summaryrefslogtreecommitdiff
path: root/pages
AgeCommit message (Collapse)Author
2018-10-30All mysql_-statments replaced by their corresponding mysqli_-statementsKarl-Heinz Gödderz (GuKKDevel)
2014-12-16Merge branch 'release' into bug-1131bug-1131Benny Baumann
Conflicts: pages/wot/6.php www/policy/CAcertCommunityAgreement.php The conflict in the CCA document page was introduced due to the rename of the file. This instance can be safely ignored, as bug 1131 introduces a new version superseeding the old document. The instance in pages/wot/6.php is a bit more complicated, but basically results from a change of bug 1137 and the modified paths to the policy documents.
2014-12-05Merge remote-tracking branch 'origin/bug-790' into releaseMichael Tänzer
2014-11-23Merge branch 'bug-1273' into releaseBenny Baumann
2014-11-23Merge branch 'bug-1192' into releaseBenny Baumann
2014-11-18Merge branch 'bug-1339' into releaseBenny Baumann
2014-11-15bug-1339: remove all traces of OTPbug-1339Felix Dörre
2014-10-14bug-1192: changed text on index/52.phpbug-1192INOPIAE
2014-10-07bug-790: update the text for orgClientCertbug-790Felix Dörre
According to common decision in SAP meeting.
2014-10-07bug-790: Add a descriptive text for orgClient ...Felix Dörre
... to help people to see where the CSR should go.
2014-09-30bug-1192: added explanation textINOPIAE
2014-09-23bug-709: change spkac-text, wrap crt with <pre>sFelix Dörre
2014-09-23bug-790: do translation, fix cert downloadFelix Dörre
2014-09-23bug-790: implement that thing.Felix Dörre
2014-07-27bug 1291: Another XSSBenny Baumann
2014-07-15Merge branch 'bug-1226' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1283' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1281' into releaseBenny Baumann
2014-07-15Merge branch 'bug-1280' into releaseBenny Baumann
2014-06-22bug 1226: Only consider values above 1900 as the year when returning a ↵bug-1226Benny Baumann
pre-filled form
2014-06-21bug 1226: Treat the date values as integerMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1280: Implement normalisation in of language codes in the L10n classbug-1280Michael Tänzer
and use it (in set_translation() and the Assurer contact form) Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21Revert "bug-1280: Parse the language code from the locale."Michael Tänzer
This reverts commit f3885b3bc9ff61da78fb541151f16b0ecfdf62eb.
2014-06-21Revert "bug-1280: Handle more different types of "languages":"Michael Tänzer
This reverts commit 0730c9df3eb440205d7963e3c0762765d9b47031.
2014-06-21Revert "bug-1280: Variable naming, formatting, php-syntax-error"Michael Tänzer
This reverts commit 6b1cd2a57b0aaa88374b1098df40cc6f73cdff5d.
2014-06-15bug 1273: replace backtick operators with shell_execFelix Dörre
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'
2014-06-13Merge branch 'release' into bug-807Benny Baumann
Conflicts: includes/account.php includes/lib/account.php pages/account/16.php
2014-06-11bug-1280: Variable naming, formatting, php-syntax-errorFelix Dörre
2014-06-11bug-1280: Handle more different types of "languages":Felix Dörre
- zh_CN => zh-cn (in various cases: ZH_cn, zh_cn, ...) - de => de (what the current GUI produces) - de_DE => de, en_AU => en, EN_AU => en (what may be left in the database) ... and more creative upper/lower-cases
2014-06-11bug-1280: Parse the language code from the locale.Felix Dörre
Splitting the string at "_" and lowering the characters.
2014-06-10bug 1283: remove double encodingbug-1283Felix Dörre
The locales are already encoded in the Database.
2014-06-08bug 1281: Fix syntax error in SQL statementbug-1281Benny Baumann
2014-06-08bug 1281: Convert to Unix Line EndingsBenny Baumann
2014-06-06Merge branch 'bug-413' into bug-1138bug-1138Benny Baumann
Conflicts: pages/account/12.php pages/account/5.php
2014-05-27bug 413: Port same change as for 5.php over to 12.phpbug-413Benny Baumann
2014-05-27bug 413: Backport changes from 7aced740 by Michael Tänzer to avoid ↵Benny Baumann
conflicts when integrating both together
2014-05-20bug 1138: fix double-escaping in wot/10Benny Baumann
2014-05-01bug 1138: $verified is a string that is directly filled with data from theMichael Tänzer
translation system => do not intval() Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-05-01bug 1138: This is an int, no need to mysql_real_escape()Michael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-05-01bug 1138: Avoid double escaping of $_SESSION['_config']['OU'] and fix XSSMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-04-30bug 1138: Whitespace changes and code formattingBenny Baumann
2014-04-30bug 1138: And yet another bunch of escapingBenny Baumann
2014-04-30bug 1138: Some escaping for the GnuPG codeBenny Baumann
2014-04-30bug 1138: And yet another bunch of missing escapesBenny Baumann
2014-04-30bug 1138: Add some more mising escaping for values from the databaseBenny Baumann
2014-04-30bug 1138: Add some more mising escaping for values from the databaseBenny Baumann
2014-04-30bug 1138: Add some mising escaping for values from the databaseBenny Baumann
2014-04-29bug 1138: Implement log parameter for output_assurances*() and use it forMichael Tänzer
data summary Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-04-29bug 1138: Only revoke assurance if we actually found oneMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-04-29Merge branch 'bug-1221' into bug-1138Michael Tänzer
Conflicts: includes/account.php includes/general.php includes/loggedin.php includes/notary.inc.php pages/account/43.php pages/account/55.php pages/wot/10.php www/index.php www/wot.php Signed-off-by: Michael Tänzer <neo@nhng.de>