Vincent Zanotti [Sat, 23 May 2009 21:00:00 +0000 (23:00 +0200)]
Adds a "SECURITY" file which will list our security bugfixes.
Initializes it with the last two holes we fixed.
This will allow me to write an automated tool that can disable working copies on murphy.m4x.org that have been left unattended for too long.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Mon, 18 May 2009 22:40:22 +0000 (00:40 +0200)]
Fixes the iGoogle gadget (invalid order of javascript includes).
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Mon, 18 May 2009 22:38:31 +0000 (00:38 +0200)]
Fixes an invalid use of a reference.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Sat, 16 May 2009 21:30:17 +0000 (23:30 +0200)]
Fixes the SUID session start for disabled users.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Sat, 16 May 2009 12:50:22 +0000 (14:50 +0200)]
Fixes the mass email deactivation used in the admin user edition page.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Tue, 12 May 2009 22:56:08 +0000 (00:56 +0200)]
Coerces the first name and last name of a registering user to what is stored in
the database.
Previously, a user could register with only parts of her full last name, and the
non-hruid email addresses would be computed from that user provided name.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Tue, 12 May 2009 00:12:19 +0000 (02:12 +0200)]
Fixes the email addresses used to inform participants to an event that they can now pay for it.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Mon, 20 Apr 2009 21:26:50 +0000 (23:26 +0200)]
Fixes the generation of hruid in the user mass-add system.
Updates to the latest version of core.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Mon, 20 Apr 2009 20:01:07 +0000 (22:01 +0200)]
Revert "Fixes the hruid generation when mass-importing a new promotion."
This reverts commit
1e865041b513cbdec96cfe155d9072e1546d4144.
Vincent Zanotti [Fri, 10 Apr 2009 00:02:55 +0000 (02:02 +0200)]
Fixes the hruid generation when mass-importing a new promotion.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Wed, 8 Apr 2009 12:14:05 +0000 (14:14 +0200)]
Properly handles the case where an admin search for a good looking IP-address that can't in facts be translated to its 32bits representation.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Sun, 5 Apr 2009 09:07:53 +0000 (11:07 +0200)]
Finally re-adds jquery.autocomplete.js to the tree, as our source is 403-ing us. The reason is that the autocomplete plugin is now official; we can't use it directly though, as our code is not yet compatible with this new updated version.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Vincent Zanotti [Thu, 19 Mar 2009 00:04:12 +0000 (01:04 +0100)]
Fixes notification email on removal of "nom d'usage" -- the email was sent to the former bestalias email address.
Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
Florent Bruneau [Mon, 23 Feb 2009 12:36:19 +0000 (13:36 +0100)]
****** pmwiki.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 21 Feb 2009 21:05:47 +0000 (22:05 +0100)]
Fix core version.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 21 Feb 2009 08:23:20 +0000 (09:23 +0100)]
Avoid null gids.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Vincent Zanotti [Wed, 18 Feb 2009 12:38:48 +0000 (13:38 +0100)]
Adds a missing XSRF token on Xnet's directory synchronization page.
Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Florent Bruneau [Sun, 15 Feb 2009 09:30:45 +0000 (10:30 +0100)]
Fix a SQL injection vulnerability on a public page o_O.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 7 Feb 2009 00:18:13 +0000 (01:18 +0100)]
Resurrect events/rss.tpl and xnetgrp/announce-rss.tpl that were lost in a
bad conflict resolution some times ago.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Olivier Le Floch [Sat, 31 Jan 2009 12:46:15 +0000 (13:46 +0100)]
Fix vcard for users that don't have a pro address.
Signed-off-by: Olivier Le Floch <olivier.le-floch@polytechnique.org>
Florent Bruneau [Fri, 23 Jan 2009 21:27:12 +0000 (22:27 +0100)]
Missing hook for csv export of xnetlists.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Stéphane Jacob [Sun, 18 Jan 2009 23:19:22 +0000 (00:19 +0100)]
Fixes SQL error in event's alias creation.
Florent Bruneau [Wed, 14 Jan 2009 22:09:58 +0000 (23:09 +0100)]
Fix SQL error.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Wed, 14 Jan 2009 22:05:48 +0000 (23:05 +0100)]
Log disconnection only if the user is logged.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Mon, 12 Jan 2009 08:35:35 +0000 (09:35 +0100)]
Fix SQL error in watch_nonins.
This is not a really fix, it only ignores the error (the entry is added
twice).
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Stéphane Jacob [Fri, 9 Jan 2009 14:25:47 +0000 (15:25 +0100)]
Fixes Xisation of people whose names contain a - in .net.
Stéphane Jacob [Wed, 7 Jan 2009 16:14:48 +0000 (17:14 +0100)]
Fixes duplicated key when adding a new membre in .net.
Florent Bruneau [Mon, 5 Jan 2009 20:07:21 +0000 (21:07 +0100)]
Fix registration.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Vincent Zanotti [Mon, 5 Jan 2009 19:00:17 +0000 (20:00 +0100)]
Adds missing include in modules/admin.
Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Stéphane Jacob [Sun, 4 Jan 2009 10:35:59 +0000 (11:35 +0100)]
Fixes group search query.
Vincent Zanotti [Sat, 3 Jan 2009 13:33:57 +0000 (14:33 +0100)]
Fixes plat/al's feeds. Feed handlers were using an User object as a numerical id.
Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Florent Bruneau [Tue, 30 Dec 2008 20:10:06 +0000 (21:10 +0100)]
Don't add adresses to remove.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Stéphane Jacob [Mon, 29 Dec 2008 16:36:42 +0000 (17:36 +0100)]
Fixes the reminding interface for people who have not completed their registration.
Florent Bruneau [Mon, 29 Dec 2008 15:46:39 +0000 (16:46 +0100)]
Should fix key collision in sync from AX.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sun, 28 Dec 2008 21:18:09 +0000 (22:18 +0100)]
Fix set_bogo_level and set_options.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sun, 28 Dec 2008 20:59:48 +0000 (21:59 +0100)]
Quick and ugly fix to avoid key collision on medal request insertion.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Raphaël Barrois [Mon, 17 Nov 2008 10:22:27 +0000 (11:22 +0100)]
Updated text on the password/smtp page
It was unclear whether it was possible or not to use the same
password as for the connexion.
Florent Bruneau [Sun, 21 Dec 2008 14:42:13 +0000 (15:42 +0100)]
Security fix: don't rely on sql queries forged by a service we don't
control.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Vincent Zanotti [Sun, 21 Dec 2008 14:14:03 +0000 (15:14 +0100)]
Switch plat/al to restricted mode by default, and enables the per-uri robots.txt-based disallowing.
Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Florent Bruneau [Sun, 21 Dec 2008 13:55:54 +0000 (14:55 +0100)]
Should avoid 'empty' countries in geoloc.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 20 Dec 2008 17:06:46 +0000 (18:06 +0100)]
Use last core (SQL error logger).
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Stéphane Jacob [Sat, 20 Dec 2008 15:54:57 +0000 (16:54 +0100)]
Fixes event creation when there are X that are not in Xorg in the group.
Florent Bruneau [Thu, 18 Dec 2008 22:28:29 +0000 (23:28 +0100)]
Use last version of core (fix critical bug in wiki permissions).
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Thu, 18 Dec 2008 07:42:38 +0000 (08:42 +0100)]
Fix list creation.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Wed, 17 Dec 2008 20:51:27 +0000 (21:51 +0100)]
Fix some logging issues again.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Wed, 17 Dec 2008 11:25:11 +0000 (12:25 +0100)]
Another syntax error.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Wed, 17 Dec 2008 09:53:11 +0000 (10:53 +0100)]
Fix syntax error.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Tue, 16 Dec 2008 14:50:04 +0000 (15:50 +0100)]
Fix invalid query.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Stéphane Jacob [Mon, 15 Dec 2008 21:57:46 +0000 (22:57 +0100)]
Fixes aliases creation.
Stéphane Jacob [Mon, 15 Dec 2008 19:38:07 +0000 (20:38 +0100)]
PlLogger should be replaced by S::logger() (shorter version).
Stéphane Jacob [Mon, 15 Dec 2008 19:10:14 +0000 (20:10 +0100)]
PlLogger should be replaced by S::logger().
Stéphane Jacob [Sat, 13 Dec 2008 18:11:55 +0000 (19:11 +0100)]
Gets rid of attachEvent.
Stéphane Jacob [Sat, 13 Dec 2008 17:21:29 +0000 (18:21 +0100)]
Fixes addition of activity sectors in mentor interface.
Florent Bruneau [Sat, 13 Dec 2008 12:42:56 +0000 (13:42 +0100)]
Login is more explicit than user_id.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 13 Dec 2008 11:47:33 +0000 (12:47 +0100)]
Fix double popup.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 13 Dec 2008 11:30:39 +0000 (12:30 +0100)]
Fix mass_subscribe.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 12 Dec 2008 13:52:09 +0000 (14:52 +0100)]
Fix SU on skin Sharky.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Vincent Zanotti [Fri, 12 Dec 2008 13:26:40 +0000 (14:26 +0100)]
Fixes the display of aliases on the admin/user/ page.
Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Florent Bruneau [Fri, 12 Dec 2008 08:54:30 +0000 (09:54 +0100)]
Fix instantiation of the Platal object in both listes_redirect
(listes.p.org) and webredirect (carva.org).
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 12 Dec 2008 08:52:24 +0000 (09:52 +0100)]
Fix calls to is_subscription_pending. (Closes:#942).
Also add a bit of logging... useful for debugging.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Thu, 11 Dec 2008 22:04:41 +0000 (23:04 +0100)]
Update core (wiki cache fix).
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Thu, 11 Dec 2008 21:33:33 +0000 (22:33 +0100)]
Fix hruid update script.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Thu, 11 Dec 2008 21:21:39 +0000 (22:21 +0100)]
Fix URL for rewrite.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Thu, 11 Dec 2008 19:40:40 +0000 (20:40 +0100)]
Plat/al 0.10.0.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sun, 7 Dec 2008 20:45:15 +0000 (21:45 +0100)]
More readable administration portal.
Add admin/accounts page with a list of all administrators and all disabled
accounts.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Vincent Zanotti [Sun, 7 Dec 2008 17:33:19 +0000 (18:33 +0100)]
Optimizes the nickname synchronization for GoogleApps by not sending data for disabled accounts.
Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Aymeric Augustin [Sun, 7 Dec 2008 17:09:39 +0000 (18:09 +0100)]
Handle one more special case
Extra checks
Stéphane Jacob [Sun, 7 Dec 2008 15:10:48 +0000 (16:10 +0100)]
Fixes sector and function's display in the profile edition interface (Ooops).
Florent Bruneau [Sun, 7 Dec 2008 11:20:39 +0000 (12:20 +0100)]
Fix SUID authentication:
* default auth level is AUTH_MDP
* requested password (if needed) is the password of the administrator
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Stéphane Jacob [Sat, 6 Dec 2008 22:52:50 +0000 (23:52 +0100)]
Fixes sector and function's display in the profile edition interface.
Florent Bruneau [Tue, 2 Dec 2008 18:07:56 +0000 (19:07 +0100)]
Trim regexps to avoid the 'baldelx' effect.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Mon, 1 Dec 2008 22:04:52 +0000 (23:04 +0100)]
Fix last session.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Stéphane Jacob [Fri, 28 Nov 2008 12:19:40 +0000 (13:19 +0100)]
Deletes ambiguous explaination text about medals' publicity.
Stéphane Jacob [Thu, 27 Nov 2008 12:33:34 +0000 (13:33 +0100)]
Adds a pop-up when the subject is not filled on the group email interface and sets the default subject to null.
Aymeric Augustin [Sat, 22 Nov 2008 13:54:51 +0000 (14:54 +0100)]
Reviewing and slighlty clarifying template for sender address rewriting
Florent Bruneau [Sun, 16 Nov 2008 20:46:38 +0000 (21:46 +0100)]
Implementation of the logger here.
WARNING: This breaks compatibility with sessions created by previous
versions of plat/al.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sun, 16 Nov 2008 20:12:08 +0000 (21:12 +0100)]
Cosmetics.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sun, 16 Nov 2008 19:45:55 +0000 (20:45 +0100)]
Should fix the calculation of the number of pages on X.net events admin page (Closes #751)
Grumpf, obfuscated code! (not sure this fix all cases, please test if possible).
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sun, 16 Nov 2008 14:21:26 +0000 (15:21 +0100)]
Add a message when a user valid his subscription to an event.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sun, 16 Nov 2008 13:04:32 +0000 (14:04 +0100)]
On X.net, sitename is 'Polytechnique.net'.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 15 Nov 2008 20:11:09 +0000 (21:11 +0100)]
Confirming to editorial rules: 'courriel' => 'email'
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 15 Nov 2008 20:09:33 +0000 (21:09 +0100)]
Hop hop hop!!!
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 15 Nov 2008 20:00:57 +0000 (21:00 +0100)]
Fix performance issue at session creation.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Stéphane Jacob [Sat, 15 Nov 2008 16:51:04 +0000 (17:51 +0100)]
Fixes openweb.css and keynote.css bugs introduced in
fd9a8382.
Stéphane Jacob [Sat, 15 Nov 2008 16:36:16 +0000 (17:36 +0100)]
Adds picture for the order of St Charles.
Florent Bruneau [Sat, 15 Nov 2008 09:55:11 +0000 (10:55 +0100)]
Missing anchors
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 15 Nov 2008 09:48:55 +0000 (10:48 +0100)]
Gadz -> {$sitename}.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 14 Nov 2008 21:36:19 +0000 (22:36 +0100)]
Export the members of a list as a CSV file (Closes #927)
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 14 Nov 2008 20:26:49 +0000 (21:26 +0100)]
Update to txm's text (to be reviewed by the communication team).
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 14 Nov 2008 20:13:27 +0000 (21:13 +0100)]
Update ChangeLog
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Laurent Penou [Tue, 11 Nov 2008 11:34:53 +0000 (12:34 +0100)]
Small update to manage NomDusage correctly
Aymeric Augustin [Sun, 9 Nov 2008 14:07:16 +0000 (15:07 +0100)]
Read-only version of the globally whitelisted websites for openid
Adding a site can be done directly in SQL with user_id == NULL
Aymeric Augustin [Sun, 9 Nov 2008 13:53:23 +0000 (14:53 +0100)]
Users can delete entries from their openid whitelid
Florent Bruneau [Sat, 8 Nov 2008 11:53:17 +0000 (12:53 +0100)]
Oops, fix dynpost.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Sat, 8 Nov 2008 11:47:22 +0000 (12:47 +0100)]
Oops, fix vcard query to retreive user pictures.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 7 Nov 2008 18:34:01 +0000 (19:34 +0100)]
Rewrite goodiesPopup with jQuery, cleanup.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 7 Nov 2008 18:24:00 +0000 (19:24 +0100)]
Rewrite auto_links stuff using jQuery.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 7 Nov 2008 17:32:11 +0000 (18:32 +0100)]
Rewrite our pour implementation of Ajax using jQuery.
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 7 Nov 2008 16:26:35 +0000 (17:26 +0100)]
Update ChangeLog
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
Florent Bruneau [Fri, 7 Nov 2008 16:22:28 +0000 (17:22 +0100)]
Wiki preview uses 'post' instead of 'get' (Closes #918)
Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
projects / platal.git / log