32667285a8
fix: update test for DateTime parse errors to work in php8.2
...
check if getLastErrors() returns a false bool, rather than specific
array elements, as this throws an error in php8.2 if there are no
errors returned.
2023-01-12 18:13:44 -08:00
4b76bc5b32
Use a HMAC to sign and validate CSRF tokens, instead of generating random ones and storing them in the session data
...
* Use a HMAC to sign and validate CSRF tokens, instead of generating random
ones and storing them in the session data. Reduces number of writes to
sessions table and fixes kanboard issue #4942 .
* Added missing CSRF check for starting/stopping subtask timers.
Co-authored-by: Willemijn Coene <willemijn@irdc.nl>
2022-09-17 17:23:41 -07:00
b433519686
Rename default branch from master to main
2022-08-11 21:57:19 -07:00
4bf3b0d459
Fix various compatibility issues with PHP 8
2022-02-08 22:20:20 -08:00
f5bb55bdb8
PHP 8 Compatibility
2022-02-05 11:49:03 -08:00
76a81d0675
Enable external group synchronization deactivation.
2021-09-24 13:38:41 -07:00
71123b0f37
Add missing CSRF checks
2021-06-05 14:59:12 -07:00
31ce583743
Write RememberMe cookie only after 2FA has been validated
2021-04-04 17:57:47 -07:00
b08760c5fc
Avoid warning when removing plugin zip archive
2021-04-04 15:17:08 -07:00
a267aa368b
Add new analytic component "Estimated vs actual time per column"
2021-02-21 20:22:45 -08:00
d382e2e4be
LDAP protocol/host/port configuration by URL; make BASE_DN optional
...
PHP ldap_connect($host, $port) function signature is deprecated: https://www.php.net/manual/en/function.ldap-connect.php
Querying an AD Global Catalog across an entire forest requires an empty base DN
2021-02-03 18:49:50 -08:00
ac224fa178
Added an option to send a copy of all generated e-mails to a BCC address
2020-12-07 19:49:41 -08:00
4d1205a0fe
Don't force role of user if no ldap groups defined
...
We should not force role of user on LDAP logins if there are not Manager/Admin groups defined, return null to get the one from database as before.
2020-12-02 22:44:39 -08:00
e3e9cabd8b
Added setting that makes possible any new LDAP user to be Manager by default
2020-10-04 12:11:07 -07:00
b24d05df76
Add aria-label to user mention
2020-10-04 10:43:18 -07:00
33c3b32cda
Allow email to be retrieve by SSO ReverseProxy
...
If REMOTE_EMAIL header is set, use it as user email.
If REVERSE_PROXY_DEFAULT_DOMAIN is set but not REMOTE_EMAIL, use the current construct.
2020-08-28 22:59:59 -07:00
26618f525b
Add option to configure SMTP HELO hostname
2020-07-07 20:39:23 -07:00
6c4665b3ca
Add new config parameter SESSION_HANDLER
2020-07-06 21:30:27 -07:00
8777fc7561
Added PUT method using CURLOPT_CUSTOMREQUEST
2020-06-14 11:45:42 -07:00
9e1e4ea381
Allow use of the user's DN as the group filter substitution
2020-05-21 20:57:30 -07:00
027f875ac6
Save task list order in user session
2020-04-22 20:40:39 -07:00
490bcd17d8
Add new event subtask.create_update
2020-04-05 14:50:11 -07:00
64397f45fa
Kanboard now requires PHP >= 7.2 since other versions are deprecated
2020-01-14 12:02:31 -08:00
35602c0880
Change string indexing from {0} to [0] (deprecated in PHP 7.4)
2019-11-09 11:46:53 -08:00
216f2dee12
Add project ID to ExternalTaskProviderInterface::fetch()
2019-07-30 12:58:36 -07:00
1a39c46620
Save thumbnails as PNG to allow transparency
2019-07-10 13:12:02 -07:00
9eb42aae33
Add missing curl_close()
2019-06-04 16:40:58 -07:00
4ebcf84d47
Display cURL error message in logs
2019-06-04 15:57:07 -07:00
b26776e529
Add cURL support to HTTP Client
...
- Add HTTP_PROXY_EXCLUDE option when cURL is used
- Show HTTP client backend in about page
- Fallback to legacy Stream Contexts if cURL extension is not available
2019-06-03 20:00:49 -07:00
d6ffe08aeb
Add Auto-Submitted E-mail header as per RFC 8384
2019-04-27 21:06:20 -07:00
0295388461
Add new actions to reorder tasks by column
2019-02-08 13:53:13 -08:00
233fd1a8a1
Authorize only API tokens when 2FA is enabled
2019-02-01 15:40:35 -08:00
83deec2e36
Avoid XSS in pagination ordering
2019-01-30 22:05:43 -08:00
c06a110830
Reduce number of SQL queries when doing groups sync
2018-10-02 15:15:23 -07:00
1268c0023d
Avoid PHP error in Markdown parser
...
parent::inlineLink() could returns null or an array.
Bug introduced in commit c44880a
2018-08-15 10:57:45 -07:00
c44880a588
Exclude task links and user mentions from nesting
2018-07-25 15:07:34 -07:00
29b1357cd2
Make HTTP client timeout configurable
2018-07-05 14:39:58 -07:00
6ae97d399d
Improve dashboard pagination
2018-05-09 11:21:57 -07:00
2d2b50d5dc
Remove all attachments when removing a project
2018-04-27 14:32:58 -07:00
bb406d57b1
Update Parsedown library
2018-04-20 16:05:50 -07:00
c84378648f
Fallback to "status:open" if there is no user filter
2018-04-02 19:18:11 -07:00
5f7a3442d6
Add default filter per user
2018-04-02 14:07:04 -07:00
5d908b4c70
Add thumbnail quality parameter (default to 95)
2018-03-12 10:33:36 -07:00
d34a5c50c4
Fix role precedence in LDAP integration
2018-03-08 13:20:33 -08:00
a66d080698
Add author name and email arguments to mail send client
2018-03-06 10:43:18 -08:00
95ac11a6aa
Add system log driver and use it by default
2018-03-05 13:34:04 -08:00
299198f718
Move SimpleLogger lib into app source tree
2018-03-05 12:04:28 -08:00
f92eb448cb
Add response body to InvalidStatusException
2018-03-02 13:41:37 -08:00
ebe04e672c
Improve HTTP client to raise exceptions
2018-03-02 12:05:41 -08:00
b096e907cf
Run SessionHandler::write() into a transaction
2018-02-13 15:06:51 -08:00
Joe Nahmias
irdc
Frédéric Guillot
Erwan Colin
Patrick Kuijvenhoven
operateur404
Harry Kakoulidis
Eskiso
JayBeeDe
Michael Vickers
mildis
sxntxn
Matthias Straka
wilypomegranate
Timo
Lőrinczy, Zsigmond
KN4CK3R
cl0ne
Aurélien
Gero Müller
DebianRoxx
Rens