Ralf Becker
5faeec4ad5
mitigate risk of html downloads by using Content-Security-Policy header or Content-Disposition: attachment for IE
2013-09-12 18:49:36 +00:00
Ralf Becker
860c5f3974
removed not used assignment
2013-09-12 08:32:40 +00:00
Ralf Becker
3c160e5062
use secure and httponly cookies by default, secure cookies can be switched off in Admin >> site configuration, if required for sitemgr
2013-09-11 13:06:27 +00:00
Ralf Becker
eeb679b59a
setup uses now sessions too and password-hashes in header.inc.php use most secure hashing type
2013-09-11 11:36:24 +00:00
Ralf Becker
fde4d9df99
silence warning be defining the constants
2013-09-02 13:41:03 +00:00
Ralf Becker
b958240a94
* EMail/all apps: fixed notifications caused EMail to loose connection to IMAP server
...
- temporary switch of user-enviroment as not fully restored and caused email connection of notified user being tried
- bo_tracking::send_notification does not all switching and is save to used without do_notifications
- references to $GLOBALS[egw_info][user] are now removed, because they also stopped correctly switching user enviroments for notifications
2013-09-02 12:14:08 +00:00
Klaus Leithoff
5299db0f05
add (and use) preg replace callback for mailto link to text transformation
2013-08-29 10:40:11 +00:00
Klaus Leithoff
0a08bfc2f2
handle smtp reset on phpmailerclass, as this class throws exceptions; preserve the error info from smtp class before resetting the smtp communication
2013-08-07 09:23:22 +00:00
Klaus Leithoff
37a810e6a4
send reset command after failure while failing when adding addresses
2013-08-06 13:52:27 +00:00
Ralf Becker
c20bb4df6b
using correct case: To, Cc and Bcc
2013-08-05 14:57:03 +00:00
Klaus Leithoff
202d40d517
ClearAllRecipients should only clear recipients, not From, ReplyTo and such
2013-08-05 13:47:51 +00:00
Ralf Becker
86262dea0f
fixed 2 typos
2013-08-05 12:58:41 +00:00
Ralf Becker
e9bf6d69e1
some long running operations, eg. merge-print, run into situation that DB closes our separate sqlfs connection, we try now to reconnect once
2013-08-05 09:47:16 +00:00
Ralf Becker
57634dc01f
need to reimplement Clear methods from parent, to also clear our private addresses
2013-08-05 08:47:19 +00:00
Ralf Becker
188328b1d0
fixed wrong condition only giving a location header if requests fails, not if it succeeds
2013-08-02 19:27:35 +00:00
Ralf Becker
c65130d714
* Admin/Filemanager: added filesystem check and repair for missing or broken required directories /, /apps and /home
2013-08-01 07:53:58 +00:00
Ralf Becker
3b0eccb9d4
* eTemplate/all apps: (silently) limit number of links shown to 1000 newest, to not run into memory_limit or max_execution_time and assuming noone will scroll further down anyway
2013-07-26 09:39:14 +00:00
Ralf Becker
69a336d58b
* Async service/Backup: updating job to next scheduled time BEFORE running it, to copy with jobs running longer then async frequency of 5min, eg. backup
2013-07-25 13:11:37 +00:00
Ralf Becker
e4e725b5bc
removed ancient "mark untranslated strings with *" site configuration, as it is unnecessary and breaks links-stream-wrapper and WebDAV
2013-07-25 12:18:43 +00:00
Ralf Becker
be0c913c35
* Admin/Preferences: fixed not working special char detection in passwords, if you required 4 character classes it always failed
2013-07-25 07:24:33 +00:00
Ralf Becker
4557a1d24d
reverted "no need for RegExp replace", as javascript only replace first occurence, if a string given
2013-07-23 14:42:24 +00:00
Ralf Becker
daf247f3ad
fixed tail-window did not scroll to bottom automatic after jQuery update
2013-07-23 11:45:57 +00:00
Ralf Becker
ae86519a58
disable outer scrollbar, eg. if rendering time is swichted on
2013-07-23 11:32:29 +00:00
Klaus Leithoff
46e8c16016
suppress warning on searching for active members
2013-07-23 10:58:43 +00:00
Ralf Becker
4619a9f9c6
fixed accounts::search sometimes returning too many lines
2013-07-17 13:14:35 +00:00
Ralf Becker
18cb6f75a6
fixed again not working new account creation under AD agains Win2008r2
2013-07-16 15:19:38 +00:00
Ralf Becker
4e3c34f257
always check with "passwd_forbid_name" enabled, if setting of password failed
2013-07-16 14:57:43 +00:00
Ralf Becker
b9cefd3755
fixed not being able to switch "forbid password to contain name" off again, after it has been switched on (caused by name "passwd_forbid_name")
2013-07-16 14:51:03 +00:00
Klaus Leithoff
8afd5fb840
pass acount_id to crackcheck, as it is required for crackcheck rule validation forbid_name
2013-07-16 10:45:00 +00:00
Ralf Becker
ab7c7930f8
* PostgreSQL: fix for SQL error eg. on update from 1.8.001 to 1.8.004 from 9.1 on
2013-07-16 06:48:19 +00:00
Ralf Becker
e82af0a961
need to use own authentication method, to be able to auth user forced to change password and need to always recheck flag, if user are forced to change password, as otherwise he will be prompt again after changing it
2013-07-15 20:30:30 +00:00
Ralf Becker
d26074731f
* Active Directory: allow to do a forced password change in EGroupware and handle reset of that flag for Samba4 too
2013-07-15 20:01:29 +00:00
Ralf Becker
00fedbf069
* WebDAV/CalDAV/CardDAV: fixed basic authentication via redirect-rule to use $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] as it is used by newer Apache versions
2013-07-15 11:07:24 +00:00
Ralf Becker
eb7cccf775
* Admin/Preferences/Active Directory: more understandable password policy errors and using windows defaults only, if admin has not configured something else
2013-07-14 13:06:39 +00:00
Ralf Becker
fcd1f660b8
disable "account_lid" input, if backend (eg. AD) does not allow changing it
2013-07-13 08:34:33 +00:00
Ralf Becker
dc7f8e11b1
* Admin/Active Directory: fixed not working display, setting and removing of "must change password upon next login"
2013-07-13 07:51:40 +00:00
Ralf Becker
d0e4dec5eb
* Admin/Active Directory: create new users with CN=<username> as Windows does and allow to configure profilePath, homeDirectory, homeDrive and scriptPath for new users (in setup)
2013-07-09 15:29:17 +00:00
Klaus Leithoff
18c0bd1c38
silence error_log on wrong type
2013-07-08 08:04:23 +00:00
Klaus Leithoff
0c99b3045e
* API: fix for wrong (unexpected array) type passed in check_list
2013-07-08 08:02:30 +00:00
Ralf Becker
8b2a596918
replace no longer existing depricated egw_info->user email and fullname
2013-07-04 18:00:11 +00:00
Ralf Becker
1bbe643808
fixed allowed memory size extended error, if trying to read history from a ldap or ads contact with an id starting with a letter, did an unlimited query for all history-log entries of addressbook
2013-06-29 16:41:54 +00:00
Ralf Becker
7cfa4e1617
* Admin/API/ADS: account creation did not set initial password
2013-06-29 09:34:48 +00:00
Ralf Becker
026ad4ccdf
* Admin/Preferences/ADS: give explicit error, that AD requires SSL or TLS to change passwords (not just failing with unspecific error)
2013-06-29 08:51:37 +00:00
Ralf Becker
4e7669dfd0
remove old default of 7 for password length, as it allways checks for that default otherwise
2013-06-28 16:20:28 +00:00
Ralf Becker
91fc5bc23d
* ProjectManager/Timesheet: automatic change a changed project-title in Timesheet too
2013-06-27 14:43:54 +00:00
Ralf Becker
1da892e989
display mail-address for groups in AD
2013-06-26 19:58:19 +00:00
Ralf Becker
76abb48fa4
fixed auth_sql to allow updating passwords of in-active accounts and return true for all successfull password changes as documented (returned false if password was unchanged and hash password on success)
2013-06-26 09:49:57 +00:00
Ralf Becker
eadc4edf2e
* Admin/API/LDAP: fixed not working pagination of accounts for 2. or further pages introduced by enabling caching again in last package
2013-06-26 08:12:47 +00:00
Ralf Becker
6cfe7d4fc2
* Admin: split password strength config in minimum length and number of character types, allow account backends specially AD to report password policy failures
2013-06-25 17:23:25 +00:00
Ralf Becker
a8e94beb5f
allow auth backends to throw exceptions to give verbose error why password changing failed, auth_ads does now password strength check (even if not configured), as this is most likely cause for not changed password
2013-06-23 10:52:18 +00:00