Martin Zobel-Helas [Fri, 6 Sep 2013 20:20:59 +0000 (22:20 +0200)]
uri_escape input
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Sep 2013 17:15:08 +0000 (19:15 +0200)]
add debian/changelog entry for Moritz Naumann
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Moritz Naumann [Tue, 27 Aug 2013 14:42:49 +0000 (16:42 +0200)]
XSS bug in db.debian.org
Hi, I just stumbled upon an XSS bug in db.debian.org:
https://db.debian.org/search.cgi?id=%22%3E%3C/a%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E%3Cx%20y=%22&dosearch=Search...
Both the "id" and "authtoken" fields lack input validation.
<zobel> bfly: you can find the code at git.debian.org in userdir-ldap-cgi
<zobel> would be nice if you could send a patch
A (n untested) patch is attached. Please let me know whether it's usable
and whether you are going to apply it.
-- Moritz
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:58:32 +0000 (13:58 +0200)]
iso-codes and isoquery are build-depends and not depends
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:52:50 +0000 (13:52 +0200)]
add changelog entry for the typo in update.wml
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:52:16 +0000 (13:52 +0200)]
auto-generate html/domains.tab
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Ramakrishnan Muthukrishnan [Thu, 22 Aug 2013 17:01:54 +0000 (22:31 +0530)]
typo: mail default handling incorrectly pointing to the greylist option.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Sat, 27 Jul 2013 09:37:32 +0000 (11:37 +0200)]
Point out users can use non-clearsigned mail, and mention that maybe that is smart with webmailers
Peter Palfrader [Thu, 30 May 2013 14:51:57 +0000 (16:51 +0200)]
die handler breaks stuff on wheezy
Luca Filipozzi [Wed, 23 Jan 2013 05:49:19 +0000 (05:49 +0000)]
make dnsZoneEntry description more understandable
Paul Wise [Sun, 2 Dec 2012 12:15:11 +0000 (20:15 +0800)]
Update the documentation to mention txt records in dnsZoneEntry fields.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Enrico Zini [Sun, 25 Nov 2012 10:12:10 +0000 (11:12 +0100)]
Link to SSO documentation in web password update field
Hello,
attached is a simple patch that adds a link to
http://wiki.debian.org/DebianSingleSignOn to web password update field.
Can you please apply it and push it to production?
Ciao,
Enrico
--
GPG key: 4096R/
E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
From
21da63edc068b1e717c6f48d80bed17178c96e23 Mon Sep 17 00:00:00 2001
From: Enrico Zini <enrico@enricozini.org>
Date: Sun, 25 Nov 2012 11:08:53 +0100
Subject: [PATCH] Added link to single signon documentation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 17:44:57 +0000 (19:44 +0200)]
and include it
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 17:38:56 +0000 (19:38 +0200)]
fix layout problems
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 14:37:19 +0000 (16:37 +0200)]
readd the lost items
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 14:35:13 +0000 (16:35 +0200)]
move the navbar to all pages
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 13:45:42 +0000 (15:45 +0200)]
two more pages of documentation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 13:41:26 +0000 (15:41 +0200)]
promote documentation on searchform.wml
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 Jun 2012 20:45:51 +0000 (22:45 +0200)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi
* 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi:
And a changelog entry for Nick's change
Use the changes@ address consistently in preference to change@
Try a different CreateCryptSalt approach
Conflicts:
debian/changelog
Martin Zobel-Helas [Wed, 13 Jun 2012 20:42:50 +0000 (22:42 +0200)]
some cleanup
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 Jun 2012 16:49:41 +0000 (18:49 +0200)]
use libjs-jquery-tablesorter to sort machines.cgi
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 Jun 2012 16:23:03 +0000 (18:23 +0200)]
restructure
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Sun, 10 Jun 2012 20:03:06 +0000 (22:03 +0200)]
And a changelog entry for Nick's change
Peter Palfrader [Sun, 10 Jun 2012 20:01:01 +0000 (22:01 +0200)]
Use the changes@ address consistently in preference to change@
Cherry pick
6e07c94822cba24dd24e5f86e662a7ddabc863ea from torproject,
by Nick Mathewson:
Having both addresses listed on the website led me to think that one
of them must be a misprint, and slowed down my debugging attempts
by a factor of 2 as I tried every one of my incorrect ideas on both
of the addresses.
Peter Palfrader [Fri, 9 Mar 2012 19:58:42 +0000 (20:58 +0100)]
Try a different CreateCryptSalt approach
Martin Zobel-Helas [Fri, 9 Mar 2012 18:51:32 +0000 (19:51 +0100)]
remove code duplication
Peter Palfrader [Fri, 9 Mar 2012 18:09:52 +0000 (19:09 +0100)]
Also ignore "-" as words for cracklib
Peter Palfrader [Fri, 9 Mar 2012 17:59:28 +0000 (18:59 +0100)]
And say which password failed its check
Peter Palfrader [Fri, 9 Mar 2012 17:58:09 +0000 (18:58 +0100)]
Say what web password is good for
Martin Zobel-Helas [Fri, 9 Mar 2012 11:47:38 +0000 (12:47 +0100)]
Better salt
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 9 Mar 2012 11:32:46 +0000 (12:32 +0100)]
fix web password generation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 9 Mar 2012 09:04:15 +0000 (10:04 +0100)]
unrelease
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 9 Mar 2012 09:02:43 +0000 (10:02 +0100)]
release 0.3.36
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 9 Mar 2012 09:00:24 +0000 (10:00 +0100)]
use Crypt::PasswdMD5 to create apache passwords
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 8 Mar 2012 22:59:29 +0000 (23:59 +0100)]
fix code
Martin Zobel-Helas [Thu, 8 Mar 2012 22:52:14 +0000 (23:52 +0100)]
release
Martin Zobel-Helas [Thu, 8 Mar 2012 18:24:52 +0000 (19:24 +0100)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi
* 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi:
add webpassword Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 8 Mar 2012 18:23:11 +0000 (19:23 +0100)]
add webpassword
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 8 Mar 2012 18:23:11 +0000 (19:23 +0100)]
add webpassword
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 10 Feb 2012 18:01:35 +0000 (19:01 +0100)]
add two more pics
Martin Zobel-Helas [Fri, 10 Feb 2012 17:52:34 +0000 (18:52 +0100)]
fix URL path
Martin Zobel-Helas [Fri, 6 Jan 2012 12:02:08 +0000 (13:02 +0100)]
start new version
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Jan 2012 11:55:49 +0000 (12:55 +0100)]
make selection a link
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Jan 2012 11:55:14 +0000 (12:55 +0100)]
fix quoting in machines.cgi
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Jan 2012 11:28:18 +0000 (12:28 +0100)]
release
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 4 Jan 2012 22:59:40 +0000 (23:59 +0100)]
adjust to new layout (no warranties for breakage)
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 4 Jan 2012 22:23:17 +0000 (23:23 +0100)]
correct mail address
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 4 Jan 2012 22:21:52 +0000 (23:21 +0100)]
correct mail address
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 23 Nov 2011 11:12:45 +0000 (12:12 +0100)]
machines.cgi: generate fingerprints for ecdsa-sha2-nistp256 ssh keys.
Peter Palfrader [Sun, 30 Oct 2011 16:40:52 +0000 (17:40 +0100)]
Util.pm:UpgradeConnection(): properly concatenate strings
Peter Palfrader [Fri, 15 Jul 2011 23:04:27 +0000 (01:04 +0200)]
cracklib-packer complains about '*' on input
Peter Palfrader [Thu, 9 Jun 2011 13:02:06 +0000 (13:02 +0000)]
Change import of Net::LDAP to work on squeeze
root [Mon, 3 Jan 2011 23:04:26 +0000 (23:04 +0000)]
Luca added entry for changelog; ready to build
root [Mon, 3 Jan 2011 22:57:43 +0000 (22:57 +0000)]
fixed link to SPI CA; added link to Debian CA
Martin Zobel-Helas [Tue, 10 Aug 2010 06:40:50 +0000 (08:40 +0200)]
add patch from vorlon
Martin Zobel-Helas [Tue, 10 Aug 2010 06:38:39 +0000 (08:38 +0200)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi
Steve Langasek [Tue, 10 Aug 2010 01:43:11 +0000 (18:43 -0700)]
don't use sentence fragments, make the docs searchable
Hi all,
Here's a patch to userdir-ldap-cgi to improve the documentation in
doc-mail.wml:
Replace the sentence fragment at the beginning of the documentation on
DNS records with a complete sentence that uses the actual field name, making
the documentation more searchable.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 21 Jul 2010 12:38:22 +0000 (14:38 +0200)]
And a changelog entry
Peter Palfrader [Wed, 21 Jul 2010 12:37:50 +0000 (14:37 +0200)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap-cgi
* 'master' of ssh://db.debian.org/git/userdir-ldap-cgi:
Fix typo in update.wml spotted by Sylvain Beucler.
Actually install new doc.
updated css from interwebs
actually install new file
Peter Palfrader [Wed, 21 Jul 2010 12:37:44 +0000 (14:37 +0200)]
Only import cracklib (do not fallback to crack). Also makes setting cracklib.min_length actually work
Martin Zobel-Helas [Tue, 1 Jun 2010 20:28:08 +0000 (22:28 +0200)]
Fix typo in update.wml spotted by Sylvain Beucler.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Stephen Gran [Mon, 15 Mar 2010 11:44:19 +0000 (11:44 +0000)]
Actually install new doc.
Stephen Gran [Mon, 15 Mar 2010 11:43:25 +0000 (11:43 +0000)]
updated css from interwebs
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Mon, 15 Mar 2010 11:43:06 +0000 (11:43 +0000)]
actually install new file
Signed-off-by: Stephen Gran <steve@lobefin.net>
Martin Zobel-Helas [Sun, 31 Jan 2010 12:35:30 +0000 (13:35 +0100)]
we should also install the CSS files
Martin Zobel-Helas [Sun, 31 Jan 2010 12:09:45 +0000 (13:09 +0100)]
new changelog entry
Martin Zobel-Helas [Sun, 31 Jan 2010 12:09:29 +0000 (13:09 +0100)]
ignore debian/substvars
Martin Zobel-Helas [Sun, 31 Jan 2010 12:08:45 +0000 (13:08 +0100)]
don't link outside db.d.o when using https
Martin Zobel-Helas [Sun, 31 Jan 2010 12:05:03 +0000 (13:05 +0100)]
add myself to uploaders
Martin Zobel-Helas [Sun, 31 Jan 2010 11:07:59 +0000 (12:07 +0100)]
some corrections suggested by #debian-devel channel members
Martin Zobel-Helas [Sun, 31 Jan 2010 10:49:33 +0000 (11:49 +0100)]
document "allowed_hosts" function
Martin Zobel-Helas [Sun, 31 Jan 2010 10:26:58 +0000 (11:26 +0100)]
we do not do password logins to our machines any more
Simon Paillard [Mon, 25 Jan 2010 20:54:23 +0000 (21:54 +0100)]
Move ud-ldap-cgi wml templates away from gif navbar to CSS navbar See lists.debian.org/debian-www/2010/01/msg00120.html
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 13 Jan 2010 12:36:07 +0000 (13:36 +0100)]
Add a .gitignore
Peter Palfrader [Wed, 13 Jan 2010 12:35:44 +0000 (13:35 +0100)]
Fix building of wml things [Erinn Clark (helix)]
Stephen Gran [Thu, 26 Nov 2009 08:41:26 +0000 (08:41 +0000)]
stop mentioning gluck as a good machine to work on
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Wed, 18 Nov 2009 19:06:06 +0000 (20:06 +0100)]
no more need for cvs metadata
Peter Palfrader [Wed, 18 Nov 2009 19:04:26 +0000 (20:04 +0100)]
.cvsignore is now a .gitignore
Peter Palfrader [Wed, 18 Nov 2009 19:03:59 +0000 (20:03 +0100)]
wmlify doc-mail-handling
Peter Palfrader [Wed, 18 Nov 2009 19:02:37 +0000 (20:02 +0100)]
Replace compiled .html with .wml source from the db.d.o cvs repository
Stephen Gran [Mon, 16 Nov 2009 22:12:53 +0000 (22:12 +0000)]
Initial mail docs
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Mon, 16 Nov 2009 21:32:10 +0000 (21:32 +0000)]
make mailDefaultOptions default to true in web interface
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Mon, 16 Nov 2009 00:18:12 +0000 (00:18 +0000)]
doc fixups
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 23:18:15 +0000 (23:18 +0000)]
Support for defaultMailOptions attribute
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 22:41:50 +0000 (22:41 +0000)]
readd dropped mail content inspection option to web page
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 15:43:11 +0000 (15:43 +0000)]
move html into the cgi
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 12:31:50 +0000 (12:31 +0000)]
Initial BATV token support
Stephen Gran [Sun, 15 Nov 2009 12:29:10 +0000 (12:29 +0000)]
Remove Ryan and Joey from Uploaders: thanks for all the fish!
Stephen Gran [Sun, 15 Nov 2009 12:28:37 +0000 (12:28 +0000)]
Add myself to uploaders
Stephen Gran [Sat, 19 Sep 2009 17:09:26 +0000 (18:09 +0100)]
add support for mailContentInspectionAction to web interface
Peter Palfrader [Tue, 12 May 2009 22:11:56 +0000 (00:11 +0200)]
Fix showing echelon information. It needs unescaped input
Peter Palfrader [Fri, 8 May 2009 23:33:17 +0000 (01:33 +0200)]
Merge
Peter Palfrader [Fri, 8 May 2009 23:30:55 +0000 (01:30 +0200)]
In machines.cgi: do not skip [[- purposes. "[[-<hostname>]]" gets stuff added to ssh_known_hosts but not http linked.
Peter Palfrader [Fri, 27 Feb 2009 10:35:53 +0000 (11:35 +0100)]
Work around brain damage
Peter Palfrader [Sun, 23 Nov 2008 20:42:59 +0000 (21:42 +0100)]
Ignore the * in [[*host]] links, and ignore [[- ]] in [[-hostname]] entries.
Peter Palfrader [Fri, 14 Nov 2008 19:35:58 +0000 (20:35 +0100)]
New hmac scheme for sudo passwords.
Peter Palfrader [Tue, 16 Sep 2008 20:11:07 +0000 (22:11 +0200)]
Verify confirmed hmac in web display, showing status as either 'confirmed'
(which now means also verified, i.e. it will make it to the host), or
'invalid'.
Peter Palfrader [Tue, 16 Sep 2008 14:42:09 +0000 (16:42 +0200)]
Slightly change find call in cronjob
Peter Palfrader [Tue, 16 Sep 2008 14:39:55 +0000 (16:39 +0200)]
Install a cron job to get rid of old sessions
Peter Palfrader [Tue, 16 Sep 2008 14:29:40 +0000 (16:29 +0200)]
Do not HTML escape stuff we just got from the user before writing it to LDAP,
set it as passwords, etc. Instead escape stuff we did read from LDAP.