Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-03-22 18:11:23 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
927 Commits 3 Branches 63 Tags 20 MiB
0cfb7a74f5
Commit Graph

189 Commits

Author SHA1 Message Date
Fedor A. Fetisov
0cfb7a74f5 Fix multiple potential filepath manipulation vulnerabilities 2013-09-13 15:26:54 +04:00
Fedor A. Fetisov
097ee2b0d9 Fix files' permissions 2013-09-11 19:35:17 +04:00
Fedor A. Fetisov
f26af7f05d Make headers more safe 2013-09-10 17:41:54 +04:00
Fedor A. Fetisov
92847d1a52 Fix multiple (potential) SQL Injections 2013-09-10 16:21:34 +04:00
Fedor A. Fetisov
2532f3bc01 Enable default conversion of single quotes during HTML entities conversion 2013-09-06 17:08:27 +04:00
Fedor A. Fetisov
03265a1fb0 Fix multiple CSRF vulnerabilities 2013-09-06 14:32:25 +04:00
Fedor A. Fetisov
9aef0fb2d4 Fix multiple XSS vulnerabilities (including CVE-2012-0829) 2013-09-06 14:31:07 +04:00
Dmitriy Simushev
3ee7fca025 Add captcha to pre-chat survey 2013-08-28 12:33:25 +04:00
Evgeny Gryaznov
13ca97f10d update headers 2013-03-06 22:56:55 +01:00
Evgeny Gryaznov
4f483abe26 Merge branch 'v1.6.x' 2013-03-06 22:52:38 +01:00
Evgeny Gryaznov
98aad6e490 apache 2 license in php headers 2013-03-06 22:22:53 +01:00
Evgeny Gryaznov
c50d60730c fix move_uploaded_file errors 2013-03-05 00:03:39 +01:00
Evgeny Gryaznov
dd6632ffdf format the code; remove comments in the client code; move csrfchecktoken() right after check_login() 2012-06-27 10:11:40 +02:00
YuFei Zhu
2d04bbe4ee add csrf token to translate view 2012-05-01 13:21:49 +01:00
YuFei Zhu
22916ce8a0 add csrf token to performance and features views 2012-05-01 13:20:03 +01:00
YuFei Zhu
e3b8848f78 update comment for avatar csrf, and add csrf token check to permission page 2012-05-01 13:02:34 +01:00
YuFei Zhu
e4be5385ca add csrf token check to avatar upload 2012-05-01 12:58:05 +01:00
YuFei Zhu
092ebd16ba added auth token for delete offline messages check for csrf 2012-04-30 17:14:44 +01:00
YuFei Zhu
8abf075e2f enable act=del url check for auth tokens for csrf attacks 2012-04-30 17:09:11 +01:00
YuFei Zhu
b84b439358 having token checks on POST forms 2012-04-30 16:41:55 +01:00
Evgeny Gryaznov
1ab3efb86f login & reset password pages: default value for login where possible; update ru 2012-03-14 22:26:44 +01:00
Dmitriy Simushev
7b35045f06 Fixed the bug related with the need to enter passwords when you change the profile of any operator. 2012-03-14 22:26:44 +01:00
Dmitriy Simushev
323a7f2fcd Added closing threads by timeout 2012-03-14 22:26:39 +01:00
Evgeny Gryaznov
035479f7a2 Merge branch v1.6.x into master 2012-03-12 01:05:44 +01:00
Evgeny Gryaznov
701c8e2251 fix encoding in operators list 2012-03-12 00:16:00 +01:00
Evgeny Gryaznov
9780210973 fix encoding in operators list 2011-04-21 00:44:04 +02:00
Evgeny Gryaznov
65b00240d3 redirect to profile page after first login; informational banner when password is blank; do not enforce password change; rename Home -> Dashboard 2011-04-15 01:43:03 +02:00
Haynes
68f0e13e09 This commit forces the User to set a password for the Administrator before doing anything else after the installation. 2011-04-15 01:40:01 +02:00
Evgeny Gryaznov
d02b113f93 redirect to profile page after first login; informational banner when password is blank; do not enforce password change; rename Home -> Dashboard 2011-04-15 01:38:43 +02:00
Haynes
aee46f9e2a This commit forces the User to set a password for the Administrator before doing anything else after the installation. 2011-04-14 23:52:33 +02:00
Evgeny Gryaznov
5bba5ed824 extract libs/getcode.php, use google closure compiler 2011-04-07 10:09:10 +02:00
Evgeny Gryaznov
79b37c720f fix groupids in visitors update; fix DB error reporting in installer; smaller opaway/oponline image 2011-04-07 00:31:22 +02:00
Evgeny Gryaznov
1700b128b0 fix theme preview; fix bottom anchor in chat.js 2011-04-06 23:43:50 +02:00
Evgeny Gryaznov
acc86b9221 ability to override notification email for group 2011-04-06 23:32:29 +02:00
Evgeny Gryaznov
4516fabf62 fix theme preview; fix bottom anchor in chat.js 2011-03-30 00:01:04 +02:00
Evgeny Gryaznov
dd595fc4f7 ability to override notification email for group 2011-03-01 23:56:27 +01:00
Evgeny Gryaznov
3d368c6783 fix session using for installations with prefix 2011-02-27 00:11:08 +01:00
Evgeny Gryaznov
f4e99a3d52 fix minor issues (link param, formatting) 2011-02-26 23:54:58 +01:00
Evgeny Gryaznov
03dec2afb2 format code 2011-02-26 23:48:41 +01:00
Evgeny Gryaznov
0c58691731 format code in operator/ 2011-02-26 15:06:19 +01:00
Evgeny Gryaznov
693ece85fe format code, fix minor issues (link param, etc.) 2011-02-26 14:57:23 +01:00
Evgeny Gryaznov
e160af13ef use mysqlprefix in names of session vars 2011-02-26 14:43:30 +01:00
Evgeny Gryaznov
2bcffd5f4a replace " . $mysqlprefix . " -> ${mysqlprefix} 2011-02-26 14:29:11 +01:00
Evgeny Gryaznov
b18085de38 $mysqlprefix variable added 2011-02-26 14:13:16 +01:00
Evgeny Gryaznov
00e9c651d5 "you are offline" notification box 2011-02-26 13:24:29 +01:00
Evgeny Gryaznov
2dd0839f0d notify about new features 2011-02-26 13:15:35 +01:00
Evgeny Gryaznov
3ca088f197 fix & remove unused var 2011-02-26 13:09:46 +01:00
Evgeny Gryaznov
6bc85737cd extract get_operator_groupslist -> libs/groups.php; optimize db access (connect once); disable spelling inspection 2011-02-26 12:57:56 +01:00
Evgeny Gryaznov
f3d38642c6 move generate_button -> getcode.php 2011-02-26 11:56:17 +01:00
Evgeny Gryaznov
7443faf449 disable feature checkboxes for non-admin 2011-02-22 00:22:36 +01:00