Eric Lippmann
67929064cc
Merge pull request #3526 from Icinga/fix/some-xss-vulnerabilities
...
Fix some XSS vulnerabilities
2018-07-16 09:58:23 +02:00
Eric Lippmann
11f1a287ab
Merge pull request #3519 from Icinga/fix/mysql-ssl-connection-error-brings-up-no-explanation-3249
...
Pdo\Abstract: Properly handle incomplete error messages
2018-07-16 09:56:26 +02:00
Johannes Meyer
84622bf27b
Fix some XSS vulnerabilities
...
Only a real issue with <= IE9 as other browsers properly escape
urls prior transmission.
Signed-off-by: Eric Lippmann <eric.lippmann@icinga.com>
2018-07-16 09:53:30 +02:00
Johannes Meyer
bf5c6a56b3
Revert "Fix some XSS vulnerabilities"
...
Accidentally pushed. Should re-enter with #3521 .
2018-07-11 16:37:39 +02:00
Johannes Meyer
b97933a146
Fix some XSS vulnerabilities
...
Only a real issue with <= IE9 as other browsers properly escape
urls prior transmission.
2018-07-11 13:10:57 +02:00
Johannes Meyer
44bfdd3986
Pdo\Abstract: Properly handle incomplete error messages
...
fixes #3249
2018-07-10 14:54:28 +02:00
Eric Lippmann
6cddd6beed
Merge pull request #3508 from Icinga/fix/filter-entries-are-deleted-when-pushing-enter-3454
...
FilterEditor: Add a hidden submit button to the start of the form's m…
2018-07-10 09:28:35 +02:00
Eric Lippmann
b88c6b0a6e
Merge pull request #3516 from Icinga/feature/application-state-hook
...
Application state hook
2018-07-10 09:14:26 +02:00
Eric Lippmann
47405127d0
Add config to hide/show pplication state messages
...
refs #2835
2018-07-09 16:28:28 +02:00
Eric Lippmann
d18d05ccee
Introduce ApplicationStateHook
...
refs #2835
2018-07-09 16:28:25 +02:00
Eric Lippmann
303637df3c
Merge pull request #3452 from Icinga/feature/drop-php-lt-56-support
...
Drop support for PHP < 5.6
2018-07-09 09:18:18 +02:00
Johannes Meyer
6e6251604b
FilterEditor: Add a hidden submit button to the start of the form's markup
...
When pushing enter our JS mimics what a browser would do. And that is
pushing the first submit button found in the form. Without this, that's
a delete button of the first logical junction. (the root condition)
fixes #3454
2018-07-06 10:41:49 +02:00
Eric Lippmann
189b519135
Merge pull request #3486 from Icinga/fix/request-parses-json-without-respecting-content-type-3484
...
Fix that Request parses json without respecting content type
2018-07-05 13:19:27 +02:00
Johannes Meyer
1f677e64f6
ActionController: Force HTTP redirects in method redirectHttp()
...
That's what its name implies, right? The counterpart is redirectXhr(),
which does still its job. redirectNow() on the other hand is for the
lazy people.
2018-07-04 14:44:03 +02:00
Johannes Meyer
8cbff87af1
Request: Parse the POST body only as JSON if it's really JSON
...
refs #3484
2018-07-04 11:09:11 +02:00
Johannes Meyer
842e5603a1
Request: Introduce method extractMediaType
...
refs #3484
2018-07-04 11:09:11 +02:00
Eric Lippmann
8990d6f46e
Drop support for PHP < 5.6
2018-07-03 13:11:36 +02:00
Eric Lippmann
d6c4df7a5d
Use password_hash and password_verify
2018-07-03 13:08:06 +02:00
Eric Lippmann
faaff42096
Revert "Introduce PasswordHelper for safer passwords"
...
This reverts commit f57277aa96
.
Since we're dropping PHP support for versions lower than 5.6 this class is no longer necessary.
2018-07-03 13:08:06 +02:00
Eric Lippmann
966148e8f0
Merge pull request #3463 from kobmaki/feature/Allow-to-interface-with-sqlite-databases-3381
...
Support SQLite resources
2018-06-28 11:42:00 +02:00
Eric Lippmann
0433dc4166
Bootstrap modules at last
...
We initialize modules before we set up the user backend and other
singletons. But modules may access those in order to check the
permissions of the authenticated user for example. With this fix,
modules are loaded once all other bootstrap tasks have been completed.
refs #3470
2018-06-27 09:52:00 +02:00
Uwe Ebel
4b5cf47cce
Introduce SQLite resource type
...
refs #3381
Signed-off-by: Eric Lippmann <eric.lippmann@icinga.com>
2018-06-27 09:40:22 +02:00
Eric Lippmann
c633c86db7
Merge pull request #3480 from Icinga/fix/revert-persistent-db-connections
...
No longer support persistent database connections
2018-06-27 09:36:37 +02:00
Eric Lippmann
fdd791974d
Update Parsedown
2018-06-25 16:07:47 +02:00
Eric Lippmann
66132c330a
Update JShrink
2018-06-25 16:05:36 +02:00
Eric Lippmann
46907735fe
Update HTMLPurifier
2018-06-25 16:04:10 +02:00
Eric Lippmann
e55ac3e4a2
Update dompdf deps
2018-06-25 16:01:06 +02:00
Eric Lippmann
4d42c043e4
Remove traces of persistent db connections
2018-06-22 15:36:46 +02:00
Eric Lippmann
af35794006
Revert "lib/db: Allow to configure persistent connections"
...
This reverts commit 4763b6b20a
.
2018-06-22 14:43:32 +02:00
Eric Lippmann
6f1d8668a0
Fix line exceeds 120 characters
2018-06-22 11:04:48 +02:00
Alexander A. Klimov
ee60a8df99
Don't let AutoRefreshForm handle API requests
...
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov
235e75d054
Form: handle API requests as expected
...
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov
880a0a254f
DateTimePicker: support *nix timestamps
...
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov
a444b8adf5
Request: support JSON as POST data format
...
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov
73473a3bb9
Fix tests
...
refs #2635
2018-06-22 09:57:10 +02:00
Alexander A. Klimov
906c1668a4
Split Json::encode() into Json::encode() and Json::sanitize()
...
refs #2635
2018-06-21 16:01:53 +02:00
Alexander A. Klimov
02b60633ff
Auto-sanitize only in the monitoring module
...
refs #2635
2018-06-20 18:05:12 +02:00
Alexander A. Klimov
1a94a21263
Prefer Json::encode() over json_encode()
...
refs #2635
2018-06-20 18:05:11 +02:00
Alexander A. Klimov
9219cea776
Json::encode(): auto-sanitize bad UTF-8 strings
...
refs #2635
2018-06-20 18:05:11 +02:00
Johannes Meyer
3f66bd7437
Auth: Log login/logout activities to the audit log
...
refs #2563
2018-06-08 14:21:15 +02:00
Johannes Meyer
9da9f1237d
Introduce class Icinga\Application\Hook\AuditHook
...
refs #2584
2018-06-08 14:21:15 +02:00
Eric Lippmann
96303f53f8
Merge pull request #3213 from Icinga/feature/drop-php-5-3-support
...
Drop PHP 5.3 support
2018-05-08 03:03:36 -04:00
Eric Lippmann
4bea67e756
Merge pull request #3315 from Icinga/bugfix/php-7-2-support-3185
...
Don't call session_start() after ini_set()
2018-05-07 05:44:52 -04:00
Alexander A. Klimov
fc1f6e13ab
Drop PHP 5.3 support
2018-05-07 11:36:54 +02:00
Eric Lippmann
60295f3407
Merge pull request #3443 from Icinga/fix/search-over-customvars-results-in-sql-error-2508
...
Fix search over customvars results in sql error 2508
2018-05-07 04:18:22 -04:00
Johannes Meyer
cbc77cb7b2
Web: Implement method getMenu() using Icinga\Web\Menu and deprecate it
...
refs #2338
2018-04-30 10:30:58 +02:00
Johannes Meyer
71cb682832
Re-introduce class Icinga\Web\Menu
...
refs #2338
2018-04-30 10:24:57 +02:00
Johannes Meyer
c3b19996f8
DbConnection: Introduce method getConfig()
...
refs #2508
2018-04-27 15:30:04 +02:00
Johannes Meyer
1b15048636
Drop obsolete Icinga\Web\Menu classes
...
refs #2338
2018-04-27 14:28:20 +02:00
Johannes Meyer
571b34c8cd
Drop obsolete class Icinga\Web\Menu\BadgeMenuItemRenderer
...
refs #2338
2018-04-27 14:11:03 +02:00