|
|
e7ae0845d8
|
Set PHPSESSID cookie as HTTP-only
|
2013-09-13 15:56:06 +04:00 |
|
|
|
0cfb7a74f5
|
Fix multiple potential filepath manipulation vulnerabilities
|
2013-09-13 15:26:54 +04:00 |
|
|
|
84467fbb8d
|
Restrict opening of files outside the Mibew installation
|
2013-09-13 14:34:59 +04:00 |
|
|
|
afa06b21e2
|
Bug fix
Properly check file handler before making use of it in common.php
|
2013-09-13 14:34:32 +04:00 |
|
|
|
6747e2f557
|
Improve algorithm of setting and storing locale setting
|
2013-09-13 13:36:04 +04:00 |
|
|
|
2559630e8f
|
Add verification of values of the default and home locales
|
2013-09-11 20:18:26 +04:00 |
|
|
|
097ee2b0d9
|
Fix files' permissions
|
2013-09-11 19:35:17 +04:00 |
|
|
|
50c0b50abf
|
Sanitize database tables prefix
|
2013-09-10 19:10:26 +04:00 |
|
|
|
b42f5bdd0d
|
Sanitize path to application and remove extra slashes from it
|
2013-09-10 17:28:22 +04:00 |
|
|
|
92847d1a52
|
Fix multiple (potential) SQL Injections
|
2013-09-10 16:21:34 +04:00 |
|
|
|
2532f3bc01
|
Enable default conversion of single quotes during HTML entities conversion
|
2013-09-06 17:08:27 +04:00 |
|
|
|
0f86f558ec
|
Fix HTML attributes markup
|
2013-09-06 15:34:42 +04:00 |
|
|
|
9aef0fb2d4
|
Fix multiple XSS vulnerabilities (including CVE-2012-0829)
|
2013-09-06 14:31:07 +04:00 |
|
Dmitriy Simushev
|
3ee7fca025
|
Add captcha to pre-chat survey
|
2013-08-28 12:33:25 +04:00 |
|
|
|
32b9ba862b
|
Update db and features versions
|
2013-07-24 15:50:00 +04:00 |
|
Evgeny Gryaznov
|
4f483abe26
|
Merge branch 'v1.6.x'
|
2013-03-06 22:52:38 +01:00 |
|
Evgeny Gryaznov
|
7bdd14c790
|
remove eclipse files; update version to 1.6.5; fix headers
|
2013-03-06 22:32:31 +01:00 |
|
Evgeny Gryaznov
|
98aad6e490
|
apache 2 license in php headers
|
2013-03-06 22:22:53 +01:00 |
|
Evgeny Gryaznov
|
c50d60730c
|
fix move_uploaded_file errors
|
2013-03-05 00:03:39 +01:00 |
|
Evgeny Gryaznov
|
dd6632ffdf
|
format the code; remove comments in the client code; move csrfchecktoken() right after check_login()
|
2012-06-27 10:11:40 +02:00 |
|
YuFei Zhu
|
7f8b2fca89
|
update token methods to ensure csrf token is always get setted
|
2012-05-01 13:18:42 +01:00 |
|
YuFei Zhu
|
e4be5385ca
|
add csrf token check to avatar upload
|
2012-05-01 12:58:05 +01:00 |
|
YuFei Zhu
|
092ebd16ba
|
added auth token for delete offline messages check for csrf
|
2012-04-30 17:14:44 +01:00 |
|
YuFei Zhu
|
8abf075e2f
|
enable act=del url check for auth tokens for csrf attacks
|
2012-04-30 17:09:11 +01:00 |
|
YuFei Zhu
|
b84b439358
|
having token checks on POST forms
|
2012-04-30 16:41:55 +01:00 |
|
|
|
4bb79cb7cb
|
Fix bug in old threads cleansing
|
2012-03-14 22:26:44 +01:00 |
|
Dmitriy Simushev
|
323a7f2fcd
|
Added closing threads by timeout
|
2012-03-14 22:26:39 +01:00 |
|
Evgeny Gryaznov
|
035479f7a2
|
Merge branch v1.6.x into master
|
2012-03-12 01:05:44 +01:00 |
|
Evgeny Gryaznov
|
65b00240d3
|
redirect to profile page after first login; informational banner when password is blank; do not enforce password change; rename Home -> Dashboard
|
2011-04-15 01:43:03 +02:00 |
|
Haynes
|
68f0e13e09
|
This commit forces the User to set a password for the Administrator before doing anything else after the installation.
|
2011-04-15 01:40:01 +02:00 |
|
Evgeny Gryaznov
|
d02b113f93
|
redirect to profile page after first login; informational banner when password is blank; do not enforce password change; rename Home -> Dashboard
|
2011-04-15 01:38:43 +02:00 |
|
Haynes
|
aee46f9e2a
|
This commit forces the User to set a password for the Administrator before doing anything else after the installation.
|
2011-04-14 23:52:33 +02:00 |
|
Evgeny Gryaznov
|
5bba5ed824
|
extract libs/getcode.php, use google closure compiler
|
2011-04-07 10:09:10 +02:00 |
|
Evgeny Gryaznov
|
c053bfe283
|
removed .iml; modern tabs on group settings pages; beautifying code
|
2011-04-07 00:52:03 +02:00 |
|
Evgeny Gryaznov
|
79b37c720f
|
fix groupids in visitors update; fix DB error reporting in installer; smaller opaway/oponline image
|
2011-04-07 00:31:22 +02:00 |
|
Evgeny Gryaznov
|
9d9cbf7e81
|
code cleanup
|
2011-04-06 23:21:36 +02:00 |
|
Evgeny Gryaznov
|
20bcf3c1f5
|
code cleanup
|
2011-02-27 00:02:29 +01:00 |
|
Evgeny Gryaznov
|
f4e99a3d52
|
fix minor issues (link param, formatting)
|
2011-02-26 23:54:58 +01:00 |
|
Evgeny Gryaznov
|
03dec2afb2
|
format code
|
2011-02-26 23:48:41 +01:00 |
|
Evgeny Gryaznov
|
a90594235a
|
format code in libs/
|
2011-02-26 15:04:12 +01:00 |
|
Evgeny Gryaznov
|
693ece85fe
|
format code, fix minor issues (link param, etc.)
|
2011-02-26 14:57:23 +01:00 |
|
Evgeny Gryaznov
|
e160af13ef
|
use mysqlprefix in names of session vars
|
2011-02-26 14:43:30 +01:00 |
|
Evgeny Gryaznov
|
2bcffd5f4a
|
replace " . $mysqlprefix . " -> ${mysqlprefix}
|
2011-02-26 14:29:11 +01:00 |
|
Evgeny Gryaznov
|
b18085de38
|
$mysqlprefix variable added
|
2011-02-26 14:13:16 +01:00 |
|
Evgeny Gryaznov
|
00e9c651d5
|
"you are offline" notification box
|
2011-02-26 13:24:29 +01:00 |
|
Evgeny Gryaznov
|
2dd0839f0d
|
notify about new features
|
2011-02-26 13:15:35 +01:00 |
|
Evgeny Gryaznov
|
6bc85737cd
|
extract get_operator_groupslist -> libs/groups.php; optimize db access (connect once); disable spelling inspection
|
2011-02-26 12:57:56 +01:00 |
|
Evgeny Gryaznov
|
f3d38642c6
|
move generate_button -> getcode.php
|
2011-02-26 11:56:17 +01:00 |
|
Evgeny Gryaznov
|
acfd461617
|
fix XSS problem in leavemessage
|
2011-02-21 01:07:35 +01:00 |
|
Evgeny Gryaznov
|
7de97c2a68
|
apply patch by Andrew Armstrong: available operators list (revised); remove odd eval code in common.js; fix obfuscation
|
2011-02-21 01:02:39 +01:00 |
|
