summaryrefslogtreecommitdiff
path: root/pages/account
AgeCommit message (Collapse)Author
2014-10-28bug 1316: replaced revoke assurance by new function revoke_assuranceINOPIAE
2014-10-07Merge branch 'bug-790' into testserver-stableBenny Baumann
2014-10-07bug-790: update the text for orgClientCertbug-790Felix Dörre
According to common decision in SAP meeting.
2014-10-07bug-790: Add a descriptive text for orgClient ...Felix Dörre
... to help people to see where the CSR should go.
2014-09-24Merge branch 'bug-790' into testserver-stableBenny Baumann
2014-09-23bug-709: change spkac-text, wrap crt with <pre>sFelix Dörre
2014-09-23Merge branch 'bug-790' into testserver-stableBenny Baumann
2014-09-23bug-790: do translation, fix cert downloadFelix Dörre
2014-09-23Merge branch 'bug-790' into testserver-stableBenny Baumann
2014-09-23bug-790: implement that thing.Felix Dörre
2014-09-10Merge branch 'bug-1302' into testserver-stableBenny Baumann
2014-09-10bug 1302: some more tag cleanup and text reorderingBenny Baumann
2014-09-09bug-1302: clean up tableMartin Gummi
2014-09-09Merge branch 'bug-612' into testserver-stableBenny Baumann
2014-09-09bug 612: Minor fixups in formatting and error outputbug-612Benny Baumann
2014-09-09bug-612: small fixups in code styleFelix Dörre
2014-09-09bug-1302: move link to support mailing list under contact formMartin Gummi
2014-09-09bug 1302: Make the HTML more readable and especially validMartin Gummi
2014-09-09bug 1302: 2nd rework the contact page and removed the possibility to send ↵Martin Gummi
the data from the form to the support mailing list
2014-09-09bug-612: adding ip anonymization for secret-question mailFelix Dörre
2014-07-15Merge branch 'bug-1281' into releaseBenny Baumann
2014-06-15Merge branch 'bug-1223' into testserver-stableBenny Baumann
2014-06-15Merge branch 'release' into bug-1223Benny Baumann
Conflicts: pages/account/43.php
2014-06-15Merge branch 'bug-657' into testserver-stableBenny Baumann
Conflicts: includes/notary.inc.php
2014-06-15Merge branch 'bug-1273' into testserver-stableBenny Baumann
2014-06-15bug 1273: replace backtick operators with shell_execFelix Dörre
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'
2014-06-15Merge branch 'bug-612' into testserver-stableBenny Baumann
2014-06-15bug 612: Using consistent date/time format, putting params in a new lineFelix Dörre
2014-06-15bug 612: add IP-Address and Time to "viewed secret questions"-message.Felix Dörre
2014-06-13Merge branch 'release' into bug-807Benny Baumann
Conflicts: includes/account.php includes/lib/account.php pages/account/16.php
2014-06-09Merge branch 'bug-1282' into testserver-stableBenny Baumann
2014-06-09bug 1282: added a better check for id for the searchINOPIAE
2014-06-08Merge branch 'bug-1281' into testserver-stableBenny Baumann
2014-06-08bug 1281: Fix syntax error in SQL statementbug-1281Benny Baumann
2014-06-08bug 1281: Convert to Unix Line EndingsBenny Baumann
2014-06-08Merge branch 'release' into bug-657INOPIAE
2014-06-06Merge branch 'bug-413' into bug-1138bug-1138Benny Baumann
Conflicts: pages/account/12.php pages/account/5.php
2014-05-27Merge branch 'bug-413' into testserver-stableBenny Baumann
Conflicts: pages/account/12.php
2014-05-27bug 413: Port same change as for 5.php over to 12.phpbug-413Benny Baumann
2014-05-27Merge branch 'bug-413' into testserver-stableBenny Baumann
Conflicts: pages/account/5.php
2014-05-27bug 413: Backport changes from 7aced740 by Michael Tänzer to avoid ↵Benny Baumann
conflicts when integrating both together
2014-05-01Merge branch 'bug-1138' into testserver-stableMichael Tänzer
Conflicts: includes/account.php includes/general.php includes/lib/account.php pages/account/16.php www/wot.php Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-05-01bug 1138: This is an int, no need to mysql_real_escape()Michael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-05-01bug 1138: Avoid double escaping of $_SESSION['_config']['OU'] and fix XSSMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-04-30bug 1138: Whitespace changes and code formattingBenny Baumann
2014-04-30bug 1138: And yet another bunch of missing escapesBenny Baumann
2014-04-30bug 1138: Add some more mising escaping for values from the databaseBenny Baumann
2014-04-30bug 1138: Add some more mising escaping for values from the databaseBenny Baumann
2014-04-30bug 1138: Add some mising escaping for values from the databaseBenny Baumann
2014-04-29Resolve merge conflict resolution error on ec1b6811Michael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>