Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-04-07 | Removed CAcert_Root_Certificates_X0F_X0E.msi, since I have no idea how to ↵ | Bernhard Fröhlich | |
review this file, and nothing unreviewed should be installed on the server... | |||
2019-03-29 | Corrected SHA-1 and SHA-256 fingerprints on all forms and pages. | bdmc | |
2019-03-07 | Corrected Mailing Address for CAcert. | bdmc | |
2018-12-14 | corrected the address, and switche from 2-character chunks with colons to ↵ | Karl-Heinz Gödderz (GuKKDevel) | |
4-character chunks with space | |||
2018-12-10 | included SHA256 and SHA1 fingerprints & adjust space | Karl-Heinz Gödderz (GuKKDevel) | |
2018-11-30 | Bug-1305; new certs; CAP-form fingerprint-line split into two | Karl-Heinz Gödderz (GuKKDevel) | |
2018-11-20 | Bug 1305; new root certs; implementing the new fingerprints to CAP-form and ↵ | Karl-Heinz Gödderz (GuKKDevel) | |
COAP-form | |||
2018-11-16 | Bug 1305; new cerificates; rename certificates to corresponding version; | Karl-Heinz Gödderz (GuKKDevel) | |
changing pages/index/3 to access the new certs | |||
2018-11-03 | BUG-1305 new certs; correcting the crt included to class3 (x0e) | Karl-Heinz Gödderz (GuKKDevel) | |
2018-10-31 | Bug-1305; Second part introducing the new cerificates | Karl-Heinz Gödderz (GuKKDevel) | |
2018-10-29 | source code taken from cacert-20180906.tar.bz2 | Bernhard Fröhlich | |
2015-03-11 | Merge branch 'bug-1341' into release | Benny Baumann | |
2015-03-11 | bug 1341: Avoid a privacy issue leaking information if an account exists.bug-1341 | Benny Baumann | |
2015-03-11 | Merge branch 'bug-1341' into release | Benny Baumann | |
2015-01-06 | bug 1345: Fix accidential omissionbug-1345 | Benny Baumann | |
2014-12-16 | bug 1345: Don't include things that aren't to be shown (and requested to be ↵ | Benny Baumann | |
deleted self-referenced-ly) anyway | |||
2014-12-16 | bug 1345: Requested typo correction | Eva Stöwe | |
2014-12-16 | bug 1345: Policy version of CCA document | Benedikt Heintel | |
2014-12-16 | Merge branch 'release' into bug-1131bug-1131 | Benny Baumann | |
Conflicts: pages/wot/6.php www/policy/CAcertCommunityAgreement.php The conflict in the CCA document page was introduced due to the rename of the file. This instance can be safely ignored, as bug 1131 introduces a new version superseeding the old document. The instance in pages/wot/6.php is a bit more complicated, but basically results from a change of bug 1137 and the modified paths to the policy documents. | |||
2014-12-03 | bug-1341: Restrict to 1 login per 5 seconds | Benny Baumann | |
2014-11-23 | Merge branch 'bug-28' into release | Benny Baumann | |
Conflicts: includes/account.php scripts/cron/warning.php www/disputes.php www/wot.php | |||
2014-11-23 | Merge branch 'bug-1273' into release | Benny Baumann | |
2014-11-23 | Merge branch 'bug-1192' into release | Benny Baumann | |
2014-11-18 | Merge branch 'bug-1339' into release | Benny Baumann | |
2014-11-15 | bug-1339: remove all traces of OTPbug-1339 | Felix Dörre | |
2014-09-23 | bug 1131: Update to CPS by Policy Officer | Benny Baumann | |
2014-09-23 | bug 1131: Updated TTP-Policies by Policy Officer | Benny Baumann | |
2014-09-23 | bug 1131: Minor link fix by Eva Stöwe/Policy Officer | Benny Baumann | |
2014-09-23 | bug 1131: And yet some more updates by the Policy Officer | Benny Baumann | |
2014-09-23 | bug 1131: Yet some more updates by the Policy Officer | Benny Baumann | |
2014-09-23 | bug 1131: More policies updated by Policy Officer | Benny Baumann | |
2014-09-23 | bug 1131: Updated SecurityPolicy.html by Eva Stöwe/Policy Officer | Benny Baumann | |
2014-09-17 | bug 1131: Added new version of CPS | Benny Baumann | |
2014-09-16 | bug 1131: Updated alt text for the document status images | Benny Baumann | |
2014-09-16 | bug 1131: Updated Policies based on new versions send by Policy Officer | Benny Baumann | |
Additionally trailing whitespaces, indentation and line breaks have been partially edited to ease reading of the HTML code. The CCA has been skipped to avoid race conditions with other currently running processes. | |||
2014-08-28 | Merge branch 'bug-1293' into release | Benny Baumann | |
2014-08-20 | Merge branch 'bug-1276' into release | Benny Baumann | |
2014-08-19 | bug 1293: Additional changes to CCA by Benediktbug-1293 | Benny Baumann | |
2014-08-19 | bug 1293: Updated latest CCA version by Benedikt 2014-08-19 20:56 | Benny Baumann | |
2014-08-18 | bug 1293: Renewed version provided by the Editor | Benny Baumann | |
2014-08-17 | Updated Policy document by the Editor | Benny Baumann | |
2014-08-17 | bug 1293: Remove the icon according to W3C guidelines | Benny Baumann | |
This change is as we currently do not pass validation and therefore would be infridging on the usage rights. | |||
2014-08-14 | bug 1293: Replace DOCTYPE by HTML5 declaration to avoid conflicts with PHP ↵ | Benny Baumann | |
and the XML declaration for XHTML 1.1 | |||
2014-07-29 | bug 1291: Update wothash calculation for modified behaviourbug-1291 | Benny Baumann | |
2014-07-29 | bug 1293: Add new DRAFT version of current CCA as of 2014-ß7-27 | Benny Baumann | |
2014-07-15 | Merge branch 'bug-1226' into release | Benny Baumann | |
2014-06-21 | bug 1226: Properly use sprintf | Michael Tänzer | |
Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
2014-06-21 | bug 1226: Treat the date values as integer | Michael Tänzer | |
Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
2014-06-21 | bug 1226: Remove really redundant code | Michael Tänzer | |
Signed-off-by: Michael Tänzer <neo@nhng.de> | |||
2014-06-15 | bug 1273: replace backtick operators with shell_exec | Felix Dörre | |
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg' |