summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-03-11bug 1341: Avoid a privacy issue leaking information if an account exists.bug-1341Benny Baumann
2014-12-03bug-1341: Restrict to 1 login per 5 secondsBenny Baumann
2014-12-03bug-1341: add the db_migration script for the new columnFelix Dörre
2014-11-23Merge branch 'bug-28' into releaseBenny Baumann
Conflicts: includes/account.php scripts/cron/warning.php www/disputes.php www/wot.php
2014-11-23Merge branch 'bug-1273' into releaseBenny Baumann
2014-11-23Merge branch 'bug-1192' into releaseBenny Baumann
2014-11-18Merge branch 'bug-1339' into releaseBenny Baumann
2014-11-15bug-1339: remove all traces of OTPbug-1339Felix Dörre
2014-10-21bug-1273: fixing backticks in 'warning'-cron-scriptbug-1273Felix Dörre
2014-10-16Merge remote-tracking branch 'origin/bug-1301' into releaseMichael Tänzer
2014-10-14bug-1192: changed text on index/52.phpbug-1192INOPIAE
2014-09-30bug-1192: added explanation textINOPIAE
2014-09-24CCA-Mailing: bugfix for script continuation problem reported by WytzeBenny Baumann
2014-09-16add: Policy Mailing script for notification about the new CCA as of 2014-07-20.Benny Baumann
2014-08-30bug 1301: Fix issue with missing default for the encodingbug-1301Benny Baumann
2014-08-28Merge branch 'bug-1293' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1297' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1298' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1292' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1276' into releaseBenny Baumann
2014-08-19bug 1293: Additional changes to CCA by Benediktbug-1293Benny Baumann
2014-08-19bug 1293: Updated latest CCA version by Benedikt 2014-08-19 20:56Benny Baumann
2014-08-18bug 1293: Renewed version provided by the EditorBenny Baumann
2014-08-17Updated Policy document by the EditorBenny Baumann
2014-08-17bug 1293: Remove the icon according to W3C guidelinesBenny Baumann
This change is as we currently do not pass validation and therefore would be infridging on the usage rights.
2014-08-14bug 1293: Replace DOCTYPE by HTML5 declaration to avoid conflicts with PHP ↵Benny Baumann
and the XML declaration for XHTML 1.1
2014-08-09Merge branch 'bug-1291' into releaseBenny Baumann
2014-08-09bug-1298: Update the used SHA-import in the commmodulebug-1298Felix Dörre
As already suggested in the bug report.
2014-08-09bug-1297: update openssl regexes to openssl 1.0.1bug-1297Felix Dörre
Some keywords in the "req"-output have changed.
2014-07-29bug 1291: Update wothash calculation for modified behaviourbug-1291Benny Baumann
2014-07-29bug 1293: Add new DRAFT version of current CCA as of 2014-ß7-27Benny Baumann
2014-07-27bug 1291: Another XSSBenny Baumann
2014-07-27bug 1291: Fix XSS in WoT 15Felix Dörre
2014-07-27bug-1292: prohibit keys with public exponent smaller than 65536bug-1292Felix Dörre
This is in accordance to what is recommended on the referenced wiki page: http://wiki.cacert.org/WeakKeys#SmallExponent
2014-07-15Merge branch 'bug-1226' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1283' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1281' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1280' into releaseBenny Baumann
2014-06-22bug 1226: Only consider values above 1900 as the year when returning a ↵bug-1226Benny Baumann
pre-filled form
2014-06-21bug 1226: Properly use sprintfMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1226: Treat the date values as integerMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1226: Remove really redundant codeMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1280: Implement normalisation in of language codes in the L10n classbug-1280Michael Tänzer
and use it (in set_translation() and the Assurer contact form) Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1280: Remove trailing white spaceMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21Revert "bug-1280: Parse the language code from the locale."Michael Tänzer
This reverts commit f3885b3bc9ff61da78fb541151f16b0ecfdf62eb.
2014-06-21Revert "bug-1280: Handle more different types of "languages":"Michael Tänzer
This reverts commit 0730c9df3eb440205d7963e3c0762765d9b47031.
2014-06-21Revert "bug-1280: Variable naming, formatting, php-syntax-error"Michael Tänzer
This reverts commit 6b1cd2a57b0aaa88374b1098df40cc6f73cdff5d.
2014-06-15bug 1273: Move the one "escapeshellarg" in a new row.Felix Dörre
2014-06-15bug 1273: use runCommand where former "echo"-syntax was usedFelix Dörre
2014-06-15bug 1273: replace backtick operators with shell_execFelix Dörre
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'