Permalink
Switch branches/tags
Commits on Apr 25, 2004
Commits on Apr 24, 2004
Commits on Apr 23, 2004
  1. * Fix the long-standing "page [cgi mv_data_table] not found" error on

    perusionmike committed Apr 23, 2004
      return from meta_editor.
Commits on Apr 22, 2004
  1. * Add Interchange::Link, a mod_perl 1.99/2.0 link program.

    perusionmike committed Apr 22, 2004
    * Documentation embedded in module, and also in README.
  2. Update ui-version.

    jonjensen committed Apr 22, 2004
Commits on Apr 21, 2004
Commits on Apr 20, 2004
  1. translation added

    racke committed Apr 20, 2004
  2. merge 5.1.1 changelog entry

    racke committed Apr 20, 2004
  3. missing <p> tag added

    racke committed Apr 20, 2004
  4. merged changes 1.1 vs 1.1.2.1

    racke committed Apr 20, 2004
    +++ 1.1.2.1 +++
    added Russian translation of debconf templates (Closes: #137663)
Commits on Apr 19, 2004
  1. * Add NN$ to the filter spec for length, shows only last NN characters

    perusionmike committed Apr 19, 2004
      of string preceded by a fake ... ellipsis.
    
    	[filter 10]A long string that needs truncating.[/filter]
    	[filter 10.]A long string that needs truncating.[/filter]
    	[filter 10$]A long string that needs truncating.[/filter]
    
      Produces
    
    	A long str
    	A long str...
    	...runcating.
    
      I thought about .NN, but it didn't seem as logical to my Perlish mind.
  2. EFSNet payment module added

    racke committed Apr 19, 2004
Commits on Apr 18, 2004
  1. * Re-created the missing 5.0.1 entries.

    Kevin Walsh committed Apr 18, 2004
  2. * Commented out the ::logDebug() calls.

    Kevin Walsh committed Apr 18, 2004
Commits on Apr 17, 2004
Commits on Apr 16, 2004
  1. * Vend::Payment::EFSNet module, written and donated by Chris

    Kevin Walsh committed Apr 16, 2004
    	  Wenham of Synesmedia with the following text:
    
    	  -----------------------------------------------------------------
    	  The following module interfaces to Concord EFSNet's credit card
    	  gateway (http://www.concordefsnet.com/) and is being donated to
    	  the community under the GPL.  I built it by copying the
    	  Authorize.Net module and modifying it to EFSNet's spec, but it
    	  supports sale, auth, settle, capture, void, return and credit.
    
    	  This module has been certified by EFSNet as version 1.1.0, so if
    	  you make any non-trivial changes you'll need to go through their
    	  certification process again. I can provide the certification
    	  letters I received, upon request, if you need them.
    	  -----------------------------------------------------------------
    
    	  Thanks Chris!
  2. * Remove security hole where by a non-admin user with write permission

    perusionmike committed Apr 16, 2004
      to files for ITL could elevate their login status to admin.
    
    	logout=[userdb logout]
    	[calc]
    		$Config->{AdminUserDB}{default} = 1;
    	[/calc]
    
    	login=[userdb function=login username=mike password=pass]
    
      This would cause setting of $Vend::admin.
    
    * Create a new %Global::ReadOnlyCfg hash with the pristine
      values from the initial configuration. At catalog configuration
      time, the values from AdminUserDB and UserDB_repository are
      copied over.
    
    * The UserDB login function now references the read-only config
      to determine admin status.
    
    * TODO: Make all UserDB.pm functions reference this read-only config.
    
    * Not from an exploit, from a code read.
    
    * TODO: Determine if 5.0 and/or 5.2 should be patched.
  3. * Fix security hole. A user, should they be able to execute embedded …

    perusionmike committed Apr 16, 2004
    …Perl,
    
      could do
    
      		delete $Config->{AdminUserDB};
    
      and then log in as an admin.
    
      No known exploits, just from a code read. There is still a hole, as
      we need to set some of these values read-only, but this will help.
Commits on Apr 15, 2004