RubénD
9d0e169d21
Merge pull request #1856
...
* fix: Encode XSS related characters and strip tags.
2022-07-02 07:48:11 +02:00
RubénD
c39b60c2a7
Merge pull request #1853
...
* fix: Encode special characters using regex.
* chore: Bump version number.
2022-07-01 08:14:33 +02:00
RubénD
244fa4429c
Merge pull request #1588 ( #1848 )
...
* [FIX] Fixes issue with LDAP pagination
Co-authored-by: Felix Haase <felix.haase@feki.de >
2022-06-25 10:16:34 +02:00
RubénD
c896d7f2da
doc: SECURITY.md file ( #1847 )
2022-06-25 10:14:37 +02:00
jess
e63548f884
Merge pull request #1363
...
* Added backers and sponsors on the README
* Merge branch 'master' into opencollective
2022-06-25 10:01:04 +02:00
RubénD
1be83de9b2
Merge pull request #1846
...
* chore: Set X-Frame options and CSP. Thanks to @lengochoa7112000 !!
* chore: Update dependencies.
* chore: Bump version number.
2022-06-25 09:43:52 +02:00
RubénD
0ea0a13860
fix: Add missing tables to tables list. ( #1843 )
...
Thanks to @Jonher937 for the notice!!
Closes #1786 .
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-06-18 18:01:42 +02:00
RubénD
36d0c8861e
Fix/url regex ( #1842 )
...
* fix: Tweak URL's regex to avoid XSS.
Thanks to @rgavilan for the feedback!
Closes #1840 .
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* chore: Update dependencies.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* chore: Use `ENT_QUOTES` flag for all `htmlspecialchars` calls.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-06-18 09:50:59 +02:00
RubénD
b1e7edd761
fix: Return safe url for accounts. ( #1839 )
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-06-16 08:32:21 +02:00
dependabot[bot]
3cebed36dc
Bump guzzlehttp/guzzle from 6.5.6 to 6.5.7 ( #1834 )
2022-06-16 06:31:04 +00:00
RubénD
3c25f9021f
Feat/dependencies ( #1833 )
...
* fix: Fix XSS when displaying URL on search account view.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* fix: Fix XSS when displaying URL on account view.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* fix: Fix XSS when displaying some URLs.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* fix: Fix XSS when displaying some URLs.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* chore: Bump version number.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* build: Update dependencies.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* build: Update dependencies.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-06-04 09:46:24 +02:00
RubénD
4da4d03173
fix: Fix XSS on some URLs ( #1832 )
...
* fix: Fix XSS when displaying URL on search account view.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* fix: Fix XSS when displaying URL on account view.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* fix: Fix XSS when displaying some URLs.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* fix: Fix XSS when displaying some URLs.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
* chore: Bump version number.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-06-04 09:39:22 +02:00
RubénD
7a813d4786
Merge pull request #1829 from nuxsmin/fix/wrong_syntax
...
Fix/wrong syntax
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-05-26 07:40:05 +02:00
Rubén D
e1f7374378
chore: Minor code tweaks.
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-05-26 07:27:34 +02:00
Rubén D
0fb21d58ad
fix: Wrong variable syntax. Thanks to @riccimatic for the notice!
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-05-26 07:20:35 +02:00
RubénD
3c026f7964
Merge pull request #1826 from nuxsmin/fix/xss
...
Fix/xss
2022-05-25 08:58:02 +02:00
Rubén D
f3ec58510d
Merge branch 'v3.2' into fix/xss
2022-05-25 08:43:33 +02:00
Rubén D
96eaeacd58
chore: Bump version.
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-05-25 07:16:17 +02:00
Rubén D
fccaa9d892
chore: Update dependencies.
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-05-25 07:16:00 +02:00
Rubén D
ec686eec5d
fix: Prevent XSS on all output variables.
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2022-05-25 07:08:47 +02:00
RubénD
ac00338cad
Merge pull request #1585 from sur5r/master
...
[MOD Log which locale failed to load
2021-09-25 10:01:55 +02:00
Rubén D
6022ce74c9
Merge remote-tracking branch 'origin/master'
2021-03-13 12:29:59 +01:00
RubénD
5882699f22
Merge pull request #1668 from nuxsmin/v3.2
...
v3.2.2
2021-03-13 12:22:41 +01:00
Rubén D
a1418e627a
Merge branch 'v3.2'
2021-03-13 12:11:02 +01:00
Rubén D
861ce46e8a
* [MOD] Bump version number
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2021-03-13 11:45:25 +01:00
Rubén D
6e72067b6b
* [FIX] Prevent random password generator to crash when chars are skipped. Thanks to @blabllavita . Closes #1641
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2021-03-13 11:37:50 +01:00
Rubén D
3b189aa5e6
* [FIX] HTTP_X_FORWARDED_FOR header wasn't parsed. Thanks to @jlegido for the feedback. Closes #1653
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2021-03-13 10:37:41 +01:00
RubénD
4c3312d3a9
Merge pull request #1644 from nuxsmin/v3.2
...
* [FIX] Fix ADS search behavior by unsseting `ACCOUNTDISABLE` flag fo…
2021-01-16 12:15:12 +01:00
Rubén D
728ec832f3
* [FIX] Fix ADS search behavior by unsseting ACCOUNTDISABLE flag for UserAccountControl property, since it prevents to throw the proper status code when authenticating against LDAP. Thanks to @t0l0 for testing. Closes #1574
...
* [MOD] Update dependencies
* [MOD] Bump version number
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2021-01-16 12:13:25 +01:00
RubénD
45130f3b79
Merge pull request #1643 from nuxsmin/v3.2
...
* [FIX] Fix ADS search behavior by unsseting `ACCOUNTDISABLE` flag fo…
2021-01-16 12:09:06 +01:00
Rubén D
b0050813b0
* [FIX] Fix ADS search behavior by unsseting ACCOUNTDISABLE flag for UserAccountControl property, since it prevents to throw the proper status code when authenticating against LDAP. Thanks to @t0l0 for testing. Closes #1574
...
* [MOD] Update dependencies
* [MOD] Bump version number
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2021-01-16 11:46:58 +01:00
RubénD
aa5ff5548b
Merge pull request #1631 from nuxsmin/v3.2
...
Release 3.2
2020-12-20 20:48:51 +01:00
Rubén D
f428a8c1d6
* [MOD] Bump version number
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2020-12-20 20:46:21 +01:00
Rubén D
4e119dee47
Merge branch 'v3.1'
2020-12-20 20:29:26 +01:00
Rubén D
b3137a181a
* [MOD] Improve backup regex
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2020-12-20 18:30:43 +01:00
Rubén D
5e3281bce8
* [FIX] Set coverage mode through env var
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2020-12-20 17:51:32 +01:00
Rubén D
900008292b
* [FIX] Set minimum required PHP version to 7.3 because dependency constraints
...
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2020-12-20 16:27:10 +01:00
Rubén D
a55548f4c4
* [MOD] Update dependencies
...
* [FIX] Fix displaying install page when the app is already installed. Thanks to @kmmndr for the notice. Closes #1629
* [FIX] Fix issue when dropping DB user after an errored installation.
Signed-off-by: Rubén D <nuxsmin@syspass.org >
2020-12-20 15:25:20 +01:00
Rubén D
de1e4366c6
Merge remote-tracking branch 'origin/v3.1' into v3.1
2020-12-20 15:20:43 +01:00
RubénD
5bc8adf84b
Merge pull request #1596 from magcho/v3.1
...
New Japanese translation
2020-12-03 21:13:57 +01:00
magcho
c82e0e4018
[update] translate
2020-09-30 17:26:30 +09:00
magcho
3ebbc540d4
[update] notification translate
2020-09-30 15:56:55 +09:00
magcho
cbd89815d2
[update] confuguration translate
2020-09-30 12:18:51 +09:00
magcho
c2d3f8c0d3
[update] encrypt of configuration translate
2020-09-30 11:40:05 +09:00
magcho
50686bc6df
[update] mail of configuration translate
2020-09-30 01:32:33 +09:00
magcho
9e057c49eb
[update] ldap of configuration translate
2020-09-30 01:30:02 +09:00
magcho
6900ff66e7
[update] wiki of configuration translate
2020-09-30 01:25:40 +09:00
magcho
d1976a4b9e
[update] general of configuration translate
2020-09-30 00:50:50 +09:00
magcho
5e3bdf0770
[update] translate plugins page
2020-09-30 00:45:59 +09:00
magcho
a664f6b1f3
[update] セキュリティーと異常検知を翻訳
2020-09-30 00:24:09 +09:00
