| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-12-05 | Merge remote-tracking branch 'origin/bug-790' into release | Michael Tänzer | |
| 2014-11-23 | Merge branch 'bug-1273' into release | Benny Baumann | |
| 2014-11-18 | Merge branch 'bug-1339' into release | Benny Baumann | |
| 2014-11-15 | bug-1339: remove all traces of OTPbug-1339 | Felix Dörre | |
| 2014-10-07 | bug-790: update the text for orgClientCertbug-790 | Felix Dörre | |
| According to common decision in SAP meeting. | |||
| 2014-10-07 | bug-790: Add a descriptive text for orgClient ... | Felix Dörre | |
| ... to help people to see where the CSR should go. | |||
| 2014-09-23 | bug-709: change spkac-text, wrap crt with <pre>s | Felix Dörre | |
| 2014-09-23 | bug-790: do translation, fix cert download | Felix Dörre | |
| 2014-09-23 | bug-790: implement that thing. | Felix Dörre | |
| 2014-07-15 | Merge branch 'bug-1281' into release | Benny Baumann | |
| 2014-06-15 | bug 1273: replace backtick operators with shell_exec | Felix Dörre | |
| + fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg' | |||
| 2014-06-13 | Merge branch 'release' into bug-807 | Benny Baumann | |
| Conflicts: includes/account.php includes/lib/account.php pages/account/16.php | |||
| 2014-06-08 | bug 1281: Fix syntax error in SQL statementbug-1281 | Benny Baumann | |
| 2014-06-08 | bug 1281: Convert to Unix Line Endings | Benny Baumann | |
| 2014-06-06 | Merge branch 'bug-413' into bug-1138bug-1138 | Benny Baumann | |
| Conflicts: pages/account/12.php pages/account/5.php | |||
| 2014-05-27 | bug 413: Port same change as for 5.php over to 12.phpbug-413 | Benny Baumann | |
| 2014-05-27 | bug 413: Backport changes from 7aced740 by Michael Tänzer to avoid ↵ | Benny Baumann | |
| conflicts when integrating both together | |||
| 2014-05-01 | bug 1138: This is an int, no need to mysql_real_escape() | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-05-01 | bug 1138: Avoid double escaping of $_SESSION['_config']['OU'] and fix XSS | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-30 | bug 1138: Whitespace changes and code formatting | Benny Baumann | |
| 2014-04-30 | bug 1138: And yet another bunch of missing escapes | Benny Baumann | |
| 2014-04-30 | bug 1138: Add some more mising escaping for values from the database | Benny Baumann | |
| 2014-04-30 | bug 1138: Add some more mising escaping for values from the database | Benny Baumann | |
| 2014-04-30 | bug 1138: Add some mising escaping for values from the database | Benny Baumann | |
| 2014-04-29 | bug 1138: Implement log parameter for output_assurances*() and use it for | Michael Tänzer | |
| data summary Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-29 | bug 1138: Only revoke assurance if we actually found one | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-29 | Merge branch 'bug-1221' into bug-1138 | Michael Tänzer | |
| Conflicts: includes/account.php includes/general.php includes/loggedin.php includes/notary.inc.php pages/account/43.php pages/account/55.php pages/wot/10.php www/index.php www/wot.php Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Set $oldid | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Always provide a back link | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: correct colspan for cert tables | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Only use support engineer mode if not viewing own history | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Code style | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Typo | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Properly call output_log_domains() | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Properly display domain table | Michael Tänzer | |
| - Wrong call to get_domains() => deleted domains weren't included - <td> needs to be wrapped in a <tr> Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Always show email address table | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: more intuitive variable naming | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Inline $colspandefault because it make the code more complex and | Michael Tänzer | |
| isn't very useful Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: properly display announcement settings on account history | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Make testing for support access to account details page more | Michael Tänzer | |
| robust and possibly fix some issues - should check for same userid not whether we come from the SE page - always use the already validated values (not $_REQUEST) - make if clause logic more readable Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: make string more readable for translators | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Use CSS styling instead of deprecated attributes | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Source code layout | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Sanitize ticket number against XSS | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Unused variable | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Don't double escape | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-11 | bug 1138: Correct spelling / meaning | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-07 | bug 1138: Adjust the rest of the output_*_certs() functions | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-07 | bug 1138: rename interface to better describe what these functions do | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
| 2014-04-07 | bug 1138: don't alias columns that could cause ambiguities | Michael Tänzer | |
| Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
 |
index : cacert-devel.git | |
| CAcert's authoritative development repository | Software Assessors |
| summaryrefslogtreecommitdiff |