changed all input type=submit buttons to button type=submit button for better stylability

Changes for PHP 7 Compatibility
- replace PHP4 style class constructor function names (based on
class name) with php 5 __construct()
Also remove some '&' reference operators used with objects
And a

Changes for PHP 7 Compatibility
- replace PHP4 style class constructor function names (based on
class name) with php 5 __construct()
Also remove some '&' reference operators used with objects
And add some object type hints

show more ...

SECURITY escape user properties in user manager #1081

The user properties (login, real name, etc) where not properly escaped
in the user manager's edit form. This allowed a XSS attack on the
superus

SECURITY escape user properties in user manager #1081

The user properties (login, real name, etc) where not properly escaped
in the user manager's edit form. This allowed a XSS attack on the
superuser by registered users.

Thanks to Filippo Cavallarin from www.segment.technology for discovering
this bug.

show more ...

Disable the ``last`` button when filtering groups

Since we cannot effectively filter for groups and have to work with
incremental prefetching, the ``last`` button is mostly broken/buggy.
Hence it is

Disable the ``last`` button when filtering groups

Since we cannot effectively filter for groups and have to work with
incremental prefetching, the ``last`` button is mostly broken/buggy.
Hence it is disabled in this usecase.

show more ...

Create and use ad search for user, name and email

more PHPDocs, unused var, small bit code reformatting

more scrutinizer issue improvements

use empty() where array values might not be set

correct mis-spelled var name and correct empty password fields test

user global strings for password confirmation prompt & error

add password confirmation field when setting password in the usermanager

add braces and indentation per coding standards

fixes possibility of a user password change being sent out when a password couldn't be/wasn't changed

Per FS#2884, implement a local version of str_getcsv() to maintain
compatibility with php 5.2.x (str_getcsv() is only available in
php 5.3+ and is used by user manager import feature.

Improvements to facilitate unit testing
- don't die at end of _export()
- internal classs wrapper method for is_uploaded_file() to allow
overriding for use under cli & without having to upload a fi

Improvements to facilitate unit testing
- don't die at end of _export()
- internal classs wrapper method for is_uploaded_file() to allow
overriding for use under cli & without having to upload a file

show more ...

MINOR: comment spelling corrections

IMPROVEMENT: remove generated password from import failure data

Bugfix: correct variable name to

Merge pull request #348 from splitbrain/candochecksUsermanager

Cando check and localization improvements of usermanager

change visibility of private to protected

Use ->cleanUser everywhere in usermanager. Fixes FS#2849
Some auth backend have bad cleaning, but that is responsibility of these.

Move strings to language files. Fix lang key

Improve PHPDocs and set visibility explicitly

Use zero when getUserCount is unsupported. Fixes FS#2353

Fix CodeSniffer whitespace violoations

Removed extraneous whitespace to eliminate errors reported by the
Squiz.WhiteSpace.SuperfluousWhitespace sniff.