Jeremy Quinton
d07ecc79d1
leave the order reference at 5 characters for now
2018-10-16 20:53:36 +02:00
Jeremy Quinton
31820bcf68
Merge pull request #471 from publicarray/improve-upstream
...
Improve upstream
2018-10-16 20:49:52 +02:00
Jeremy Quinton
b85b0db71b
Merge pull request #481 from Attendize/fix-password-reset
...
fixes #470
2018-10-03 13:06:59 +02:00
Jeremy Quinton
b65ddbe436
corrected small typo
2018-10-02 19:36:15 +02:00
Jeremy Quinton
4e15d1e85d
fixes #470
...
Fixes the forgotten password link
2018-10-02 17:29:57 +02:00
Sam Bell
8a881f2166
Change master view reference on test mailer
2018-10-02 13:36:10 +01:00
Sebastian Schmidt
7bae63a5e9
Merge branch 'master' into improve-upstream
2018-10-02 21:23:17 +10:00
Sebastian Schmidt
f6a4f3aefd
cleanup
2018-10-02 21:21:22 +10:00
Sebastian Schmidt
d6c45ee8cf
Fix undefined $appendedText
...
* Fixes https://github.com/Attendize/Attendize/issues/466
* Remove todo
2018-10-02 21:21:22 +10:00
Sebastian Schmidt
32acb9c4a0
Generate longer reference numbers
2018-10-02 21:21:22 +10:00
Sebastian Schmidt
cc96e271af
update guzzle for php 7.2 support
...
* Also update doctrine/dbal
2018-10-02 21:21:22 +10:00
Sebastian Schmidt
b1a4b66da6
Secure external resourses with RSI
...
* Specify language in html tag
* Remove an empty script tag (when no google analytics )
2018-10-02 21:21:22 +10:00
Sebastian Schmidt
13476d9cff
Fix infinity symbol by useing a utf-8 char
2018-10-02 21:21:22 +10:00
Sebastian Schmidt
9f16beaca3
Fix check-in camera re-init after closing
...
* Fixes https://github.com/Attendize/Attendize/issues/391
2018-10-02 21:06:44 +10:00
Sebastian Schmidt
36c93dd7c9
Cleanup unused styles
...
* Remove non existent image (404)
2018-10-02 21:06:44 +10:00
Sebastian Schmidt
f44096e21c
Fix SimpleMDE editor when in fullscreen
2018-10-02 21:06:44 +10:00
Sebastian Schmidt
7c7942f4b0
Hide ID: on ticket if the tax system is disabled
2018-10-02 21:06:44 +10:00
Sebastian Schmidt
08b8e590d8
Whitespace composer.json
2018-10-02 21:06:44 +10:00
Sebastian Schmidt
d4c7214cc4
Allow more decimal points for currency input
...
Service/Organiser Fees
2018-10-02 21:06:44 +10:00
Jeremy Quinton
815baa7526
Merge pull request #479 from Attendize/add-ssl-support
...
Add self signed cert to Nginx
2018-10-02 12:25:17 +02:00
Jeremy Quinton
287881b64c
add self signed cert to ngix
2018-11-04 21:45:13 +02:00
Jeremy Quinton
ea53c20e76
Merge pull request #478 from publicarray/fix-vulns
...
Fix vulnerabilities
2018-10-02 12:13:15 +02:00
Jeremy Quinton
ed827d5221
Merge pull request #448 from scottybo/master
...
Fix issue where taxamt not set after import
2018-10-02 11:09:41 +02:00
Jeremy Quinton
3b850479e4
Merge pull request #476 from Attendize/strip_html_tags
...
Fix xss vulnerability
2018-10-02 10:32:52 +02:00
Jeremy Quinton
7772df3300
added strip tags
2018-11-04 21:41:12 +02:00
Jeremy Quinton
861c2f5434
use strip tags instead of validator
2018-11-04 21:39:05 +02:00
Jeremy Quinton
3868bd4e9e
Fixed small publish event link
2018-11-04 21:34:28 +02:00
Jeremy Quinton
703ad37ef5
Prevent xss
...
1) added better validation across all user input both for the operator of Attendize and end user.
2) Remove html from translations so {{ }} can be used instead of {!! !!} as its more secure.
2018-11-04 21:30:08 +02:00
Jeremy Quinton
b62e41265f
strip html tags as the string is not escaped by blade
2018-11-04 21:26:55 +02:00
Jeremy Quinton
1eae6cce01
remove any html tags on user input
2018-11-04 21:24:03 +02:00
Jeremy Quinton
bdcd12ca28
Merge branch 'master' of https://github.com/Attendize/Attendize
2018-11-04 21:21:01 +02:00
Jeremy Quinton
c604d08e8d
Fixed license references throughout codebase
2018-11-04 21:12:11 +02:00
Jeremy Quinton
d4057e9241
updated license reference
2018-11-04 21:09:26 +02:00
Jeremy Quinton
09335d7aee
added image reference
2018-11-04 21:06:17 +02:00
Jeremy Quinton
e8d69469be
remove migs and coinbase as default gateways
2018-11-04 20:50:24 +02:00
Jeremy Quinton
c26bc6b2df
fixes bug where sales volume is not incremented correctly
2018-11-04 20:39:42 +02:00
Sebastian Schmidt
0b831955f2
Fix a DoS or even PrivEsc vuln on POST /install
...
POST on /install must not respond when already installed. Denial of Service and possibly Privilege Escalation by changing the database/mail server
2018-10-02 18:23:33 +10:00
Sebastian Schmidt
5cdfe7151b
Fix XSS vulnerability on QR code scanner
2018-10-02 18:15:58 +10:00
Jeremy Quinton
510bdefec2
Merge pull request #475 from dsnap1993/master
...
fix bug where postMessageOrder gets datas of orders table
2018-09-28 19:46:48 +02:00
dsnap1993
d6bada6382
fix bug where postMessageOrder gets datas of orders table
2018-09-29 01:15:57 +09:00
Sebastian Schmidt
f7c5a97b98
Update artisan from upstream
2018-09-22 13:04:58 +10:00
Sebastian Schmidt
d58672cc41
fixes https://github.com/Attendize/Attendize/issues/327
2018-09-22 13:04:57 +10:00
Sebastian Schmidt
faca37e3d2
Improve private_reference_number randomniss
2018-09-22 13:03:19 +10:00
Sebastian Schmidt
6ad529d578
Fix php 7.2 support when ordering tickets
2018-09-22 13:03:19 +10:00
Sebastian Schmidt
2458765463
Increase min password lenght to 8 chars
...
> Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. All printing ASCII [RFC 20] characters as well as the space character SHOULD be acceptable in memorized secrets. Unicode [ISO/ISC 10646] characters SHOULD be accepted as well. To make allowances for likely mistyping, verifiers MAY replace multiple consecutive space characters with a single space character prior to verification, provided that the result is at least 8 characters in length. Truncation of the secret SHALL NOT be performed. For purposes of the above length requirements, each Unicode code point SHALL be counted as a single character.
https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
2018-09-22 13:03:19 +10:00
Sebastian Schmidt
c991941ef3
Update session preferences from upstream
2018-09-22 13:03:19 +10:00
Sebastian Schmidt
9365d74567
Cleanup and http -> https
2018-09-22 13:03:19 +10:00
Jeremy Quinton
abd23bd703
Merge pull request #460 from Attendize/fix-date-off-by-one
...
Fixes #414 #450 #434
2018-09-15 23:33:02 +02:00
Jeremy Quinton
c3cd0a60c7
fixes #414 #450 #434
2018-11-04 21:02:41 +02:00
Jeremy Quinton
3dd673b1ec
Merge pull request #457 from Attendize/escape-translations-correctly
...
Replace lang with trans and escape html correctly for various views
2018-09-11 21:22:54 +02:00