Skip to content

Login Security #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 2, 2012
Merged

Login Security #13

merged 2 commits into from
Feb 2, 2012

Conversation

@driusan
Copy link
Collaborator

@driusan driusan commented Jan 31, 2012

This patch fixes a security vulnerability in Loris caused by the fact that the login page uses string concatenation instead of prepared statements to select from the users table.

It also deletes a legacy section of code that says "!!! DELETE ONCE ALL PASSWORDS HAVE BEEN SET TO MD5 SALTS", because as far as I can tell all passwords have been set to MD5 salts.

samirdas added a commit that referenced this pull request Feb 2, 2012
@samirdas
Merge pull request #13 from driusan/LoginSecurity
72470d9 
Approved by Loris Committee
@samirdas samirdas merged commit 72470d9 into aces:master Feb 2, 2012
Jkat referenced this pull request in Jkat/Loris Oct 21, 2014
@samirdas
Merge pull request #13 from cmadjar/Files_Security_Fix
9b39efe 
Files security fix
@driusan driusan added Language: SQL PR or issue that update SQL code Category: Cleanup PR or issue introducing/requiring at least one clean-up operation and removed Language: SQL PR or issue that update SQL code labels Dec 16, 2014
davidblader added a commit to davidblader/Loris that referenced this pull request Feb 23, 2017
@davidblader
Merge pull request aces#13 from davidblader/dashboard_study_tracker
39e5111 
Dashboard study tracker
ZainVirani added a commit to ZainVirani/Loris that referenced this pull request Aug 16, 2017
@ZainVirani @jacobpenny
readme updates, handle evaluator errors (aces#13)
39623aa 
* new php parser

* parser updates

* parser bug fixes + unit tests

* fixed datediff

* new php parser

* parser updates

* parser bug fixes + unit tests

* fixed datediff

* datediff fix

* dated

* ?

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* handling Evaluator errors
cmadjar referenced this pull request in cmadjar/Loris Apr 24, 2019
@Jkat
Merge pull request #13 from johnsaigle/PreventAD-open4
bde276f 
Add noopener and noreferrer to external links
@jftunteng jftunteng added this to the PRE 20.0.0 milestone Jan 7, 2020
HenriRabalais referenced this pull request in HenriRabalais/Loris Feb 17, 2020
@zaliqarosli
Merge pull request #13 from zaliqarosli/2020-02-06-FixInstrumentCompl…
45b68fc 
…etionProgressBar

[Instrument/LINST] Populate $_requiredElements array for completion progress
@laemtl laemtl mentioned this pull request Jun 29, 2020
Closed
laemtl pushed a commit to laemtl/Loris that referenced this pull request Nov 5, 2020
@ridz1208
Merge pull request aces#13 from ridz1208/change_default_module
44e2b17 
Change default module
@kongtiaowang kongtiaowang mentioned this pull request Feb 17, 2021
Closed
@kongtiaowang kongtiaowang mentioned this pull request Apr 12, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Category: Cleanup PR or issue introducing/requiring at least one clean-up operation

Projects

None yet

Milestone

PRE 20.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@driusan @samirdas @jftunteng