at "_" and lowering the characters.
2014-06-10bug 1283: remove double encodingbug-1283Felix Dörre
The locales are already encoded in the Database.
2014-06-08bug 1281: Fix syntax error in SQL statementbug-1281Benny Baumann
2014-06-08bug 1281: Convert to Unix Line EndingsBenny Baumann
2014-06-07Merge branch 'bug-929' into releaseBenny Baumann
2014-06-06Merge branch 'bug-1172' into releaseBenny Baumann
2014-06-06Merge branch 'bug-1138' into releaseBenny Baumann
2014-06-06Merge branch 'bug-1275' into releaseBenny Baumann
2014-06-06Merge branch 'bug-372' into releaseBenny Baumann