git.cacert.org Git - cacert-devel.git/log

bug 1138: $verified is a string that is directly filled with data from the
translation system => do not intval()

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Wed, 30 Apr 2014 23:31:19 +0000 (01:31 +0200)]

bug 1138: This is an int, no need to mysql_real_escape()

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Wed, 30 Apr 2014 23:05:17 +0000 (01:05 +0200)]

bug 1138: Avoid double escaping of $_SESSION['_config']['OU'] and fix XSS

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Wed, 30 Apr 2014 21:47:33 +0000 (23:47 +0200)]

bug 1138: Avoid double escaping.

These session variables should be local variables as they aren't needed
anywhere else

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Wed, 30 Apr 2014 21:36:56 +0000 (23:36 +0200)]

bug 1138: Avoid double escaping in `description` which was stored into the
session mysql_real_escaped

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Wed, 30 Apr 2014 21:29:24 +0000 (23:29 +0200)]

bug 1138: Avoid double escaping

Yes it's ugly but should be fixed in a separate bug

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Benny Baumann [Wed, 30 Apr 2014 22:17:08 +0000 (00:17 +0200)]

Merge branch 'release' into bug-1138

commit | commitdiff | tree

Benny Baumann [Tue, 29 Apr 2014 21:26:27 +0000 (23:26 +0200)]

bug 1138: additional brackets for better readability

commit | commitdiff | tree

Benny Baumann [Tue, 29 Apr 2014 20:55:02 +0000 (22:55 +0200)]

bug 1138: Reorder fields to better show which variables belong together

commit | commitdiff | tree

Benny Baumann [Wed, 30 Apr 2014 16:30:20 +0000 (18:30 +0200)]

bug 1138: Whitespace changes and code formatting

commit | commitdiff | tree

Benny Baumann [Wed, 30 Apr 2014 18:13:28 +0000 (20:13 +0200)]

bug 1138: And yet another bunch of escaping

commit | commitdiff | tree

Benny Baumann [Wed, 30 Apr 2014 16:44:40 +0000 (18:44 +0200)]

bug 1138: Some escaping for the GnuPG code

commit | commitdiff | tree

Benny Baumann [Wed, 30 Apr 2014 16:27:23 +0000 (18:27 +0200)]

bug 1138: And yet another bunch of missing escapes

commit | commitdiff | tree

Benny Baumann [Wed, 30 Apr 2014 15:24:21 +0000 (17:24 +0200)]

bug 1138: And yet some more sanitizing of database query arguments

commit | commitdiff | tree

Benny Baumann [Tue, 29 Apr 2014 23:14:53 +0000 (01:14 +0200)]

bug 1138: Add some more mising escaping for values from the database

commit | commitdiff | tree

Benny Baumann [Tue, 29 Apr 2014 22:56:23 +0000 (00:56 +0200)]

bug 1138: Add some more mising escaping for values from the database

commit | commitdiff | tree

Benny Baumann [Tue, 29 Apr 2014 22:48:42 +0000 (00:48 +0200)]

bug 1138: Add some mising escaping for values from the database

commit | commitdiff | tree

Benny Baumann [Tue, 29 Apr 2014 22:42:23 +0000 (00:42 +0200)]

bug 1138: Add quite some instances of mising escaping

commit | commitdiff | tree

Benny Baumann [Tue, 29 Apr 2014 21:43:46 +0000 (23:43 +0200)]

bug 1138: Be more paranoid regarding database query parameters

commit | commitdiff | tree

Benny Baumann [Tue, 29 Apr 2014 21:07:33 +0000 (23:07 +0200)]

bug 1138: Properly bail out to remark on missing ticket number

commit | commitdiff | tree

Michael Tänzer [Tue, 29 Apr 2014 21:34:21 +0000 (23:34 +0200)]

bug 372: `orgdomlink` has no `id` field

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 29 Apr 2014 21:20:10 +0000 (23:20 +0200)]

bug 1275: Fix #1275

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 29 Apr 2014 19:53:08 +0000 (21:53 +0200)]

bug 1138: Implement log parameter for output_assurances*() and use it for
data summary

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 29 Apr 2014 18:47:49 +0000 (20:47 +0200)]

bug 1138: Move rendering of the email addresses and such for each assurance
into output_assurances_row()

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 29 Apr 2014 16:40:10 +0000 (18:40 +0200)]

bug 1138: Store the calculated awarded points in the row array to avoid
parameters to the output_assurances_row()

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 29 Apr 2014 16:07:01 +0000 (18:07 +0200)]

bug 1138: Reduce number of parameters for output_assurances_row()

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 29 Apr 2014 15:25:34 +0000 (17:25 +0200)]

bug 1138: Only revoke assurance if we actually found one

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 29 Apr 2014 14:13:59 +0000 (16:13 +0200)]

Merge branch 'bug-1221' into bug-1138

Conflicts:
includes/account.php
includes/general.php
includes/loggedin.php
includes/notary.inc.php
pages/account/43.php
pages/account/55.php
pages/wot/10.php
www/index.php
www/wot.php

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 22 Apr 2014 00:39:14 +0000 (02:39 +0200)]

bug 1221: Adjust the interface of calc_assurances() to be consistent and
use the `deleted` column for the Thawte revocation

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 21 Apr 2014 23:25:15 +0000 (01:25 +0200)]

bug 1221: Reduce number of parameters for calc_experience() and document it
also respect revoked assurances and use calc_awarded()

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 21 Apr 2014 23:01:35 +0000 (01:01 +0200)]

bug 1221: Add comments and restrict TTP assurances

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 21 Apr 2014 22:17:12 +0000 (00:17 +0200)]

bug 1221: Put the assurance method independent logic in one place

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 21 Apr 2014 22:08:09 +0000 (00:08 +0200)]

bug 1221: Rename function to better reflect its use

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 21 Apr 2014 21:34:39 +0000 (23:34 +0200)]

bug 1221: Move calc_points() up to the other point calculation functions

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 21 Apr 2014 18:07:52 +0000 (20:07 +0200)]

Merge branch 'tarballs' into release

commit | commitdiff | tree

Michael Tänzer [Mon, 21 Apr 2014 18:07:00 +0000 (20:07 +0200)]

Source code taken from cacert-20140419.tar.bz2

commit | commitdiff | tree

Benny Baumann [Fri, 18 Apr 2014 23:37:24 +0000 (01:37 +0200)]

bug 1272: Fix for a typo

commit | commitdiff | tree

Benny Baumann [Fri, 18 Apr 2014 22:45:25 +0000 (00:45 +0200)]

bug 1272: Properly escape the filename passed to OpenSSL

commit | commitdiff | tree

Benny Baumann [Tue, 15 Apr 2014 21:50:38 +0000 (23:50 +0200)]

Merge branch 'bug-1184' into release

commit | commitdiff | tree

Benny Baumann [Tue, 15 Apr 2014 21:07:55 +0000 (23:07 +0200)]

Merge branch 'bug-1266' into release

commit | commitdiff | tree

Michael Tänzer [Mon, 14 Apr 2014 23:07:21 +0000 (01:07 +0200)]

bug 1221: remove redundant line

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 14 Apr 2014 22:52:07 +0000 (00:52 +0200)]

bug 1221: properly name the other part of the assurance

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 14 Apr 2014 11:39:41 +0000 (13:39 +0200)]

bug 1138: Require number suffix for valid ticket numbers

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:57:11 +0000 (23:57 +0200)]

bug 1138: Set $oldid

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:51:35 +0000 (23:51 +0200)]

bug 1138: Always provide a back link

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:43:10 +0000 (23:43 +0200)]

bug 1138: correct colspan for cert tables

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:38:34 +0000 (23:38 +0200)]

bug 1138: Only use support engineer mode if not viewing own history

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:25:08 +0000 (23:25 +0200)]

bug 1138: Code style

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:14:33 +0000 (23:14 +0200)]

bug 1138: Typo

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:06:27 +0000 (23:06 +0200)]

bug 1138: Actually output the domain styling

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:00:27 +0000 (23:00 +0200)]

bug 1138: Properly call output_log_domains()

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 21:00:01 +0000 (23:00 +0200)]

bug 1138: simplify logic for email address output styling

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 20:32:06 +0000 (22:32 +0200)]

bug 1138: Properly display domain table

- Wrong call to get_domains() => deleted domains weren't included
- <td> needs to be wrapped in a <tr>

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 20:28:46 +0000 (22:28 +0200)]

bug 1138: Always show email address table

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 20:19:05 +0000 (22:19 +0200)]

bug 1138: more intuitive variable naming

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 20:15:51 +0000 (22:15 +0200)]

bug 1138: Inline $colspandefault because it make the code more complex and
isn't very useful

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 20:11:43 +0000 (22:11 +0200)]

bug 1138: properly display announcement settings on account history

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 20:04:12 +0000 (22:04 +0200)]

bug 1138: Make testing for support access to account details page more
robust and possibly fix some issues

- should check for same userid not whether we come from the SE page
- always use the already validated values (not $_REQUEST)
- make if clause logic more readable

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 16:51:39 +0000 (18:51 +0200)]

bug 1138: make string more readable for translators

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 16:39:54 +0000 (18:39 +0200)]

bug 1138: Use CSS styling instead of deprecated attributes

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 16:38:15 +0000 (18:38 +0200)]

bug 1138: Source code layout

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 16:03:07 +0000 (18:03 +0200)]

bug 1138: Remove double escaping

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 15:42:01 +0000 (17:42 +0200)]

bug 1138: Sanitize ticket number against XSS

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 15:13:22 +0000 (17:13 +0200)]

bug 1138: Unused variable

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 15:09:42 +0000 (17:09 +0200)]

bug 1138: Don't double escape

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Fri, 11 Apr 2014 14:38:41 +0000 (16:38 +0200)]

bug 1138: Correct spelling / meaning

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Wed, 9 Apr 2014 22:10:20 +0000 (00:10 +0200)]

bug 1266: Escape data on certificate renewal

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 7 Apr 2014 16:49:04 +0000 (18:49 +0200)]

bug 1138: Use blocks in if clauses and make logic explicit

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 7 Apr 2014 16:36:25 +0000 (18:36 +0200)]

bug 1138: Adjust the rest of the output_*_certs() functions

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 7 Apr 2014 14:59:06 +0000 (16:59 +0200)]

bug 1138: only show "change comment" check boxes when not read only

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 7 Apr 2014 14:22:08 +0000 (16:22 +0200)]

bug 1138: Add $readonly parameter to output_client_cert functions

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 7 Apr 2014 13:52:20 +0000 (15:52 +0200)]

bug 1138: Reorder if clauses for better readability

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 7 Apr 2014 13:22:25 +0000 (15:22 +0200)]

bug 1138: Code clean-up

Indentation and such

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 7 Apr 2014 13:18:35 +0000 (15:18 +0200)]

bug 1138: update docstrings

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Mon, 7 Apr 2014 13:16:23 +0000 (15:16 +0200)]

bug 1138: Properly compare against datetime strings

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Sun, 6 Apr 2014 23:22:06 +0000 (01:22 +0200)]

bug 1138: rename interface to better describe what these functions do

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Sun, 6 Apr 2014 23:20:50 +0000 (01:20 +0200)]

bug 1138: Don't include not yet verified email addresses

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Sun, 6 Apr 2014 23:17:43 +0000 (01:17 +0200)]

bug 1138: Make code more resilient to changes

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Sun, 6 Apr 2014 23:15:31 +0000 (01:15 +0200)]

bug 1138: Clean up docstrings

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Sun, 6 Apr 2014 23:08:48 +0000 (01:08 +0200)]

bug 1138: consistent handling for get_*_certs() functions

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Sun, 6 Apr 2014 23:06:20 +0000 (01:06 +0200)]

bug 1138: don't alias columns that could cause ambiguities

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 1 Apr 2014 23:02:23 +0000 (01:02 +0200)]

bug 1138: Error handling when inserting to the admin log

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 1 Apr 2014 16:41:21 +0000 (18:41 +0200)]

bug 1138: Common argument ordering for user_agreement getters

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Benny Baumann [Tue, 1 Apr 2014 08:27:58 +0000 (10:27 +0200)]

Merge branch 'bug-1070' into release

commit | commitdiff | tree

Michael Tänzer [Mon, 31 Mar 2014 15:13:49 +0000 (17:13 +0200)]

bug 1138: Documentation and minor fixes

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 25 Mar 2014 23:36:16 +0000 (00:36 +0100)]

bug 1172: Quote table names

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 25 Mar 2014 23:11:00 +0000 (00:11 +0100)]

bug 1172: Correct typos and add missing table

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 25 Mar 2014 22:35:27 +0000 (23:35 +0100)]

bug 1172: sort alphabetically

Signed-off-by: Michael Tänzer <neo@nhng.de>

commit | commitdiff | tree

Michael Tänzer [Tue, 25 Mar 2014 22:23:10 +0000 (23:23 +0100)]

bug 1172: MySQL doesn't have echo

Signed-off-by: Michael Tänzer <neo@nhng.de>