Deon George
226a76d5fc
Re-apply d15bd2dab
2023-04-02 10:42:25 +10:00
Deon George
a0117e4ad8
Mandatory function arguments must be listed before optional ones. Alternate fix for 3a75a32
2023-04-02 10:42:25 +10:00
Deon George
3bfd55de08
Revert "Mandatory function arguments must be listed before optional ones."
...
This reverts commit 3a75a32100
2023-04-02 10:42:25 +10:00
Deon George
d1dae60f05
get_magic_quotes_gpc() was deprecrated as of PHP 7.4
2023-04-02 10:42:25 +10:00
Deon George
f29e200b96
Revert "Do not call get_magic_quote_gpc() when running in PHP version >= 5.4."
...
This reverts commit 3ec9c23d58
2023-04-02 10:42:25 +10:00
Deon George
e5aa9eb1e7
each() deprecated in php 7.2
2023-04-02 10:42:25 +10:00
30abeffc30
Fix for Implicit conversion from float 0.75 in createlm - fixes #193
2023-04-02 00:58:00 +11:00
Deon George
d4b19d07db
Updated version to 1.2.6.6
2023-04-02 00:46:16 +11:00
Deon George
85f8c61e80
Fix for Setting of IV length for AEAD mode failed - closes #183
2023-04-02 00:36:15 +11:00
Deon George
1650d6a921
Another fix for CVE-2020-35132 - closes #137 , missed from #130
2023-04-02 00:25:47 +11:00
c84b2d6d91
Updated version to 1.2.6.5
2023-02-15 17:36:15 +11:00
ef8d0ce94c
Fix mistake in patch #176 as identified in #170
2023-02-15 17:33:47 +11:00
15cc6f5382
Issue #165 Proper check for memory_limit config ( #180 )
...
* fix #165 : Handle shorthand notation for PHP memory_limit check
* fix config default memory threshold.
2023-02-15 17:24:19 +11:00
364c0565a2
don't apply preventXSS on 'filter' parameters in export and search ( #168 )
...
fixes #98
2023-01-20 20:08:49 +11:00
d09aa72a42
Inactivity message format fix ( #171 )
2023-01-20 20:08:07 +11:00
7226cea874
#170 - issue - openssl 3.0 patch ( #176 )
...
* Updated README with info on PLA v2
* Fix broken git command in readme - closes #124
* #170 - issue - openssl 3.0 patch
Co-authored-by: Deon George <deon@leenooks.net>
2023-01-20 20:06:44 +11:00
d15bd2dab3
Don't do any decoding on the password field ( #163 )
...
Fixes #162
2022-08-18 10:44:43 +10:00
43bac58990
Add support of argon2i & argon2id password hash types
...
Closes pull-request #158
2022-08-05 10:49:10 +10:00
9488fe2ed7
Avoid passing a null value to PHP functions where another type is expected.
...
PHP 8.1 deprecates this feature.
Closes pull-request #149 and closes #150
2022-08-05 10:48:56 +10:00
5e9b95f9a8
Avoid 32-bit signed integer overflow in Blowfish computations.
...
PHP 8.1 deprecates float to int truncation.
2022-08-05 10:48:56 +10:00
aeebf3faa6
Replace calls to strftime() by calls to date().
...
PHP 8.1 deprecates strftime().
2022-08-05 10:48:56 +10:00
b035e8a0f4
Do not use function is_resource().
...
PHP 8.1 replaces some kind of resources by built-in class instances.
As is_resource() is always used to test for failures, replace calls by
simple Boolean checks.
2022-08-05 10:48:56 +10:00
f129579f45
Adapt app_error_handler() to PHP 8.
...
In an '@ error suppression context, PHP 8 error_reporting() no longer
returns 0 but an error mask of errors that cannot be supressed and
passes the effective error number to the error handler (instead of 0).
Adapt the test in a compatible way.
2022-08-05 10:48:56 +10:00
c90dc06af2
Rename class Attribute to PLAAttribute.
...
As PHP 8 introduces a built-in Attribute class, a name clash occurs
without this commit.
Class names are used by the Visitor class to dynamically build method
names. To avoid having to also rename the target methods, a class name
mapping is introduced for this purpose. This map may be augmented
whenever another similar case occurs.
2022-08-05 10:48:56 +10:00
3a75a32100
Mandatory function arguments must be listed before optional ones.
...
PHP 8 deprecates the ability to have
function whatever($arg1, $arg2='something', $arg3)
This commit reorders arguments of functions set_cached_item() and
draw_jpeg_photo() to meet this new requirement.
2022-08-05 10:48:56 +10:00
3ec9c23d58
Do not call get_magic_quote_gpc() when running in PHP version >= 5.4.
...
This deprecated function has been removed in PHP 8.
2022-08-05 10:48:56 +10:00
857f0c539c
sanity-fix: gettext and session mod check
...
Closes pull-request #152
2022-08-05 10:48:56 +10:00
97eed9d9cd
Prevent strftime overflow on 32 bit systems
...
Fixes "strftime() expects parameter 2 to be integer, float given"
Closes pull request #156 and closes #155
2022-08-05 10:48:31 +10:00
d4cae5065b
Updated version to 1.2.6.3
2021-12-12 13:35:51 +11:00
386d6ab83b
Fix syntax error created by a0de69b - thanks to Bert Van de Poel for testing this and identifying the error
2021-12-12 13:25:28 +11:00
1d26d435c2
Special character issue in password - closes #104
2021-12-10 16:14:04 +11:00
a0de69bd58
foreach error in lib_ldap_pla.php:checkUniqueAttrs when uidpool is turned on - closes #20
2021-12-10 16:05:01 +11:00
a8c9abe22b
Add option to list available password types - closes #143
2021-12-10 15:56:58 +11:00
1c7340ce48
Correct incorrent mixing of tabs and spaces.
...
All code (including code originating from the blowfish PR) now correctly use tabs. Spaces are only used for alignment in comments where necessary.
2021-12-10 15:18:26 +11:00
24ce5d5833
Replace salt function with a more modern, cryptographically secure pseudo-random method
...
Set minimum PHP version to 7.0.0 for random_bytes
2021-12-10 15:18:18 +11:00
fe3798f8ec
Modernize sha1 and md5 password hash and check functions: remove unnecessary pack, no longer use very old fallbacks, and use random_salt
2021-12-10 15:18:09 +11:00
1a09e4ff3c
Modernize sha512 hash code: replace openssl_digest with the generic hash function, remove check no longer necessary in minimum version
2021-12-10 15:18:01 +11:00
bc1691f5d2
Add hash support for ssha512
2021-12-10 15:17:54 +11:00
54bb4743aa
Add hash support for salted and non-salted sha256 and sha384 (therefore adding full support for all hashes in the sha2 openLDAP module)
2021-12-10 15:17:43 +11:00
46cc4a1b13
Take into account empty arguments
...
If no argument is given to the function call, don't try to pass an empty array as some php functions don't allow arguments (like the time function)
2021-12-10 15:09:18 +11:00
45aa1e5208
Added script comment for the Autofill A flag
2021-12-10 15:06:36 +11:00
02b047c1f5
Bug fix: typo in regex
2021-12-10 15:06:36 +11:00
6d4aff8733
Added optional delimiter to /K autofill function
2021-12-10 15:06:36 +11:00
00683b3ea7
Added TLS client certificate support
...
Adds configuration for TLS client certificates to secure TLS connection
(requires PHP 7.1+ to use).
Updates use of ldap_set_option to report errors if settings fail.
Modifies connection logic to fail if connection preparation fails
(eg. to avoid connections over insecure links if requested TLS fails).
2021-12-10 15:02:31 +11:00
da69ebf06a
Added SASL EXTERNAL authentication support
...
New auth_type 'sasl_external'. Login is hard coded as 'external'
2021-12-10 14:59:02 +11:00
a8fe6f3274
Revert part of 0b657471 to fix #105 - Problem with member select list to goun
2020-09-23 10:13:11 +10:00
0c334f0385
Fix for issue #103 - hexdec() causes an deprecation notice when invalid chars are used
2020-09-19 17:09:29 +10:00
9fac4b415a
Release 1.2.6
2020-09-19 13:45:09 +10:00
f4c8c3d31e
SF Bug #1008 getContainerPath doesn't properly traverse to baseDN and back & #1009 - return_ldap_hash should not return container object in result set
2020-08-31 08:49:02 +10:00
e45e71fd08
SF Feature #356 - HTMLTree icons formatting
2020-08-31 08:48:49 +10:00
Deon George
Deon George
Eric Lavault
bendem
jmptbl
Klaus Tachtler
Benjamin Renard
Patrick Monnerat
KuhnChris
Andrés Maldonado
EtienneBarbier
Bert Van de Poel
Franky Van Liedekerke
Maarten
Scott Shambarger
Nic Bernstein
Andy Beefeater