Benny Baumann [Sun, 8 Jun 2014 19:54:12 +0000 (21:54 +0200)]
bug 1281: Convert to Unix Line Endings
Benny Baumann [Sat, 7 Jun 2014 08:07:53 +0000 (10:07 +0200)]
Merge branch 'bug-929' into release
Benny Baumann [Fri, 6 Jun 2014 21:50:49 +0000 (23:50 +0200)]
Merge branch 'bug-1172' into release
Benny Baumann [Fri, 6 Jun 2014 20:58:42 +0000 (22:58 +0200)]
Merge branch 'bug-1138' into release
Benny Baumann [Fri, 6 Jun 2014 17:55:39 +0000 (19:55 +0200)]
Merge branch 'bug-1275' into release
Benny Baumann [Fri, 6 Jun 2014 17:54:51 +0000 (19:54 +0200)]
Merge branch 'bug-372' into release
Benny Baumann [Fri, 6 Jun 2014 16:58:04 +0000 (18:58 +0200)]
Merge branch 'bug-413' into bug-1138
Conflicts:
pages/account/12.php
pages/account/5.php
Benny Baumann [Tue, 27 May 2014 21:12:43 +0000 (23:12 +0200)]
bug 413: Port same change as for 5.php over to 12.php
Benny Baumann [Tue, 27 May 2014 20:56:58 +0000 (22:56 +0200)]
bug 413: Backport changes from
7aced740 by Michael Tänzer to avoid conflicts when integrating both together
Michael Tänzer [Mon, 26 May 2014 22:09:12 +0000 (00:09 +0200)]
bug 1138: that "if" should contain a block
goto fail;
Signed-off-by: Michael Tänzer <neo@nhng.de>
Benny Baumann [Tue, 20 May 2014 20:46:26 +0000 (22:46 +0200)]
bug 1138: fix double-escaping in wot/10
Michael Tänzer [Wed, 30 Apr 2014 23:54:51 +0000 (01:54 +0200)]
bug 1138: $verified is a string that is directly filled with data from the
translation system => do not intval()
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Wed, 30 Apr 2014 23:31:19 +0000 (01:31 +0200)]
bug 1138: This is an int, no need to mysql_real_escape()
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Wed, 30 Apr 2014 23:05:17 +0000 (01:05 +0200)]
bug 1138: Avoid double escaping of $_SESSION['_config']['OU'] and fix XSS
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Wed, 30 Apr 2014 21:47:33 +0000 (23:47 +0200)]
bug 1138: Avoid double escaping.
These session variables should be local variables as they aren't needed
anywhere else
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Wed, 30 Apr 2014 21:36:56 +0000 (23:36 +0200)]
bug 1138: Avoid double escaping in `description` which was stored into the
session mysql_real_escaped
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Wed, 30 Apr 2014 21:29:24 +0000 (23:29 +0200)]
bug 1138: Avoid double escaping
Yes it's ugly but should be fixed in a separate bug
Signed-off-by: Michael Tänzer <neo@nhng.de>
Benny Baumann [Wed, 30 Apr 2014 22:17:08 +0000 (00:17 +0200)]
Merge branch 'release' into bug-1138
Benny Baumann [Tue, 29 Apr 2014 21:26:27 +0000 (23:26 +0200)]
bug 1138: additional brackets for better readability
Benny Baumann [Tue, 29 Apr 2014 20:55:02 +0000 (22:55 +0200)]
bug 1138: Reorder fields to better show which variables belong together
Benny Baumann [Wed, 30 Apr 2014 16:30:20 +0000 (18:30 +0200)]
bug 1138: Whitespace changes and code formatting
Benny Baumann [Wed, 30 Apr 2014 18:13:28 +0000 (20:13 +0200)]
bug 1138: And yet another bunch of escaping
Benny Baumann [Wed, 30 Apr 2014 16:44:40 +0000 (18:44 +0200)]
bug 1138: Some escaping for the GnuPG code
Benny Baumann [Wed, 30 Apr 2014 16:27:23 +0000 (18:27 +0200)]
bug 1138: And yet another bunch of missing escapes
Benny Baumann [Wed, 30 Apr 2014 15:24:21 +0000 (17:24 +0200)]
bug 1138: And yet some more sanitizing of database query arguments
Benny Baumann [Tue, 29 Apr 2014 23:14:53 +0000 (01:14 +0200)]
bug 1138: Add some more mising escaping for values from the database
Benny Baumann [Tue, 29 Apr 2014 22:56:23 +0000 (00:56 +0200)]
bug 1138: Add some more mising escaping for values from the database
Benny Baumann [Tue, 29 Apr 2014 22:48:42 +0000 (00:48 +0200)]
bug 1138: Add some mising escaping for values from the database
Benny Baumann [Tue, 29 Apr 2014 22:42:23 +0000 (00:42 +0200)]
bug 1138: Add quite some instances of mising escaping
Benny Baumann [Tue, 29 Apr 2014 21:43:46 +0000 (23:43 +0200)]
bug 1138: Be more paranoid regarding database query parameters
Benny Baumann [Tue, 29 Apr 2014 21:07:33 +0000 (23:07 +0200)]
bug 1138: Properly bail out to remark on missing ticket number
Michael Tänzer [Tue, 29 Apr 2014 21:34:21 +0000 (23:34 +0200)]
bug 372: `orgdomlink` has no `id` field
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 29 Apr 2014 21:20:10 +0000 (23:20 +0200)]
bug 1275: Fix #1275
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 29 Apr 2014 19:53:08 +0000 (21:53 +0200)]
bug 1138: Implement log parameter for output_assurances*() and use it for
data summary
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 29 Apr 2014 18:47:49 +0000 (20:47 +0200)]
bug 1138: Move rendering of the email addresses and such for each assurance
into output_assurances_row()
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 29 Apr 2014 16:40:10 +0000 (18:40 +0200)]
bug 1138: Store the calculated awarded points in the row array to avoid
parameters to the output_assurances_row()
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 29 Apr 2014 16:07:01 +0000 (18:07 +0200)]
bug 1138: Reduce number of parameters for output_assurances_row()
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 29 Apr 2014 15:25:34 +0000 (17:25 +0200)]
bug 1138: Only revoke assurance if we actually found one
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 29 Apr 2014 14:13:59 +0000 (16:13 +0200)]
Merge branch 'bug-1221' into bug-1138
Conflicts:
includes/account.php
includes/general.php
includes/loggedin.php
includes/notary.inc.php
pages/account/43.php
pages/account/55.php
pages/wot/10.php
www/index.php
www/wot.php
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 22 Apr 2014 00:39:14 +0000 (02:39 +0200)]
bug 1221: Adjust the interface of calc_assurances() to be consistent and
use the `deleted` column for the Thawte revocation
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 21 Apr 2014 23:25:15 +0000 (01:25 +0200)]
bug 1221: Reduce number of parameters for calc_experience() and document it
also respect revoked assurances and use calc_awarded()
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 21 Apr 2014 23:01:35 +0000 (01:01 +0200)]
bug 1221: Add comments and restrict TTP assurances
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 21 Apr 2014 22:17:12 +0000 (00:17 +0200)]
bug 1221: Put the assurance method independent logic in one place
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 21 Apr 2014 22:08:09 +0000 (00:08 +0200)]
bug 1221: Rename function to better reflect its use
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 21 Apr 2014 21:34:39 +0000 (23:34 +0200)]
bug 1221: Move calc_points() up to the other point calculation functions
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 21 Apr 2014 18:07:52 +0000 (20:07 +0200)]
Merge branch 'tarballs' into release
Michael Tänzer [Mon, 21 Apr 2014 18:07:00 +0000 (20:07 +0200)]
Source code taken from cacert-
20140419.tar.bz2
Benny Baumann [Fri, 18 Apr 2014 23:37:24 +0000 (01:37 +0200)]
bug 1272: Fix for a typo
Benny Baumann [Fri, 18 Apr 2014 22:45:25 +0000 (00:45 +0200)]
bug 1272: Properly escape the filename passed to OpenSSL
Benny Baumann [Tue, 15 Apr 2014 21:50:38 +0000 (23:50 +0200)]
Merge branch 'bug-1184' into release
Benny Baumann [Tue, 15 Apr 2014 21:07:55 +0000 (23:07 +0200)]
Merge branch 'bug-1266' into release
Michael Tänzer [Mon, 14 Apr 2014 23:07:21 +0000 (01:07 +0200)]
bug 1221: remove redundant line
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 14 Apr 2014 22:52:07 +0000 (00:52 +0200)]
bug 1221: properly name the other part of the assurance
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 14 Apr 2014 11:39:41 +0000 (13:39 +0200)]
bug 1138: Require number suffix for valid ticket numbers
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:57:11 +0000 (23:57 +0200)]
bug 1138: Set $oldid
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:51:35 +0000 (23:51 +0200)]
bug 1138: Always provide a back link
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:43:10 +0000 (23:43 +0200)]
bug 1138: correct colspan for cert tables
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:38:34 +0000 (23:38 +0200)]
bug 1138: Only use support engineer mode if not viewing own history
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:25:08 +0000 (23:25 +0200)]
bug 1138: Code style
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:14:33 +0000 (23:14 +0200)]
bug 1138: Typo
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:06:27 +0000 (23:06 +0200)]
bug 1138: Actually output the domain styling
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:00:27 +0000 (23:00 +0200)]
bug 1138: Properly call output_log_domains()
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 21:00:01 +0000 (23:00 +0200)]
bug 1138: simplify logic for email address output styling
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 20:32:06 +0000 (22:32 +0200)]
bug 1138: Properly display domain table
- Wrong call to get_domains() => deleted domains weren't included
- <td> needs to be wrapped in a <tr>
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 20:28:46 +0000 (22:28 +0200)]
bug 1138: Always show email address table
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 20:19:05 +0000 (22:19 +0200)]
bug 1138: more intuitive variable naming
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 20:15:51 +0000 (22:15 +0200)]
bug 1138: Inline $colspandefault because it make the code more complex and
isn't very useful
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 20:11:43 +0000 (22:11 +0200)]
bug 1138: properly display announcement settings on account history
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 20:04:12 +0000 (22:04 +0200)]
bug 1138: Make testing for support access to account details page more
robust and possibly fix some issues
- should check for same userid not whether we come from the SE page
- always use the already validated values (not $_REQUEST)
- make if clause logic more readable
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 16:51:39 +0000 (18:51 +0200)]
bug 1138: make string more readable for translators
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 16:39:54 +0000 (18:39 +0200)]
bug 1138: Use CSS styling instead of deprecated attributes
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 16:38:15 +0000 (18:38 +0200)]
bug 1138: Source code layout
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 16:03:07 +0000 (18:03 +0200)]
bug 1138: Remove double escaping
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 15:42:01 +0000 (17:42 +0200)]
bug 1138: Sanitize ticket number against XSS
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 15:13:22 +0000 (17:13 +0200)]
bug 1138: Unused variable
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 15:09:42 +0000 (17:09 +0200)]
bug 1138: Don't double escape
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Fri, 11 Apr 2014 14:38:41 +0000 (16:38 +0200)]
bug 1138: Correct spelling / meaning
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Wed, 9 Apr 2014 22:10:20 +0000 (00:10 +0200)]
bug 1266: Escape data on certificate renewal
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 7 Apr 2014 16:49:04 +0000 (18:49 +0200)]
bug 1138: Use blocks in if clauses and make logic explicit
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 7 Apr 2014 16:36:25 +0000 (18:36 +0200)]
bug 1138: Adjust the rest of the output_*_certs() functions
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 7 Apr 2014 14:59:06 +0000 (16:59 +0200)]
bug 1138: only show "change comment" check boxes when not read only
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 7 Apr 2014 14:22:08 +0000 (16:22 +0200)]
bug 1138: Add $readonly parameter to output_client_cert functions
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 7 Apr 2014 13:52:20 +0000 (15:52 +0200)]
bug 1138: Reorder if clauses for better readability
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 7 Apr 2014 13:22:25 +0000 (15:22 +0200)]
bug 1138: Code clean-up
Indentation and such
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 7 Apr 2014 13:18:35 +0000 (15:18 +0200)]
bug 1138: update docstrings
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Mon, 7 Apr 2014 13:16:23 +0000 (15:16 +0200)]
bug 1138: Properly compare against datetime strings
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Sun, 6 Apr 2014 23:22:06 +0000 (01:22 +0200)]
bug 1138: rename interface to better describe what these functions do
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Sun, 6 Apr 2014 23:20:50 +0000 (01:20 +0200)]
bug 1138: Don't include not yet verified email addresses
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Sun, 6 Apr 2014 23:17:43 +0000 (01:17 +0200)]
bug 1138: Make code more resilient to changes
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Sun, 6 Apr 2014 23:15:31 +0000 (01:15 +0200)]
bug 1138: Clean up docstrings
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Sun, 6 Apr 2014 23:08:48 +0000 (01:08 +0200)]
bug 1138: consistent handling for get_*_certs() functions
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Sun, 6 Apr 2014 23:06:20 +0000 (01:06 +0200)]
bug 1138: don't alias columns that could cause ambiguities
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 1 Apr 2014 23:02:23 +0000 (01:02 +0200)]
bug 1138: Error handling when inserting to the admin log
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 1 Apr 2014 16:41:21 +0000 (18:41 +0200)]
bug 1138: Common argument ordering for user_agreement getters
Signed-off-by: Michael Tänzer <neo@nhng.de>
Benny Baumann [Tue, 1 Apr 2014 08:27:58 +0000 (10:27 +0200)]
Merge branch 'bug-1070' into release
Michael Tänzer [Mon, 31 Mar 2014 15:13:49 +0000 (17:13 +0200)]
bug 1138: Documentation and minor fixes
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 25 Mar 2014 23:36:16 +0000 (00:36 +0100)]
bug 1172: Quote table names
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 25 Mar 2014 23:11:00 +0000 (00:11 +0100)]
bug 1172: Correct typos and add missing table
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 25 Mar 2014 22:35:27 +0000 (23:35 +0100)]
bug 1172: sort alphabetically
Signed-off-by: Michael Tänzer <neo@nhng.de>
Michael Tänzer [Tue, 25 Mar 2014 22:23:10 +0000 (23:23 +0100)]
bug 1172: MySQL doesn't have echo
Signed-off-by: Michael Tänzer <neo@nhng.de>