| #
102cdbd7 |
| 15-Sep-2018 |
LarsGit223 <lars_paulsen@web.de> |
Auth/Mailer: properly handle usernames including a comma
Prevent splitting of e-mail addresses at the wrong point by enclosing a username in '"'.
The "To" e-mail address in the notification mail was
Auth/Mailer: properly handle usernames including a comma
Prevent splitting of e-mail addresses at the wrong point by enclosing a username in '"'.
The "To" e-mail address in the notification mail was malformed if a new user was added
and included a ',' in it's name. Fixes #1569.
show more ...
|
| #
b4f2363a |
| 27-Apr-2018 |
Andreas Gohr <andi@splitbrain.org> |
remove DOKU_INC checks
There is no need for this check, since these files should not have any
main code that is executed on direct call.
Fixes PSR1.Files.SideEffects.FoundWithSymbols
|
| #
fe745bec |
| 19-Mar-2018 |
Michael Große <grosse@cosmocode.de> |
tests: use non-empty string for static salt
As pointed out by @klap-in, an empty string may evaluate to false in
some circumstances. This is something we may not want. Using a string
like 'test' sho
tests: use non-empty string for static salt
As pointed out by @klap-in, an empty string may evaluate to false in
some circumstances. This is something we may not want. Using a string
like 'test' should therefore be more robust.
show more ...
|
| #
a1fe3c9c |
| 30-Jan-2018 |
Michael Große <grosse@cosmocode.de> |
feat: make auth salt static in test environments
There are circumstances where we may want to test generated content that
uses the auth salt, for example when one tests the rendering of external
ima
feat: make auth salt static in test environments
There are circumstances where we may want to test generated content that
uses the auth salt, for example when one tests the rendering of external
images where the url contains a token from media_get_token
show more ...
|
| #
f8b1e4e7 |
| 04-Apr-2017 |
Andreas Gohr <andi@splitbrain.org> |
use 403 response on bad logins. closes #1937
|
| #
114248c7 |
| 30-Nov-2016 |
Andreas Gohr <gohr@cosmocode.de> |
Merge branch 'master' into phpseclib
* master: (54 commits)
updated geshi
authpdo - use type safe comparison on passwords. fixes #1765
removed unneeded files from random_compat
Use cryptogra
Merge branch 'master' into phpseclib
* master: (54 commits)
updated geshi
authpdo - use type safe comparison on passwords. fixes #1765
removed unneeded files from random_compat
Use cryptographically secure pseudo random number generator (CSPRNG)
translation update
translation update
translation update
translation update
translation update
or maybe I only now figured out the right travis config :-/
disable 7.1 testing completely
allow 7.1 failures until it's released #1682
DE translation for key 'protected'
Use 'Benachrichtigung' instead of 'Notifikation'
Fix spelling of some terms (lower to upper case)
DE translation for key: addUser_error_missing_pass
DE translation for keys: update_name, update_mail
translation update
translation update
Implemented interwiki substitution for external images (issue #1614).
...
show more ...
|
| #
7a33d2f8 |
| 20-Nov-2016 |
Niklas Keller <me@kelunik.com> |
Use cryptographically secure pseudo random number generator (CSPRNG)
Uses paragonie/random_compat instead of insecure home-brewed code.
It's NEVER fine to fall back to mt_rand() for secure random.
Use cryptographically secure pseudo random number generator (CSPRNG)
Uses paragonie/random_compat instead of insecure home-brewed code.
It's NEVER fine to fall back to mt_rand() for secure random.
Fixes #1760.
show more ...
|
| #
1af2f135 |
| 06-Sep-2016 |
Andreas Gohr <gohr@cosmocode.de> |
phpseclib is now namespaced
|
| #
59752844 |
| 14-Jun-2016 |
Anders Sandblad <runeson@gmail.com> |
Fixed broken links to php.net and redirecting pages to php.net
|
| #
c6c3f80e |
| 26-May-2016 |
Andreas Gohr <andi@splitbrain.org> |
Merge pull request #1504 from mape2k/authplain_fix_user_cache
Invalidate user session cache after profile data was changed (fix #1117)
|
| #
955d4588 |
| 19-Apr-2016 |
Andreas Gohr <andi@splitbrain.org> |
removed support for loading authplugins by old name #1535
|
| #
c276e9e8 |
| 15-Mar-2016 |
Marcel Pennewiss <github@pennewiss.de> |
Invalidate user session cache after profile data was changed
|
| #
8eca974c |
| 27-Nov-2015 |
Andreas Gohr <andi@splitbrain.org> |
remove unused token login. closes #1376
The token login was introduced for the flash uploader. Since it has been
removed there is no need for this code anymore.
|
| #
37ff2261 |
| 12-Jun-2015 |
Sascha Klopp <klopp@rrzn.uni-hannover.de> |
correctly handle usergroups array
|
| #
e6c4392f |
| 07-May-2015 |
Patrick Brown <ptbrown@whoopdedo.org> |
Fix scrutinizer issues with auth
|
| #
db9faf02 |
| 06-May-2015 |
Patrick Brown <ptbrown@whoopdedo.org> |
Report more meaningful errors when an auth backend fails. closes #1093
|
| #
79e79377 |
| 07-Jan-2015 |
Andreas Gohr <gohr@cosmocode.de> |
Remove error supression for file_exists()
In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PH
Remove error supression for file_exists()
In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PHP 5.3 now, there's no need to supress any error here
anymore. This might even give a minor performance boost.
show more ...
|
| #
8702de7f |
| 09-Dec-2014 |
Gerrit Uitslag <klapinklapin@gmail.com> |
Merge remote-tracking branch 'origin/master' into scrutinizerissues
Conflicts:
inc/media.php
inc/plugin.php
inc/template.php
lib/plugins/authplain/_test/escaping.test.php
lib/plugins/syntax.php
|
| #
60aca4b9 |
| 06-Oct-2014 |
Andreas Gohr <gohr@cosmocode.de> |
do not use Accept-Encoding in browser UID
Since Chrome 37, they send differen accept encodings for POST and GET
requests which will break BrowserUID checks as reported in
cosmocode/dokuwiki-plugin-o
do not use Accept-Encoding in browser UID
Since Chrome 37, they send differen accept encodings for POST and GET
requests which will break BrowserUID checks as reported in
cosmocode/dokuwiki-plugin-oauth/issues/3
See https://code.google.com/p/chromium/issues/detail?id=410559 for
official bug report at Google
show more ...
|
| #
7e8500ee |
| 02-Oct-2014 |
Gerrit Uitslag <klapinklapin@gmail.com> |
PHPDocs and some improvements
|
| #
42ea7f44 |
| 01-Oct-2014 |
Gerrit Uitslag <klapinklapin@gmail.com> |
Many PHPDocs, some unused and dyn declared vars
many PHPDocs
some unused variables
some dynamically declared variables declared
|
| #
59bc3b48 |
| 29-Sep-2014 |
Gerrit Uitslag <klapinklapin@gmail.com> |
more scrutinizer issue improvements
|
| #
3df1d4a6 |
| 27-Sep-2014 |
Andreas Gohr <andi@splitbrain.org> |
Merge pull request #868 from splitbrain/authclean
clean user credentials from control chars
|
| #
7b950f2d |
| 26-Sep-2014 |
Andreas Gohr <andi@splitbrain.org> |
Merge remote-tracking branch 'origin/auth_getUserData_improvements'
* origin/auth_getUserData_improvements:
KISS - remove class constants for REQUIRE_GROUPS & IGNORE_GROUPS and replace with boolea
Merge remote-tracking branch 'origin/auth_getUserData_improvements'
* origin/auth_getUserData_improvements:
KISS - remove class constants for REQUIRE_GROUPS & IGNORE_GROUPS and replace with boolean values
use $requireGroups constants in auth classes; comments; code improvements
fix comment errors, sp. & grammar
code styling - add missing braces
Allow user info to be retrieved without groups
Restore correct public interface of getUserData() for authldap plugin
Conflicts:
inc/common.php
show more ...
|
| #
5e9e1054 |
| 26-Sep-2014 |
Andreas Gohr <andi@splitbrain.org> |
do not allow empty passwords
When a username but no password is submitted, the login is denied right
away instead of relying on the backend to refuse the login.
|