Thorsten Glaser [Fri, 19 Apr 2013 11:56:11 +0000 (13:56 +0200)]
aljeux is using 11 already, so pick 12 for evolvis
Thorsten Glaser [Fri, 19 Apr 2013 11:44:24 +0000 (13:44 +0200)]
grab a type number for extrafields of type timestamp
(planning on second accuracy here)
Franck Villaume [Thu, 18 Apr 2013 18:54:30 +0000 (20:54 +0200)]
docman: fix apostrophe in title and description when editing file
Franck Villaume [Thu, 18 Apr 2013 18:51:21 +0000 (20:51 +0200)]
Revert "use correct JSON encoding"
This reverts commit
88e6ca54e50e1631d4233da4c158502c8f2452bc.
Franck Villaume [Thu, 18 Apr 2013 18:54:30 +0000 (20:54 +0200)]
docman: fix apostrophe in title and description when editing file
Franck Villaume [Thu, 18 Apr 2013 18:51:21 +0000 (20:51 +0200)]
Revert "use correct JSON encoding"
This reverts commit
88e6ca54e50e1631d4233da4c158502c8f2452bc.
Roland Mas [Wed, 17 Apr 2013 12:54:16 +0000 (14:54 +0200)]
Update moinmoin plugin to use new format for session cookies
Roland Mas [Wed, 17 Apr 2013 11:26:49 +0000 (13:26 +0200)]
Partial merge from 5.2
Roland Mas [Wed, 17 Apr 2013 10:01:23 +0000 (12:01 +0200)]
Contentless merge from 5.1
Roland Mas [Wed, 17 Apr 2013 09:55:00 +0000 (09:55 +0000)]
Handle PHP 5.1's restricted setcookie()
Roland Mas [Wed, 17 Apr 2013 09:54:52 +0000 (09:54 +0000)]
Fixed error where you couldn't create a mailing-list if forums weren't enabled
Roland Mas [Wed, 17 Apr 2013 09:53:15 +0000 (11:53 +0200)]
Handle PHP 5.1's restricted setcookie()
Roland Mas [Wed, 17 Apr 2013 09:37:13 +0000 (11:37 +0200)]
Reinstate 'invalid password' message
Franck Villaume [Mon, 15 Apr 2013 21:41:23 +0000 (23:41 +0200)]
fix #428: latest-zip does not increment download stats
Franck Villaume [Mon, 15 Apr 2013 21:41:23 +0000 (23:41 +0200)]
fix #428: latest-zip does not increment download stats
Franck Villaume [Mon, 15 Apr 2013 21:13:55 +0000 (23:13 +0200)]
FRS: protect if ZipArchive class is missing
Franck Villaume [Mon, 15 Apr 2013 20:00:06 +0000 (22:00 +0200)]
apply #533: improve activity display : final merge
Franck Villaume [Mon, 15 Apr 2013 20:00:06 +0000 (22:00 +0200)]
apply #533: improve activity display : final merge
Franck Villaume [Sun, 14 Apr 2013 18:14:32 +0000 (20:14 +0200)]
partial apply #533: improve the display
Franck Villaume [Sun, 14 Apr 2013 18:14:32 +0000 (20:14 +0200)]
partial apply #533: improve the display
Franck Villaume [Sun, 14 Apr 2013 17:58:18 +0000 (19:58 +0200)]
apply #543: fix licence, fix rss display
Franck Villaume [Sun, 14 Apr 2013 17:58:18 +0000 (19:58 +0200)]
apply #543: fix licence, fix rss display
Franck Villaume [Sun, 14 Apr 2013 17:14:46 +0000 (19:14 +0200)]
patch #550: add more check on disabled feature in RBAC normalize function
Franck Villaume [Sun, 7 Apr 2013 19:50:01 +0000 (21:50 +0200)]
test suite: adapt for #350 implementation
Franck Villaume [Sun, 7 Apr 2013 19:13:10 +0000 (21:13 +0200)]
test suite: adapt #350 implementation
Franck Villaume [Sun, 7 Apr 2013 18:50:13 +0000 (20:50 +0200)]
fix #350: better permission check
Franck Villaume [Sun, 7 Apr 2013 18:21:24 +0000 (20:21 +0200)]
test suite: adapt #350 implementation
Franck Villaume [Sun, 7 Apr 2013 18:07:03 +0000 (20:07 +0200)]
test suite: adapt #350 implementation
Franck Villaume [Sun, 7 Apr 2013 17:45:38 +0000 (19:45 +0200)]
test suite: adapt to #350 implementation feature
Franck Villaume [Sun, 7 Apr 2013 17:38:28 +0000 (19:38 +0200)]
implement #350: skip project approval when submitter is forge administrator
Franck Villaume [Sat, 6 Apr 2013 18:39:17 +0000 (20:39 +0200)]
fix #447: setStatus does not check the correct user for permission, add missing default value in config files
Franck Villaume [Sat, 6 Apr 2013 18:39:17 +0000 (20:39 +0200)]
fix #447: setStatus does not check the correct user for permission, add missing default value in config files
Alain Peyrat [Fri, 5 Apr 2013 16:26:52 +0000 (18:26 +0200)]
Drop hardcoded graph size & Misc in src/www/reporting
Alain Peyrat [Fri, 5 Apr 2013 16:12:54 +0000 (18:12 +0200)]
Fix logic in project registeration form when only one template project & Misc
Alain Peyrat [Fri, 5 Apr 2013 16:26:52 +0000 (18:26 +0200)]
Drop hardcoded graph size & Misc in src/www/reporting
Alain Peyrat [Fri, 5 Apr 2013 16:12:54 +0000 (18:12 +0200)]
Fix logic in project registeration form when only one template project & Misc
Franck Villaume [Mon, 1 Apr 2013 19:31:44 +0000 (21:31 +0200)]
SCM plugins: display stats only to authorized people
Franck Villaume [Mon, 1 Apr 2013 13:38:01 +0000 (15:38 +0200)]
add missing link to manage available roadmaps
Thorsten Glaser [Tue, 26 Mar 2013 16:21:06 +0000 (17:21 +0100)]
never expose user-supplied string to printf; use str_replace instead
Thorsten Glaser [Tue, 26 Mar 2013 16:19:03 +0000 (17:19 +0100)]
store 100 values as JSON "null" instead of emitting PHP warnings
Thorsten Glaser [Mon, 25 Mar 2013 16:15:31 +0000 (17:15 +0100)]
(mostly) Merge branch 'Branch_5_1' into Branch_5_2
Conflicts:
src/common/include/session.php
⇒ someone *MUST* look at this, I think this couldn’t really work
Thorsten Glaser [Mon, 25 Mar 2013 15:57:19 +0000 (16:57 +0100)]
Merge branch 'Branch_5_2' of git+ssh://scm.fusionforge.org//var/lib/gforge/chroot/scmrepos/git/fusionforge/fusionforge into Branch_5_2
Thorsten Glaser [Mon, 25 Mar 2013 14:30:54 +0000 (15:30 +0100)]
oops, use raw octet HMAC output (for size reasons)
this does work as tested on CentOS 5 (php-cli-5.1.6-39.el5_8)…
Thorsten Glaser [Mon, 25 Mar 2013 14:09:58 +0000 (15:09 +0100)]
remove commented-out EvolvisForge compat stuff
Thorsten Glaser [Mon, 25 Mar 2013 13:50:29 +0000 (14:50 +0100)]
SECURITY: use HMAC-SHA256 (for now) to protect the session cookie
NOTE: after installing this patch, it is *vital* to change your
forge_get_config('session_key') because you *MUST* assume that
the old value is insecure and/or has been leaked!
Thorsten Glaser [Mon, 25 Mar 2013 13:08:54 +0000 (14:08 +0100)]
make this closer to the code in EvolvisForge (should be no change)
everything that would change FF behaviour is commented out atm
Thorsten Glaser [Mon, 25 Mar 2013 13:01:43 +0000 (14:01 +0100)]
merge from Evolvis: for session_set_admin use the lowest-uid one
instead of impersonating a random person who’s got forge admin rights
Thorsten Glaser [Mon, 25 Mar 2013 13:01:05 +0000 (14:01 +0100)]
merge from Evolvis: better session_redirect()
Thorsten Glaser [Mon, 25 Mar 2013 12:50:18 +0000 (13:50 +0100)]
emit a newline after the warning
Thorsten Glaser [Mon, 25 Mar 2013 12:36:59 +0000 (13:36 +0100)]
merge from Evolvis: group home permission changes
• fallback if /usr/share/gforge/lib/private_default_page.php does
not exist
• change index file and incoming directory to be group-writable
(with sgid bit set) by default, to be actually useful
Thorsten Glaser [Mon, 25 Mar 2013 12:36:15 +0000 (13:36 +0100)]
merge from Evolvis: some more variables and compat functions
Thorsten Glaser [Mon, 25 Mar 2013 12:30:58 +0000 (13:30 +0100)]
SudoEffectiveUser needs unix_name, not uid, of the target
unbreaks group homedir creation for the n-th time
Thorsten Glaser [Mon, 25 Mar 2013 12:11:56 +0000 (13:11 +0100)]
revert most of the CVE patch and “do it right”
directly after creating the new group home directory, as root,
there is no race that can appear due to *users* creating stuff
inside, so do not account for it; also make this code legible
Roland Mas [Sun, 24 Mar 2013 13:35:59 +0000 (13:35 +0000)]
Fixed permissions for Git repositories created before anonscm is enabled
Thorsten Glaser [Thu, 21 Mar 2013 17:56:18 +0000 (17:56 +0000)]
add a TODO note about a MAC for the session cookie
via http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
(I will work on this someday)
Roland Mas [Tue, 19 Mar 2013 14:02:25 +0000 (15:02 +0100)]
Contentless merge from 5.2
Roland Mas [Tue, 19 Mar 2013 13:59:59 +0000 (14:59 +0100)]
Merged from 5.1
Roland Mas [Tue, 19 Mar 2013 13:55:13 +0000 (13:55 +0000)]
Fixed syntax error
Franck Villaume [Mon, 18 Mar 2013 19:18:31 +0000 (20:18 +0100)]
Merge remote-tracking branch 'origin/Branch_5_2'
Franck Villaume [Mon, 18 Mar 2013 19:17:37 +0000 (20:17 +0100)]
widget: fix survey widget when project does not use survey
Franck Villaume [Sun, 17 Mar 2013 17:05:45 +0000 (18:05 +0100)]
scmhook: fix php warning
Franck Villaume [Sun, 17 Mar 2013 16:39:25 +0000 (17:39 +0100)]
Merge remote-tracking branch 'origin/Branch_5_2'
Franck Villaume [Sun, 17 Mar 2013 16:36:33 +0000 (17:36 +0100)]
RBAC: fix tracker & task check
Franck Villaume [Sun, 17 Mar 2013 15:42:38 +0000 (16:42 +0100)]
Merge remote-tracking branch 'origin/Branch_5_2'
Franck Villaume [Sun, 17 Mar 2013 15:37:41 +0000 (16:37 +0100)]
scmsvn: fix svn repo create
Roland Mas [Tue, 12 Mar 2013 12:44:32 +0000 (13:44 +0100)]
Fixed project creation
Roland Mas [Tue, 12 Mar 2013 12:38:38 +0000 (13:38 +0100)]
Another fix for project creation
Roland Mas [Tue, 12 Mar 2013 10:38:45 +0000 (11:38 +0100)]
Fixed project creation
Franck Villaume [Sun, 10 Mar 2013 13:01:01 +0000 (14:01 +0100)]
merge Branch_5_2
Franck Villaume [Sun, 10 Mar 2013 12:59:28 +0000 (13:59 +0100)]
tracker: fix redirect when click on admin link
db: fix warning
Franck Villaume [Sat, 9 Mar 2013 18:16:54 +0000 (19:16 +0100)]
Merge remote-tracking branch 'origin/Branch_5_2'
Franck Villaume [Sat, 9 Mar 2013 18:15:51 +0000 (19:15 +0100)]
fix #497: Number of pending projects miscounted/misleading on site admin tab
Franck Villaume [Sat, 9 Mar 2013 17:55:13 +0000 (18:55 +0100)]
port from Branch_5_2: fix #527: unable to delete project when use_forum = no in config.ini
Franck Villaume [Sat, 9 Mar 2013 17:48:54 +0000 (18:48 +0100)]
fix #527: unable to delete project when use_forum = no in config.ini
Franck Villaume [Sat, 9 Mar 2013 16:35:17 +0000 (17:35 +0100)]
Merge remote-tracking branch 'origin/Branch_5_2'
Franck Villaume [Sat, 9 Mar 2013 16:33:56 +0000 (17:33 +0100)]
fix #528: complains about forums when creating mailing-list even if forum tool is deactivated
Franck Villaume [Sat, 9 Mar 2013 14:22:30 +0000 (15:22 +0100)]
prepare merge git dav enhancement
Franck Villaume [Sun, 24 Feb 2013 11:53:26 +0000 (12:53 +0100)]
scmgit: add httpd_reload_cmd to handle specific debian httpd name
Franck Villaume [Sat, 23 Feb 2013 13:09:32 +0000 (14:09 +0100)]
scmgit: add support for basic dav access
Franck Villaume [Wed, 6 Mar 2013 19:48:48 +0000 (20:48 +0100)]
merge Branch_5_2
Franck Villaume [Wed, 6 Mar 2013 19:45:56 +0000 (20:45 +0100)]
docman: fix missing )
Franck Villaume [Wed, 6 Mar 2013 19:45:21 +0000 (20:45 +0100)]
fix scm session rights check and redirect
Franck Villaume [Wed, 6 Mar 2013 19:22:10 +0000 (20:22 +0100)]
docman: fix missing )
tiben [Tue, 5 Mar 2013 21:51:51 +0000 (22:51 +0100)]
Merge branch 'scmhook-git'
tiben [Tue, 5 Mar 2013 21:50:02 +0000 (22:50 +0100)]
Merge remote branch 'upstream/master'
tiben [Tue, 5 Mar 2013 18:20:37 +0000 (19:20 +0100)]
add fusionforge licence
Thorsten Glaser [Mon, 4 Mar 2013 08:34:37 +0000 (09:34 +0100)]
use correct JSON encoding
Franck Villaume [Sun, 3 Mar 2013 16:35:12 +0000 (17:35 +0100)]
port from Branch_5_2: fix #546: Protect apostrophe in a directory name in docman, patch from French Ministry of National Education
Franck Villaume [Sun, 3 Mar 2013 16:31:14 +0000 (17:31 +0100)]
fix copyrights
Franck Villaume [Sun, 3 Mar 2013 16:27:20 +0000 (17:27 +0100)]
fix #546: Protect apostrophe in a directory name in docman, patch from French Ministry of National Education
Thorsten Glaser [Thu, 28 Feb 2013 13:19:24 +0000 (14:19 +0100)]
merge fix from EvolvisForge
revno: 10310
committer: Thorsten Glaser <t.glaser@tarent.de>
branch nick: tarent-5.1
timestamp: Fri 2012-01-20 16:10:48 +0100
message:
fix DTD: accidentally deleted a href too much
Thorsten Glaser [Thu, 28 Feb 2013 13:14:50 +0000 (14:14 +0100)]
move www/DTD/ to common/DTD/ like I did in EvolvisForge
otherwise, this will merge-conflict in git Every. Single. Time. Gah!
Thorsten Glaser [Thu, 28 Feb 2013 12:47:28 +0000 (13:47 +0100)]
bump year
tiben [Thu, 28 Feb 2013 01:22:01 +0000 (02:22 +0100)]
initialize scmhook for git
Roland Mas [Wed, 27 Feb 2013 08:53:08 +0000 (09:53 +0100)]
Merged from 5.2
Roland Mas [Wed, 27 Feb 2013 08:52:14 +0000 (09:52 +0100)]
Marked the merge
Roland Mas [Wed, 27 Feb 2013 08:52:01 +0000 (09:52 +0100)]
Merged from 5.1
Roland Mas [Wed, 27 Feb 2013 08:49:33 +0000 (09:49 +0100)]
Marked the merge
Roland Mas [Wed, 27 Feb 2013 08:44:54 +0000 (09:44 +0100)]
Merged from 5.1
Thorsten Glaser [Wed, 27 Feb 2013 08:33:16 +0000 (09:33 +0100)]
use util_randbytes() to get six random bytes
it’s computationally, and on the kernel pool, much cheaper than
openssl_random_pseudo_bytes() which initialises the OpenSSL pool,
which eats more bytes from the kernel pool