mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-23 18:28:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
3475 commits 6 branches 60 tags 68 MiB
Commit graph

3475 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jan Böhmer
6ff60e556e Properly escape user provided data in trans with data to prevent possible XSS attack vectors. 2023-02-26 00:41:08 +01:00
Jan Böhmer
5b7f44f4ea
Merge pull request #225 from sascha988/patch-2 
vulnerability XSS fix
 2023-02-25 23:47:48 +01:00
Sascha Lenk
dc906bfb0f
vulnerability XSS fix 
The "trans with" command is not automatically escaping the string, so this is a XSS (Cross-Site Scripting) vulnerability.
Tested string: https://URL-TO-PART-DB-SERVER/de/parts/search?keyword=%22'%3E%3Cqss%20a%3D X147208852Y1_1Z%3E

QUALYS Enterprise WAS Scan Report classifies this as level 5 security risk
 2023-02-25 22:42:03 +01:00
Jan Böhmer
b70c9d4f00
Merge pull request #223 from sascha988/patch-1 
Translated parts_list.search.searching_for
 2023-02-25 21:06:44 +01:00
Sascha
03e0584279
Translated parts_list.search.searching_for 
Translated english text string parts_list.search.searching_for into german.
 2023-02-25 21:05:00 +01:00
Jan Böhmer
960ee342e4 Moved all user info updating logic into SAMLUserFactory 2023-02-24 00:12:44 +01:00
Jan Böhmer
f5a5114999 Fixed PHPunit tests 2023-02-23 23:43:01 +01:00
Jan Böhmer
e6d9237bda Allow to specify a user by username or email with set-password commannd 2023-02-23 23:39:29 +01:00
Jan Böhmer
c831d57614 Added an console command to convert local to SAML users and vice versa 2023-02-23 23:36:40 +01:00
Jan Böhmer
c5904303e3 Allow to configure SAML via env variables 2023-02-22 00:50:51 +01:00
Jan Böhmer
586a57c2c9 Allow X500 attributes for user info and added some tests 2023-02-21 23:41:02 +01:00
Jan Böhmer
91fb861fd3 Use login form page to show error messages on Part-DB side 2023-02-21 23:11:16 +01:00
Jan Böhmer
b13655e951 Prevent login of local users via SSO with the same username 2023-02-21 22:36:43 +01:00
Jan Böhmer
e064ee4263 Prevent change of password of SAML users via CLI 2023-02-21 21:58:27 +01:00
Jan Böhmer
60f926924b Add a specific role to SAML user 2023-02-21 00:42:03 +01:00
Jan Böhmer
97c3b9002a Mark SAML users as so in database and disable local password changing then. 2023-02-21 00:29:50 +01:00
Jan Böhmer
78ec0f1ea3 Create a new DB user when somebody logs in using SAML 2023-02-20 23:04:20 +01:00
Jan Böhmer
c0b74d83a5 Started to work on interfacing with keycloak 2023-02-20 22:10:24 +01:00
Jan Böhmer
9dd172df98
Bumped version to 1.0.1 release 2023-02-20 12:26:23 +01:00
Jan Böhmer
d3659858eb Updated dependencies 2023-02-20 00:57:00 +01:00
Jan Böhmer
b637f5c3dd Exempt label dialog PDF preview from darkmode blending 
It should show real colors, instead of the darkmode
 2023-02-20 00:26:56 +01:00
Jan Böhmer
05ab3c3b7b Fixed image display style for odd shaped (very small) images. 2023-02-20 00:24:12 +01:00
Jan Böhmer
f9d5a9a3b5 Fixed problem with failing foreign key constraints on preview pic (2/2) 2023-02-20 00:09:23 +01:00
Jan Böhmer
82aec6f1ee Fixed problem with failing foreign key constraints on preview pic (1/2) 2023-02-20 00:06:00 +01:00
Jan Böhmer
c39a9a4da7 Added checkbox in parts table header to quickly select/unselect all parts 2023-02-19 23:04:51 +01:00
Jan Böhmer
9d1cd0477a Fixed problems with non-unique prototype names when using nested collection type, which prevented to create nested entries with mulitple new sub entries. 
We now use a unique prototype name for every collection field. This fixes issue #219
 2023-02-19 22:39:26 +01:00
Jan Böhmer
1e998fccbb Put delete option on multiaction select in its own optgroups so it does not look like it belongs to the project optgroup 2023-02-19 21:58:55 +01:00
Jan Böhmer
2fcd48d4f2 Fixed error when cloning an label profile 
An attachment type with the same ID was retrieved from the DB, which was not cloneable for the form...
 2023-02-19 21:56:10 +01:00
Jan Böhmer
4e79bb120a Bumped version to 1.0.1-dev 2023-02-19 21:46:27 +01:00
Jan Böhmer
2d85734703 Use having clause for part amountSum filter constraint 
This fixes issue #218
 2023-02-19 21:45:38 +01:00
Jan Böhmer
ccb0ac63e1 Updated list of missing features in upgrade docs. 2023-02-16 01:22:40 +01:00
Jan Böhmer
e47b5090c7 Removed the double composer install command from assets artifact build action 2023-02-13 00:55:35 +01:00
Jan Böhmer
4f51b70540 Renamed assets artifact build action 2023-02-13 00:52:30 +01:00
Jan Böhmer
19af268efe Bumped version to 1.0.0 2023-02-13 00:51:38 +01:00
Jan Böhmer
a32d5625f2 Merge remote-tracking branch 'origin/l10n_master' 2023-02-13 00:50:12 +01:00
Jan Böhmer
da97a10033 Added action to build artifacts 2023-02-13 00:49:58 +01:00
Jan Böhmer
43137043cf New translations messages.en.xlf (English) 2023-02-13 00:39:07 +01:00
Jan Böhmer
67aa6dd7e4 Do not run actions on localization branches 
This often fails and causes a lot of email traffic...
 2023-02-13 00:34:13 +01:00
Jan Böhmer
c4757fcba7 Added link to demo and docker image to README header 2023-02-12 23:55:23 +01:00
Jan Böhmer
54292dacbd
Added screenshots to README.md 2023-02-12 23:52:38 +01:00
Jan Böhmer
5ba37d88f4 Croped one of the screenshot 2023-02-12 23:51:53 +01:00
Jan Böhmer
5905b51025 Added some screenshots for README.md 2023-02-12 23:48:05 +01:00
Jan Böhmer
db1ee28244 Updated yarn dependencies. 2023-02-12 23:40:36 +01:00
Jan Böhmer
ee2ea6cd01 Merge remote-tracking branch 'origin/l10n_master' 2023-02-12 23:37:13 +01:00
Jan Böhmer
b8171f99ba Improved README and docs 2023-02-12 23:37:09 +01:00
Jan Böhmer
9b6fa2768f New translations messages.en.xlf (English) 2023-02-12 23:24:03 +01:00
Jan Böhmer
fe69e1a863 New translations messages.en.xlf (German) 2023-02-12 23:24:00 +01:00
Jan Böhmer
421f2682d6 Improved documentation 2023-02-12 23:23:38 +01:00
Jan Böhmer
d219851143 Only tag releases as docker latest 2023-02-12 21:47:24 +01:00
Jan Böhmer
cabd632f4a Merge remote-tracking branch 'origin/l10n_master' 2023-02-12 21:39:14 +01:00