summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-09-23bug 1131: Updated SecurityPolicy.html by Eva Stöwe/Policy OfficerBenny Baumann
2014-09-17bug 1131: Added new version of CPSBenny Baumann
2014-09-16bug 1131: Updated alt text for the document status imagesBenny Baumann
2014-09-16bug 1131: Updated Policies based on new versions send by Policy OfficerBenny Baumann
Additionally trailing whitespaces, indentation and line breaks have been partially edited to ease reading of the HTML code. The CCA has been skipped to avoid race conditions with other currently running processes.
2014-09-16add: Policy Mailing script for notification about the new CCA as of 2014-07-20.Benny Baumann
2014-08-30bug 1301: Fix issue with missing default for the encodingbug-1301Benny Baumann
2014-08-28Merge branch 'bug-1293' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1297' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1298' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1292' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1276' into releaseBenny Baumann
2014-08-19bug 1293: Additional changes to CCA by Benediktbug-1293Benny Baumann
2014-08-19bug 1293: Updated latest CCA version by Benedikt 2014-08-19 20:56Benny Baumann
2014-08-18bug 1293: Renewed version provided by the EditorBenny Baumann
2014-08-17Updated Policy document by the EditorBenny Baumann
2014-08-17bug 1293: Remove the icon according to W3C guidelinesBenny Baumann
This change is as we currently do not pass validation and therefore would be infridging on the usage rights.
2014-08-14bug 1293: Replace DOCTYPE by HTML5 declaration to avoid conflicts with PHP ↵Benny Baumann
and the XML declaration for XHTML 1.1
2014-08-09Merge branch 'bug-1291' into releaseBenny Baumann
2014-08-09bug-1298: Update the used SHA-import in the commmodulebug-1298Felix Dörre
As already suggested in the bug report.
2014-08-09bug-1297: update openssl regexes to openssl 1.0.1bug-1297Felix Dörre
Some keywords in the "req"-output have changed.
2014-07-29bug 1291: Update wothash calculation for modified behaviourbug-1291Benny Baumann
2014-07-29bug 1293: Add new DRAFT version of current CCA as of 2014-ß7-27Benny Baumann
2014-07-27bug 1291: Another XSSBenny Baumann
2014-07-27bug 1291: Fix XSS in WoT 15Felix Dörre
2014-07-27bug-1292: prohibit keys with public exponent smaller than 65536bug-1292Felix Dörre
This is in accordance to what is recommended on the referenced wiki page: http://wiki.cacert.org/WeakKeys#SmallExponent
2014-07-15Merge branch 'bug-1226' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1283' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1281' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1280' into releaseBenny Baumann
2014-06-22bug 1226: Only consider values above 1900 as the year when returning a ↵bug-1226Benny Baumann
pre-filled form
2014-06-21bug 1226: Properly use sprintfMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1226: Treat the date values as integerMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1226: Remove really redundant codeMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1280: Implement normalisation in of language codes in the L10n classbug-1280Michael Tänzer
and use it (in set_translation() and the Assurer contact form) Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1280: Remove trailing white spaceMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21Revert "bug-1280: Parse the language code from the locale."Michael Tänzer
This reverts commit f3885b3bc9ff61da78fb541151f16b0ecfdf62eb.
2014-06-21Revert "bug-1280: Handle more different types of "languages":"Michael Tänzer
This reverts commit 0730c9df3eb440205d7963e3c0762765d9b47031.
2014-06-21Revert "bug-1280: Variable naming, formatting, php-syntax-error"Michael Tänzer
This reverts commit 6b1cd2a57b0aaa88374b1098df40cc6f73cdff5d.
2014-06-17bug 773: Whitespace at EOL and indentationbug-773Benny Baumann
2014-06-17bug 773: correct email sending for domaincertsFelix Dörre
2014-06-17bug 773: fix sending email on revocation.Felix Dörre
Use the email (and language) of domain owner to send mail.
2014-06-15bug 1273: Move the one "escapeshellarg" in a new row.Felix Dörre
2014-06-15bug 1273: use runCommand where former "echo"-syntax was usedFelix Dörre
2014-06-15bug 1273: replace backtick operators with shell_execFelix Dörre
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'
2014-06-13Merge branch 'bug-807' into releaseBenny Baumann
2014-06-13Merge branch 'release' into bug-807Benny Baumann
Conflicts: includes/account.php includes/lib/account.php pages/account/16.php
2014-06-11bug-1280: Variable naming, formatting, php-syntax-errorFelix Dörre
2014-06-11bug-1280: Handle more different types of "languages":Felix Dörre
- zh_CN => zh-cn (in various cases: ZH_cn, zh_cn, ...) - de => de (what the current GUI produces) - de_DE => de, en_AU => en, EN_AU => en (what may be left in the database) ... and more creative upper/lower-cases
2014-06-11bug-1280: Parse the language code from the locale.Felix Dörre
Splitting the string at "_" and lowering the characters.
2014-06-10bug 1283: remove double encodingbug-1283Felix Dörre
The locales are already encoded in the Database.