Commit Graph

3688 Commits

Author SHA1 Message Date
Eric Lippmann 67929064cc
Merge pull request #3526 from Icinga/fix/some-xss-vulnerabilities
Fix some XSS vulnerabilities
2018-07-16 09:58:23 +02:00
Eric Lippmann 11f1a287ab
Merge pull request #3519 from Icinga/fix/mysql-ssl-connection-error-brings-up-no-explanation-3249
Pdo\Abstract: Properly handle incomplete error messages
2018-07-16 09:56:26 +02:00
Johannes Meyer 84622bf27b Fix some XSS vulnerabilities
Only a real issue with <= IE9 as other browsers properly escape
urls prior transmission.

Signed-off-by: Eric Lippmann <eric.lippmann@icinga.com>
2018-07-16 09:53:30 +02:00
Johannes Meyer bf5c6a56b3 Revert "Fix some XSS vulnerabilities"
Accidentally pushed. Should re-enter with #3521.
2018-07-11 16:37:39 +02:00
Johannes Meyer b97933a146 Fix some XSS vulnerabilities
Only a real issue with <= IE9 as other browsers properly escape
urls prior transmission.
2018-07-11 13:10:57 +02:00
Johannes Meyer 44bfdd3986 Pdo\Abstract: Properly handle incomplete error messages
fixes #3249
2018-07-10 14:54:28 +02:00
Eric Lippmann 6cddd6beed
Merge pull request #3508 from Icinga/fix/filter-entries-are-deleted-when-pushing-enter-3454
FilterEditor: Add a hidden submit button to the start of the form's m…
2018-07-10 09:28:35 +02:00
Eric Lippmann b88c6b0a6e
Merge pull request #3516 from Icinga/feature/application-state-hook
Application state hook
2018-07-10 09:14:26 +02:00
Eric Lippmann 47405127d0 Add config to hide/show pplication state messages
refs #2835
2018-07-09 16:28:28 +02:00
Eric Lippmann d18d05ccee Introduce ApplicationStateHook
refs #2835
2018-07-09 16:28:25 +02:00
Eric Lippmann 303637df3c
Merge pull request #3452 from Icinga/feature/drop-php-lt-56-support
Drop support for PHP < 5.6
2018-07-09 09:18:18 +02:00
Johannes Meyer 6e6251604b FilterEditor: Add a hidden submit button to the start of the form's markup
When pushing enter our JS mimics what a browser would do. And that is
pushing the first submit button found in the form. Without this, that's
a delete button of the first logical junction. (the root condition)

fixes #3454
2018-07-06 10:41:49 +02:00
Eric Lippmann 189b519135
Merge pull request #3486 from Icinga/fix/request-parses-json-without-respecting-content-type-3484
Fix that Request parses json without respecting content type
2018-07-05 13:19:27 +02:00
Johannes Meyer 1f677e64f6 ActionController: Force HTTP redirects in method redirectHttp()
That's what its name implies, right? The counterpart is redirectXhr(),
which does still its job. redirectNow() on the other hand is for the
lazy people.
2018-07-04 14:44:03 +02:00
Johannes Meyer 8cbff87af1 Request: Parse the POST body only as JSON if it's really JSON
refs #3484
2018-07-04 11:09:11 +02:00
Johannes Meyer 842e5603a1 Request: Introduce method extractMediaType
refs #3484
2018-07-04 11:09:11 +02:00
Eric Lippmann 8990d6f46e Drop support for PHP < 5.6 2018-07-03 13:11:36 +02:00
Eric Lippmann d6c4df7a5d Use password_hash and password_verify 2018-07-03 13:08:06 +02:00
Eric Lippmann faaff42096 Revert "Introduce PasswordHelper for safer passwords"
This reverts commit f57277aa96.

Since we're dropping PHP support for versions lower than 5.6 this class is no longer necessary.
2018-07-03 13:08:06 +02:00
Eric Lippmann 966148e8f0
Merge pull request #3463 from kobmaki/feature/Allow-to-interface-with-sqlite-databases-3381
Support SQLite resources
2018-06-28 11:42:00 +02:00
Eric Lippmann 0433dc4166 Bootstrap modules at last
We initialize modules before we set up the user backend and other
singletons. But modules may access those in order to check the
permissions of the authenticated user for example. With this fix,
modules are loaded once all other bootstrap tasks have been completed.

refs #3470
2018-06-27 09:52:00 +02:00
Uwe Ebel 4b5cf47cce Introduce SQLite resource type
refs #3381

Signed-off-by: Eric Lippmann <eric.lippmann@icinga.com>
2018-06-27 09:40:22 +02:00
Eric Lippmann c633c86db7
Merge pull request #3480 from Icinga/fix/revert-persistent-db-connections
No longer support persistent database connections
2018-06-27 09:36:37 +02:00
Eric Lippmann fdd791974d Update Parsedown 2018-06-25 16:07:47 +02:00
Eric Lippmann 66132c330a Update JShrink 2018-06-25 16:05:36 +02:00
Eric Lippmann 46907735fe Update HTMLPurifier 2018-06-25 16:04:10 +02:00
Eric Lippmann e55ac3e4a2 Update dompdf deps 2018-06-25 16:01:06 +02:00
Eric Lippmann 4d42c043e4 Remove traces of persistent db connections 2018-06-22 15:36:46 +02:00
Eric Lippmann af35794006 Revert "lib/db: Allow to configure persistent connections"
This reverts commit 4763b6b20a.
2018-06-22 14:43:32 +02:00
Eric Lippmann 6f1d8668a0 Fix line exceeds 120 characters 2018-06-22 11:04:48 +02:00
Alexander A. Klimov ee60a8df99 Don't let AutoRefreshForm handle API requests
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov 235e75d054 Form: handle API requests as expected
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov 880a0a254f DateTimePicker: support *nix timestamps
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov a444b8adf5 Request: support JSON as POST data format
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov 73473a3bb9 Fix tests
refs #2635
2018-06-22 09:57:10 +02:00
Alexander A. Klimov 906c1668a4 Split Json::encode() into Json::encode() and Json::sanitize()
refs #2635
2018-06-21 16:01:53 +02:00
Alexander A. Klimov 02b60633ff Auto-sanitize only in the monitoring module
refs #2635
2018-06-20 18:05:12 +02:00
Alexander A. Klimov 1a94a21263 Prefer Json::encode() over json_encode()
refs #2635
2018-06-20 18:05:11 +02:00
Alexander A. Klimov 9219cea776 Json::encode(): auto-sanitize bad UTF-8 strings
refs #2635
2018-06-20 18:05:11 +02:00
Johannes Meyer 3f66bd7437 Auth: Log login/logout activities to the audit log
refs #2563
2018-06-08 14:21:15 +02:00
Johannes Meyer 9da9f1237d Introduce class Icinga\Application\Hook\AuditHook
refs #2584
2018-06-08 14:21:15 +02:00
Eric Lippmann 96303f53f8
Merge pull request #3213 from Icinga/feature/drop-php-5-3-support
Drop PHP 5.3 support
2018-05-08 03:03:36 -04:00
Eric Lippmann 4bea67e756
Merge pull request #3315 from Icinga/bugfix/php-7-2-support-3185
Don't call session_start() after ini_set()
2018-05-07 05:44:52 -04:00
Alexander A. Klimov fc1f6e13ab Drop PHP 5.3 support 2018-05-07 11:36:54 +02:00
Eric Lippmann 60295f3407
Merge pull request #3443 from Icinga/fix/search-over-customvars-results-in-sql-error-2508
Fix search over customvars results in sql error 2508
2018-05-07 04:18:22 -04:00
Johannes Meyer cbc77cb7b2 Web: Implement method getMenu() using Icinga\Web\Menu and deprecate it
refs #2338
2018-04-30 10:30:58 +02:00
Johannes Meyer 71cb682832 Re-introduce class Icinga\Web\Menu
refs #2338
2018-04-30 10:24:57 +02:00
Johannes Meyer c3b19996f8 DbConnection: Introduce method getConfig()
refs #2508
2018-04-27 15:30:04 +02:00
Johannes Meyer 1b15048636 Drop obsolete Icinga\Web\Menu classes
refs #2338
2018-04-27 14:28:20 +02:00
Johannes Meyer 571b34c8cd Drop obsolete class Icinga\Web\Menu\BadgeMenuItemRenderer
refs #2338
2018-04-27 14:11:03 +02:00