path: root/www
AgeCommit message (Collapse)Author
2019-04-07Removed CAcert_Root_Certificates_X0F_X0E.msi, since I have no idea how to ↵Bernhard Fröhlich
review this file, and nothing unreviewed should be installed on the server...
2019-03-29Corrected SHA-1 and SHA-256 fingerprints on all forms and pages.bdmc
2019-03-07Corrected Mailing Address for CAcert.bdmc
2018-12-14corrected the address, and switche from 2-character chunks with colons to ↵Karl-Heinz Gödderz (GuKKDevel)
4-character chunks with space
2018-12-10included SHA256 and SHA1 fingerprints & adjust spaceKarl-Heinz Gödderz (GuKKDevel)
2018-11-30Bug-1305; new certs; CAP-form fingerprint-line split into twoKarl-Heinz Gödderz (GuKKDevel)
2018-11-20Bug 1305; new root certs; implementing the new fingerprints to CAP-form and ↵Karl-Heinz Gödderz (GuKKDevel)
2018-11-16Bug 1305; new cerificates; rename certificates to corresponding version;Karl-Heinz Gödderz (GuKKDevel)
changing pages/index/3 to access the new certs
2018-11-03BUG-1305 new certs; correcting the crt included to class3 (x0e)Karl-Heinz Gödderz (GuKKDevel)
2018-10-31Bug-1305; Second part introducing the new cerificatesKarl-Heinz Gödderz (GuKKDevel)
2018-10-29source code taken from cacert-20180906.tar.bz2Bernhard Fröhlich
2015-03-11Merge branch 'bug-1341' into releaseBenny Baumann
2015-03-11bug 1341: Avoid a privacy issue leaking information if an account exists.bug-1341Benny Baumann
2015-03-11Merge branch 'bug-1341' into releaseBenny Baumann
2015-01-06bug 1345: Fix accidential omissionbug-1345Benny Baumann
2014-12-16bug 1345: Don't include things that aren't to be shown (and requested to be ↵Benny Baumann
deleted self-referenced-ly) anyway
2014-12-16bug 1345: Requested typo correctionEva Stöwe
2014-12-16bug 1345: Policy version of CCA documentBenedikt Heintel
2014-12-16Merge branch 'release' into bug-1131bug-1131Benny Baumann
Conflicts: pages/wot/6.php www/policy/CAcertCommunityAgreement.php The conflict in the CCA document page was introduced due to the rename of the file. This instance can be safely ignored, as bug 1131 introduces a new version superseeding the old document. The instance in pages/wot/6.php is a bit more complicated, but basically results from a change of bug 1137 and the modified paths to the policy documents.
2014-12-03bug-1341: Restrict to 1 login per 5 secondsBenny Baumann
2014-11-23Merge branch 'bug-28' into releaseBenny Baumann
Conflicts: includes/account.php scripts/cron/warning.php www/disputes.php www/wot.php
2014-11-23Merge branch 'bug-1273' into releaseBenny Baumann
2014-11-23Merge branch 'bug-1192' into releaseBenny Baumann
2014-11-18Merge branch 'bug-1339' into releaseBenny Baumann
2014-11-15bug-1339: remove all traces of OTPbug-1339Felix Dörre
2014-09-23bug 1131: Update to CPS by Policy OfficerBenny Baumann
2014-09-23bug 1131: Updated TTP-Policies by Policy OfficerBenny Baumann
2014-09-23bug 1131: Minor link fix by Eva Stöwe/Policy OfficerBenny Baumann
2014-09-23bug 1131: And yet some more updates by the Policy OfficerBenny Baumann
2014-09-23bug 1131: Yet some more updates by the Policy OfficerBenny Baumann
2014-09-23bug 1131: More policies updated by Policy OfficerBenny Baumann
2014-09-23bug 1131: Updated SecurityPolicy.html by Eva Stöwe/Policy OfficerBenny Baumann
2014-09-17bug 1131: Added new version of CPSBenny Baumann
2014-09-16bug 1131: Updated alt text for the document status imagesBenny Baumann
2014-09-16bug 1131: Updated Policies based on new versions send by Policy OfficerBenny Baumann
Additionally trailing whitespaces, indentation and line breaks have been partially edited to ease reading of the HTML code. The CCA has been skipped to avoid race conditions with other currently running processes.
2014-08-28Merge branch 'bug-1293' into releaseBenny Baumann
2014-08-20Merge branch 'bug-1276' into releaseBenny Baumann
2014-08-19bug 1293: Additional changes to CCA by Benediktbug-1293Benny Baumann
2014-08-19bug 1293: Updated latest CCA version by Benedikt 2014-08-19 20:56Benny Baumann
2014-08-18bug 1293: Renewed version provided by the EditorBenny Baumann
2014-08-17Updated Policy document by the EditorBenny Baumann
2014-08-17bug 1293: Remove the icon according to W3C guidelinesBenny Baumann
This change is as we currently do not pass validation and therefore would be infridging on the usage rights.
2014-08-14bug 1293: Replace DOCTYPE by HTML5 declaration to avoid conflicts with PHP ↵Benny Baumann
and the XML declaration for XHTML 1.1
2014-07-29bug 1291: Update wothash calculation for modified behaviourbug-1291Benny Baumann
2014-07-29bug 1293: Add new DRAFT version of current CCA as of 2014-ß7-27Benny Baumann
2014-07-15Merge branch 'bug-1226' into releaseBenny Baumann
2014-06-21bug 1226: Properly use sprintfMichael Tänzer
Signed-off-by: Michael Tänzer <>
2014-06-21bug 1226: Treat the date values as integerMichael Tänzer
Signed-off-by: Michael Tänzer <>
2014-06-21bug 1226: Remove really redundant codeMichael Tänzer
Signed-off-by: Michael Tänzer <>
2014-06-15bug 1273: replace backtick operators with shell_execFelix Dörre
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'