Commit Graph

740 Commits

Author SHA1 Message Date
Jeremy Quinton d07ecc79d1 leave the order reference at 5 characters for now 2018-10-16 20:53:36 +02:00
Jeremy Quinton 31820bcf68 Merge pull request #471 from publicarray/improve-upstream
Improve upstream
2018-10-16 20:49:52 +02:00
Jeremy Quinton b85b0db71b Merge pull request #481 from Attendize/fix-password-reset
fixes #470
2018-10-03 13:06:59 +02:00
Jeremy Quinton b65ddbe436 corrected small typo 2018-10-02 19:36:15 +02:00
Jeremy Quinton 4e15d1e85d fixes #470
Fixes the forgotten password link
2018-10-02 17:29:57 +02:00
Sam Bell 8a881f2166 Change master view reference on test mailer 2018-10-02 13:36:10 +01:00
Sebastian Schmidt 7bae63a5e9 Merge branch 'master' into improve-upstream 2018-10-02 21:23:17 +10:00
Sebastian Schmidt f6a4f3aefd cleanup 2018-10-02 21:21:22 +10:00
Sebastian Schmidt d6c45ee8cf Fix undefined $appendedText
* Fixes https://github.com/Attendize/Attendize/issues/466
* Remove todo
2018-10-02 21:21:22 +10:00
Sebastian Schmidt 32acb9c4a0 Generate longer reference numbers 2018-10-02 21:21:22 +10:00
Sebastian Schmidt cc96e271af update guzzle for php 7.2 support
* Also update doctrine/dbal
2018-10-02 21:21:22 +10:00
Sebastian Schmidt b1a4b66da6 Secure external resourses with RSI
* Specify language in html tag
* Remove an empty script tag (when no google analytics )
2018-10-02 21:21:22 +10:00
Sebastian Schmidt 13476d9cff Fix infinity symbol by useing a utf-8 char 2018-10-02 21:21:22 +10:00
Sebastian Schmidt 9f16beaca3 Fix check-in camera re-init after closing
* Fixes https://github.com/Attendize/Attendize/issues/391
2018-10-02 21:06:44 +10:00
Sebastian Schmidt 36c93dd7c9 Cleanup unused styles
* Remove non existent image (404)
2018-10-02 21:06:44 +10:00
Sebastian Schmidt f44096e21c Fix SimpleMDE editor when in fullscreen 2018-10-02 21:06:44 +10:00
Sebastian Schmidt 7c7942f4b0 Hide ID: on ticket if the tax system is disabled 2018-10-02 21:06:44 +10:00
Sebastian Schmidt 08b8e590d8 Whitespace composer.json 2018-10-02 21:06:44 +10:00
Sebastian Schmidt d4c7214cc4 Allow more decimal points for currency input
Service/Organiser Fees
2018-10-02 21:06:44 +10:00
Jeremy Quinton 815baa7526 Merge pull request #479 from Attendize/add-ssl-support
Add self signed cert to Nginx
2018-10-02 12:25:17 +02:00
Jeremy Quinton 287881b64c add self signed cert to ngix 2018-11-04 21:45:13 +02:00
Jeremy Quinton ea53c20e76 Merge pull request #478 from publicarray/fix-vulns
Fix vulnerabilities
2018-10-02 12:13:15 +02:00
Jeremy Quinton ed827d5221 Merge pull request #448 from scottybo/master
Fix issue where taxamt not set after import
2018-10-02 11:09:41 +02:00
Jeremy Quinton 3b850479e4 Merge pull request #476 from Attendize/strip_html_tags
Fix xss vulnerability
2018-10-02 10:32:52 +02:00
Jeremy Quinton 7772df3300 added strip tags 2018-11-04 21:41:12 +02:00
Jeremy Quinton 861c2f5434 use strip tags instead of validator 2018-11-04 21:39:05 +02:00
Jeremy Quinton 3868bd4e9e Fixed small publish event link 2018-11-04 21:34:28 +02:00
Jeremy Quinton 703ad37ef5 Prevent xss
1) added better validation across all user input both for the operator of Attendize and end user.
2) Remove html from translations so {{ }} can be used instead of {!! !!} as its more secure.
2018-11-04 21:30:08 +02:00
Jeremy Quinton b62e41265f strip html tags as the string is not escaped by blade 2018-11-04 21:26:55 +02:00
Jeremy Quinton 1eae6cce01 remove any html tags on user input 2018-11-04 21:24:03 +02:00
Jeremy Quinton bdcd12ca28 Merge branch 'master' of https://github.com/Attendize/Attendize 2018-11-04 21:21:01 +02:00
Jeremy Quinton c604d08e8d Fixed license references throughout codebase 2018-11-04 21:12:11 +02:00
Jeremy Quinton d4057e9241 updated license reference 2018-11-04 21:09:26 +02:00
Jeremy Quinton 09335d7aee added image reference 2018-11-04 21:06:17 +02:00
Jeremy Quinton e8d69469be remove migs and coinbase as default gateways 2018-11-04 20:50:24 +02:00
Jeremy Quinton c26bc6b2df fixes bug where sales volume is not incremented correctly 2018-11-04 20:39:42 +02:00
Sebastian Schmidt 0b831955f2 Fix a DoS or even PrivEsc vuln on POST /install
POST on /install must not respond when already installed. Denial of Service and possibly Privilege Escalation by changing the database/mail server
2018-10-02 18:23:33 +10:00
Sebastian Schmidt 5cdfe7151b Fix XSS vulnerability on QR code scanner 2018-10-02 18:15:58 +10:00
Jeremy Quinton 510bdefec2 Merge pull request #475 from dsnap1993/master
fix bug where postMessageOrder gets datas of orders table
2018-09-28 19:46:48 +02:00
dsnap1993 d6bada6382 fix bug where postMessageOrder gets datas of orders table 2018-09-29 01:15:57 +09:00
Sebastian Schmidt f7c5a97b98 Update artisan from upstream 2018-09-22 13:04:58 +10:00
Sebastian Schmidt d58672cc41 fixes https://github.com/Attendize/Attendize/issues/327 2018-09-22 13:04:57 +10:00
Sebastian Schmidt faca37e3d2 Improve private_reference_number randomniss 2018-09-22 13:03:19 +10:00
Sebastian Schmidt 6ad529d578 Fix php 7.2 support when ordering tickets 2018-09-22 13:03:19 +10:00
Sebastian Schmidt 2458765463 Increase min password lenght to 8 chars
> Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. All printing ASCII [RFC 20] characters as well as the space character SHOULD be acceptable in memorized secrets. Unicode [ISO/ISC 10646] characters SHOULD be accepted as well. To make allowances for likely mistyping, verifiers MAY replace multiple consecutive space characters with a single space character prior to verification, provided that the result is at least 8 characters in length. Truncation of the secret SHALL NOT be performed. For purposes of the above length requirements, each Unicode code point SHALL be counted as a single character.

https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
2018-09-22 13:03:19 +10:00
Sebastian Schmidt c991941ef3 Update session preferences from upstream 2018-09-22 13:03:19 +10:00
Sebastian Schmidt 9365d74567 Cleanup and http -> https 2018-09-22 13:03:19 +10:00
Jeremy Quinton abd23bd703 Merge pull request #460 from Attendize/fix-date-off-by-one
Fixes #414 #450 #434
2018-09-15 23:33:02 +02:00
Jeremy Quinton c3cd0a60c7 fixes #414 #450 #434 2018-11-04 21:02:41 +02:00
Jeremy Quinton 3dd673b1ec Merge pull request #457 from Attendize/escape-translations-correctly
Replace lang with trans and escape html correctly for various views
2018-09-11 21:22:54 +02:00