summaryrefslogtreecommitdiff
path: root/includes/general.php
AgeCommit message (Collapse)Author
2015-07-26bug 1392: correct a variable mixup causing all SANs in CSRs to be rejectedbug-1392Benny Baumann
2015-07-25bug 1392: Check domain names in CN/SAN to at least basically comply to RFCBenny Baumann
2014-12-05Merge remote-tracking branch 'origin/bug-1318' into releaseMichael Tänzer
2014-11-30bug 1318: Minor typobug-1318Benny Baumann
2014-11-30bug 1318: Variable name typoBenny Baumann
2014-11-30bug 1288: Some cleanup as this is never used anywaybug-1288Benny Baumann
2014-11-30bug 1288: Accept STARTTLS as last optionBenny Baumann
2014-11-29bug 1318: typo in variable namesBenny Baumann
2014-11-29bug 1318: Actually sort by priorityBenny Baumann
2014-11-29bug 1318: Fix a check for if there were any serversBenny Baumann
2014-11-29bug 1318: Request the array containing the priorities to sort entries propoerlyBenny Baumann
2014-11-29bug 1288: Actually request encryption for the connection before activatingBenny Baumann
2014-11-29bug 1288: EHLO returns 250 on successBenny Baumann
2014-11-29bug 1318: Typo in control structureBenny Baumann
2014-11-29bug 1288: Do STARTTLS whenever offered by the serverBenny Baumann
2014-11-29bug 1318: Properly order MX records by order given in RFC 5321Benny Baumann
2014-11-23Merge branch 'bug-1273' into releaseBenny Baumann
2014-08-30bug 1301: Fix issue with missing default for the encodingbug-1301Benny Baumann
2014-06-15bug 1273: Move the one "escapeshellarg" in a new row.Felix Dörre
2014-06-15bug 1273: replace backtick operators with shell_execFelix Dörre
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'
2014-05-01Merge branch 'release' into bug-1138Benny Baumann
2014-04-30bug 1138: Whitespace changes and code formattingBenny Baumann
2014-04-30bug 1138: Be more paranoid regarding database query parametersBenny Baumann
2014-04-15Merge branch 'bug-1184' into releaseBenny Baumann
2014-04-01Merge branch 'bug-1070' into releaseBenny Baumann
2014-03-19bug 1184: Quick workaround for name collission on hex2bin on recent PHP versionsbug-1184Benny Baumann
2014-03-18bug 1070: Fix problem with literal interpretation of the provided search stringbug-1070Benny Baumann
2013-11-19bug 1221: WhitespaceBenny Baumann
2013-11-19bug 1221: added `deleted` = 0 to general.phpBenny Baumann
2013-07-12Merge branch 'bug-1186' into releaseBenny Baumann
2013-07-12Merge branch 'bug-1176' into releaseBenny Baumann
2013-07-06bug 1186: Mixed up order of argumentsbug-1186Benny Baumann
2013-07-03bug 1186: Missing argument is missing.Benny Baumann
2013-07-03bug 1186: Fix warning if no valid MX records are returned for one line of ↵Benny Baumann
the executed command
2013-06-20bug 1176: Fix deprecation of split function in general.phpBenny Baumann
2013-05-15Merge remote-tracking branch 'origin/bug-1122' into releaseMichael Tänzer
2013-05-13bug 1176: Remove usage of deprecated calls to session_registerBenny Baumann
2013-01-07bug 512: Fix a problem causing blank result pagesbug-512Benny Baumann
2012-12-13bug 1122:created new file for the CCA overview and added short information ↵INOPIAE
about CCA into SE admin console
2012-11-28bug 512:Moved get_assurer_status from includes/general.php to ↵INOPIAE
includes/lib/general.php to make the function available for the scripting. Changed script to includes/lib/general.php
2012-08-21Source code taken from cacert-20120810.tar.bz2Michael Tänzer
2012-06-06bug 1070: Escape password before giving it to the command lineMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2012-04-30Source code taken from cacert-20120429.tar.bz2Michael Tänzer
2012-04-18bug 1033: Only issue up to 35 pointsbug-1033Michael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2012-01-26Source code taken from cacert-20120125.tar.bz2Michael Tänzer
2012-01-10Merge branch 'release' into bug-985bug-985Michael Tänzer
Conflicts: www/wot.php Signed-off-by: Michael Tänzer <neo@nhng.de>
2011-11-20Source code taken from cacert-20111116.tar.bz2Michael Tänzer
2011-10-16bug 985: move binding to a gettext domain into a separate method andMichael Tänzer
update some more legacy language handling removed screenshot() as it's never used and language dependent still open: translation in PDFs Signed-off-by: Michael Tänzer <neo@nhng.de>
2011-10-16bug 985: Factor out language handling into a separate class, also fixMichael Tänzer
language handling for Internet Explorer. TODO: - replace all uses of $_SESSION['_config']['language'] and $_SESSION['_config']['translations'] with the appropriate calls to the new class - adjust character handling in the PDF generation routines - probably more Signed-off-by: Michael Tänzer <neo@nhng.de>
2011-09-28bug 985: map language to the right locale and other fixesMichael Tänzer
- map from two letter to five letter code - if lang is given as parameter but $_SESSION['_config']['language'] has already been set also go into the translation handling code - preg_filter() is PHP >= 5.3 Signed-off-by: Michael Tänzer <neo@nhng.de>