summaryrefslogtreecommitdiff
path: root/www
AgeCommit message (Collapse)Author
2015-03-11Merge branch 'bug-1341' into releaseBenny Baumann
2015-03-11bug 1341: Avoid a privacy issue leaking information if an account exists.bug-1341Benny Baumann
2015-03-11Merge branch 'bug-1341' into releaseBenny Baumann
2015-01-06bug 1345: Fix accidential omissionbug-1345Benny Baumann
2014-12-16bug 1345: Don't include things that aren't to be shown (and requested to be ↵Benny Baumann
deleted self-referenced-ly) anyway
2014-12-16bug 1345: Requested typo correctionEva Stöwe
2014-12-16bug 1345: Policy version of CCA documentBenedikt Heintel
2014-12-16Merge branch 'release' into bug-1131bug-1131Benny Baumann
Conflicts: pages/wot/6.php www/policy/CAcertCommunityAgreement.php The conflict in the CCA document page was introduced due to the rename of the file. This instance can be safely ignored, as bug 1131 introduces a new version superseeding the old document. The instance in pages/wot/6.php is a bit more complicated, but basically results from a change of bug 1137 and the modified paths to the policy documents.
2014-12-03bug-1341: Restrict to 1 login per 5 secondsBenny Baumann
2014-11-23Merge branch 'bug-28' into releaseBenny Baumann
Conflicts: includes/account.php scripts/cron/warning.php www/disputes.php www/wot.php
2014-11-23Merge branch 'bug-1273' into releaseBenny Baumann
2014-11-23Merge branch 'bug-1192' into releaseBenny Baumann
2014-11-18Merge branch 'bug-1339' into releaseBenny Baumann
2014-11-15bug-1339: remove all traces of OTPbug-1339Felix Dörre
2014-09-23bug 1131: Update to CPS by Policy OfficerBenny Baumann
2014-09-23bug 1131: Updated TTP-Policies by Policy OfficerBenny Baumann
2014-09-23bug 1131: Minor link fix by Eva Stöwe/Policy OfficerBenny Baumann
2014-09-23bug 1131: And yet some more updates by the Policy OfficerBenny Baumann
2014-09-23bug 1131: Yet some more updates by the Policy OfficerBenny Baumann
2014-09-23bug 1131: More policies updated by Policy OfficerBenny Baumann
2014-09-23bug 1131: Updated SecurityPolicy.html by Eva Stöwe/Policy OfficerBenny Baumann
2014-09-17bug 1131: Added new version of CPSBenny Baumann
2014-09-16bug 1131: Updated alt text for the document status imagesBenny Baumann
2014-09-16bug 1131: Updated Policies based on new versions send by Policy OfficerBenny Baumann
Additionally trailing whitespaces, indentation and line breaks have been partially edited to ease reading of the HTML code. The CCA has been skipped to avoid race conditions with other currently running processes.
2014-08-28Merge branch 'bug-1293' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1276' into releaseBenny Baumann
2014-08-19bug 1293: Additional changes to CCA by Benediktbug-1293Benny Baumann
2014-08-19bug 1293: Updated latest CCA version by Benedikt 2014-08-19 20:56Benny Baumann
2014-08-18bug 1293: Renewed version provided by the EditorBenny Baumann
2014-08-17Updated Policy document by the EditorBenny Baumann
2014-08-17bug 1293: Remove the icon according to W3C guidelinesBenny Baumann
This change is as we currently do not pass validation and therefore would be infridging on the usage rights.
2014-08-14bug 1293: Replace DOCTYPE by HTML5 declaration to avoid conflicts with PHP ↵Benny Baumann
and the XML declaration for XHTML 1.1
2014-07-29bug 1291: Update wothash calculation for modified behaviourbug-1291Benny Baumann
2014-07-29bug 1293: Add new DRAFT version of current CCA as of 2014-ß7-27Benny Baumann
2014-07-15Merge branch 'bug-1226' into releaseBenny Baumann
2014-06-21bug 1226: Properly use sprintfMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1226: Treat the date values as integerMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-21bug 1226: Remove really redundant codeMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-06-15bug 1273: replace backtick operators with shell_execFelix Dörre
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'
2014-06-13Merge branch 'release' into bug-807Benny Baumann
Conflicts: includes/account.php includes/lib/account.php pages/account/16.php
2014-05-11bug 1276: Allow more name variants according to PracticeOnNames when signing ↵bug-1276Alex English
a PGP key Signed-off-by: Benny Baumann <BenBE@geshi.org>
2014-05-01Merge branch 'release' into bug-1138Benny Baumann
2014-04-30bug 1138: Whitespace changes and code formattingBenny Baumann
2014-04-30bug 1138: And yet another bunch of escapingBenny Baumann
2014-04-29Merge branch 'bug-1221' into bug-1138Michael Tänzer
Conflicts: includes/account.php includes/general.php includes/loggedin.php includes/notary.inc.php pages/account/43.php pages/account/55.php pages/wot/10.php www/index.php www/wot.php Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-04-19bug 1272: Properly escape the filename passed to OpenSSLBenny Baumann
2014-03-24Merge branch 'release' into bug-1138Michael Tänzer
2014-03-21Merge branch 'release' into bug-1221Michael Tänzer
2014-03-21bug 1221: make formatting consistent with the surrounding codeMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>
2014-03-20bug 807: Allow changing the hash algorithm used in signingMichael Tänzer
Signed-off-by: Michael Tänzer <neo@nhng.de>