composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,021 Commits 151 Branches 134 Tags
affed699991f19f2400daea698764ed14fbf407b
Commit Graph

859 Commits

Author SHA1 Message Date
Eric Espie
8be7628668 N°7548 - Code hardening 2024-05-29 18:11:36 +02:00
Anne-Catherine
473cf004b6 N°6968 - Audit duration : add of a rule multiplie by 4 the time of response (#575) 2024-02-29 16:33:04 +01:00
Pierre Goiffon
9865bf0779 N°4368 add sending X-Content-Type-Options HTTP header 
Replace in consumers the \WebPage::add_xframe_options call by \WebPage::add_http_headers
 2023-12-19 18:25:26 +01:00
Molkobain
3b2da39469 N°6989 - Security hardening 2023-11-22 18:02:50 +01:00
Pierre Goiffon
5a43448644 N°6458 Security hardening 2023-11-15 11:14:07 +01:00
Pierre Goiffon
c72cb7e70e N°6606 security hardening 2023-10-13 17:15:37 +02:00
Anne-Catherine
bf768311c2 N°5136 - "Select All objects" add obsolete objects even if the parameter show obsolete data is not activated (#467) 2023-08-31 15:13:20 +02:00
Eric Espie
1ec671ef61 N°6351 - code hardening 2023-06-14 09:08:42 +02:00
Eric Espie
c596fa2967 N°6358 - Login API REST 2023-06-07 09:17:24 +02:00
Eric Espie
1172159745 N°6351 - code hardening 2023-06-01 15:12:50 +02:00
Pierre Goiffon
d412a52fcc N°4449 Fix FPD in dashboard export/import 2022-11-29 18:10:17 +01:00
Eric Espie
68d44fa981 N°5724 - code hardening 2022-11-16 09:32:47 +01:00
Anne-Catherine
d7e5705520 N°5318 - Fix DBObject::CheckValue() messages being HTML encoded when not necessary (#326) 
* Rollback N°4898 - Security fix

* N°5318 - security fix
 2022-08-12 17:50:14 +02:00
acognet
ec86bd246a N°5129 - Unwanted popup during a transition with an AttributeExternalField 2022-06-21 15:24:25 +02:00
Eric Espie
aa90d5b6ab N°5102 - Allow to send emails using GSuite SMTP and OAuth - Rework 2022-06-21 13:51:08 +02:00
Benjamin Dalsass
34bed5ec4f N°5215 - Portal insufficient access control for ajax search form 2022-06-07 11:14:43 +02:00
Eric Espie
a6580e3cd8 Merge branch 'support/2.7' into feature/OAuthMail 2022-05-23 10:56:32 +02:00
bdalsass
4dd384e418 N°4872 - Create a ticket in resolved statut Inlineimage disappear (#294) 2022-05-20 09:26:06 +02:00
Eric Espie
160c52fe81 Merge branch 'support/2.7' into feature/OAuthMail 2022-05-19 14:49:48 +02:00
Benjamin Dalsass
8e97279401 N°4899 - Reflected XSS on revert_dashboard operation 2022-05-17 09:27:06 +02:00
Benjamin Dalsass
59424c3126 N°4976 - CSRF in import page 2022-05-17 09:02:06 +02:00
Eric Espie
8c217fdac9 N°3169 - Add feature to connect Gsuite mail box with OAuth 
N°2504 - Add feature to connect Office mail box with OAuth2 for Microsoft Graph
N°5102 - Allow to send emails (eg. notifications) using GSuite SMTP and OAuth
 * 2.7 migration (wip)
 2022-05-13 12:07:27 +02:00
Eric Espie
134736dce5 N°3169 - Add feature to connect Gsuite mail box with OAuth 
N°2504 - Add feature to connect Office mail box with OAuth2 for Microsoft Graph
N°5102 - Allow to send emails (eg. notifications) using GSuite SMTP and OAuth
 * 2.7 migration (wip)
 2022-05-13 11:37:09 +02:00
Eric Espie
dd8a4a0082 N°3169 - Add feature to connect Gsuite mail box with OAuth 
N°2504 - Add feature to connect Office mail box with OAuth2 for Microsoft Graph
N°5102 - Allow to send emails (eg. notifications) using GSuite SMTP and OAuth
 2022-05-12 14:40:55 +02:00
acognet
6fa2d47780 N°4538 - Dashlet Groupby on ExternalKey with special character, bad display 2022-04-15 10:03:04 +02:00
acognet
61137a6f65 N°4479 - Impact analysis : Display and apply filter before display impact analysis graphical - Fix dictionnary 2022-03-18 11:02:04 +01:00
acognet
3db20e8028 N°4479 - Impact analysis : Display and apply filter before display impact analysis graphical 2021-12-23 16:53:15 +01:00
Pierre Goiffon
69578d5d07 Merge remote-tracking branch 'origin/support/2.6' into support/2.7 2021-12-10 12:30:57 +01:00
Pierre Goiffon
97d6d413bb N°4502 Fix dashboard page not refreshed after saving customm dashboard 2021-12-10 12:30:33 +01:00
Pierre Goiffon
7e0d5d64ce Merge remote-tracking branch 'origin/support/2.6' into support/2.7 2021-12-10 09:21:43 +01:00
Pierre Goiffon
3f8f57fa9a N°4502 Fix cannot create new or edit existing custom dashboard 
Regression brought by dbaf9241
 2021-12-10 09:15:43 +01:00
Pierre Goiffon
d0fade9ce1 Merge remote-tracking branch 'origin/support/2.6' into support/2.7 
# Conflicts:
#	pages/ajax.render.php
#	setup/wizardsteps.class.inc.php
 2021-11-17 17:39:36 +01:00
Pierre Goiffon
84426c6634 N°4365 Security hardening 2021-11-17 10:15:12 +01:00
Pierre Goiffon
dbaf924171 N°4363 Security hardening 2021-11-16 17:19:19 +01:00
Pierre Goiffon
bcca6ac720 Merge remote-tracking branch 'origin/support/2.6' into support/2.7 2021-11-15 15:07:19 +01:00
Pierre Goiffon
2beb795f9a N°4304 Security hardening 2021-11-09 11:32:53 +01:00
Molkobain
1c983e8093 Merge remote-tracking branch 'origin/support/2.6' into support/2.7 
# Conflicts:
#	core/config.class.inc.php
#	datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
#	pages/ajax.render.php
 2021-08-18 16:12:22 +02:00
Molkobain
92a9a8c65f N°4129 - Security hardening 2021-08-18 15:57:18 +02:00
Pierre Goiffon
8259a79cd2 🎨 Factorize LogAPI channels value in LogChannels class 2021-06-25 17:13:35 +02:00
Pierre Goiffon
0de6f98add 🔊 When ordering objects search list, log problems due to low max_input_vars php.ini option (#211) 
iTop is sending large volume of data to the server, and those data can be truncated due to this php.ini option.
Now we are checking for common issues : if the data is truncated a log is done (IssueLog, warning level, no channel) and the corresponding column is set as not selected.
User will still see an inconsistent result, but we won't have PHP notices generated anymore, and a log can tell what caused the issue.
 2021-06-08 18:43:43 +02:00
Eric
84741c19f0 N°4002 - code hardening (merge from support/2.6) 2021-05-27 16:36:00 +02:00
Eric
86f649affc N°4002 - code hardening 2021-05-27 16:13:27 +02:00
Eric
4f5c987d8b N°4002 - code hardening 2021-05-27 15:57:04 +02:00
BGdu38
c2f5cafaf3 Avoid setting memory_limit to lower value than the one already configured (#215) 
Some scripts are setting the memory_limit PHP option : setup, csvimport and XLSX export. This was done to avoid crashing when dealing with such large amount of data.
But sometimes we were setting the value without any prior check, so we could actually lower the memory_limit value :/

Now this memory_limit change is done using \utils::SetMinMemoryLimit, which will call ini_set if and only if the current value is lower than the one to be set.

Setup calls (setup/ajax.dataloader.php and webservices/backoffice.dataloader.php) were left as is as they weren't subject to this bug, and also they are more complex (logging done on each case).
 2021-05-25 12:03:19 +02:00
bruno-ds
0b95220d1b N°3466 - Add (missing) translations 2021-02-16 09:46:04 +01:00
Pierre Goiffon
1304e2eb2d N°3416 Updates after code review v2 :) 2020-12-04 08:51:07 +01:00
Pierre Goiffon
cece15d10c N°3416 Updates after code review 
Many thanks @bruno-ds !
* add comments to explain intentions
* fix indentations
 2020-12-03 17:45:44 +01:00
Pierre Goiffon
b9ca2ac13d N°3416 Fix DocumentFile preview not working anymore 
Was caused by X-Frame-Options http header added with N°3317

(cherry picked from commit 35d77ff642)

# Conflicts:
#	pages/ajax.render.php
 2020-12-03 08:20:51 +01:00
Pierre Goiffon
ecebe4ecd5 N°3416 XFrame and cache headers optimizations 
* Remove XFrame header set in \WebPage::no_cache : not this method responsability, was confusing :/
* Remove no_cache() calls when already set in page constructor (ajax_page mainly)
* Also calls everywhere the \WebPage::no_cache method instead of setting headers manually
 2020-12-02 17:19:05 +01:00
Pierre Goiffon
8bfcb14d0c N°3416 XFrame-Options header is now set using a config parameter, defaults to SAMEORIGIN 
Also adds an indirection (\WebPage::add_xframe_options) to set header
 2020-12-02 17:17:11 +01:00