AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,454 Commits 2 Branches 0 Tags 86 MiB
Commit Graph

416 Commits

Author SHA1 Message Date
Frédéric Guillot e08335e0b1 Upgrade Docker image to PHP 8.2 2023-05-18 21:20:55 -07:00
Frédéric Guillot aade89c9ba Add Themes: Dark, light and automatic mode 2023-05-14 21:14:35 -07:00
Frédéric Guillot 463dfbf4fe Fix incorrect parameter encoding when using URLs rewriting 
A parameter with quotes or other special characters should be url encoded.

Incorrect encoding could happen when using search queries like this one:

modified:">=2023-04-01"
 2023-04-19 21:37:19 -07:00
Frédéric Guillot d3f38d1bf2 Add support for task links in Markdown headings 
If a text block matches #(\d+) it will be interpreted as a task link instead
of a heading.

Closes #5017
 2023-04-18 21:17:45 -07:00
Frédéric Guillot 0b1c2011ed Restore all previously loaded translations when sending user notifications 
Fixes #5087
 2023-04-11 21:09:01 -07:00
Frédéric Guillot ae7bc0b74d Regenerate session ID after successful authentication 
Closes #5141
 2023-04-10 22:08:57 -07:00
Frédéric Guillot 4adb93c1a6 Use SESSION_DURATION option to define the session lifetime stored in the 
database

The option `SESSION_DURATION` is used to define the cookie lifetime.

With this change, Kanboard will try to use first `SESSION_DURATION` instead of the
default `session.gc_maxlifetime` value.

Fixes #4340
 2023-04-10 21:38:09 -07:00
peter af8159b4bb Allow full name to be retrieved by SSO ReverseProxy 
Expand on #4585 by also getting the user's full name from the Reverse Proxy:
If a ReverseProxy provides more than REMOTE_USER, such as email, it might
as well also provide the user's full name.
 2023-02-18 17:28:39 -08:00
Joe Nahmias 32667285a8 fix: update test for DateTime parse errors to work in php8.2 
check if getLastErrors() returns a false bool, rather than specific
array elements, as this throws an error in php8.2 if there are no
errors returned.
 2023-01-12 18:13:44 -08:00
irdc 4b76bc5b32
Use a HMAC to sign and validate CSRF tokens, instead of generating random ones and storing them in the session data 
* Use a HMAC to sign and validate CSRF tokens, instead of generating random
ones and storing them in the session data. Reduces number of writes to
sessions table and fixes kanboard issue #4942.
* Added missing CSRF check for starting/stopping subtask timers.

Co-authored-by: Willemijn Coene <willemijn@irdc.nl>
 2022-09-17 17:23:41 -07:00
Frédéric Guillot b433519686 Rename default branch from master to main 2022-08-11 21:57:19 -07:00
Frédéric Guillot 4bf3b0d459 Fix various compatibility issues with PHP 8 2022-02-08 22:20:20 -08:00
Frédéric Guillot f5bb55bdb8
PHP 8 Compatibility 2022-02-05 11:49:03 -08:00
Erwan Colin 76a81d0675 Enable external group synchronization deactivation. 2021-09-24 13:38:41 -07:00
Frédéric Guillot 71123b0f37 Add missing CSRF checks 2021-06-05 14:59:12 -07:00
Frédéric Guillot 31ce583743 Write RememberMe cookie only after 2FA has been validated 2021-04-04 17:57:47 -07:00
Frédéric Guillot b08760c5fc Avoid warning when removing plugin zip archive 2021-04-04 15:17:08 -07:00
Patrick Kuijvenhoven a267aa368b
Add new analytic component "Estimated vs actual time per column" 2021-02-21 20:22:45 -08:00
operateur404 d382e2e4be
LDAP protocol/host/port configuration by URL; make BASE_DN optional 
PHP ldap_connect($host, $port) function signature is deprecated: https://www.php.net/manual/en/function.ldap-connect.php

Querying an AD Global Catalog across an entire forest requires an empty base DN
 2021-02-03 18:49:50 -08:00
Harry Kakoulidis ac224fa178
Added an option to send a copy of all generated e-mails to a BCC address 2020-12-07 19:49:41 -08:00
Eskiso 4d1205a0fe
Don't force role of user if no ldap groups defined 
We should not force role of user on LDAP logins if there are not Manager/Admin groups defined, return null to get the one from database as before.
 2020-12-02 22:44:39 -08:00
JayBeeDe e3e9cabd8b
Added setting that makes possible any new LDAP user to be Manager by default 2020-10-04 12:11:07 -07:00
Michael Vickers b24d05df76 Add aria-label to user mention 2020-10-04 10:43:18 -07:00
mildis 33c3b32cda
Allow email to be retrieve by SSO ReverseProxy 
If REMOTE_EMAIL header is set, use it as user email.
If REVERSE_PROXY_DEFAULT_DOMAIN is set but not REMOTE_EMAIL, use the current construct.
 2020-08-28 22:59:59 -07:00
sxntxn 26618f525b
Add option to configure SMTP HELO hostname 2020-07-07 20:39:23 -07:00
Matthias Straka 6c4665b3ca
Add new config parameter SESSION_HANDLER 2020-07-06 21:30:27 -07:00
wilypomegranate 8777fc7561
Added PUT method using CURLOPT_CUSTOMREQUEST 2020-06-14 11:45:42 -07:00
mildis 9e1e4ea381
Allow use of the user's DN as the group filter substitution 2020-05-21 20:57:30 -07:00
Timo 027f875ac6
Save task list order in user session 2020-04-22 20:40:39 -07:00
Timo 490bcd17d8
Add new event subtask.create_update 2020-04-05 14:50:11 -07:00
Timo 64397f45fa Kanboard now requires PHP >= 7.2 since other versions are deprecated 2020-01-14 12:02:31 -08:00
Lőrinczy, Zsigmond 35602c0880 Change string indexing from {0} to [0] (deprecated in PHP 7.4) 2019-11-09 11:46:53 -08:00
Frédéric Guillot 216f2dee12 Add project ID to ExternalTaskProviderInterface::fetch() 2019-07-30 12:58:36 -07:00
KN4CK3R 1a39c46620 Save thumbnails as PNG to allow transparency 2019-07-10 13:12:02 -07:00
Frédéric Guillot 9eb42aae33 Add missing curl_close() 2019-06-04 16:40:58 -07:00
Frédéric Guillot 4ebcf84d47 Display cURL error message in logs 2019-06-04 15:57:07 -07:00
mildis b26776e529 Add cURL support to HTTP Client 
- Add HTTP_PROXY_EXCLUDE option when cURL is used
- Show HTTP client backend in about page
- Fallback to legacy Stream Contexts if cURL extension is not available
 2019-06-03 20:00:49 -07:00
Frédéric Guillot d6ffe08aeb Add Auto-Submitted E-mail header as per RFC 8384 2019-04-27 21:06:20 -07:00
Frédéric Guillot 0295388461 Add new actions to reorder tasks by column 2019-02-08 13:53:13 -08:00
Frédéric Guillot 233fd1a8a1 Authorize only API tokens when 2FA is enabled 2019-02-01 15:40:35 -08:00
Frédéric Guillot 83deec2e36 Avoid XSS in pagination ordering 2019-01-30 22:05:43 -08:00
Frédéric Guillot c06a110830 Reduce number of SQL queries when doing groups sync 2018-10-02 15:15:23 -07:00
Frédéric Guillot 1268c0023d Avoid PHP error in Markdown parser 
parent::inlineLink() could returns null or an array.

Bug introduced in commit c44880a.
 2018-08-15 10:57:45 -07:00
cl0ne c44880a588 Exclude task links and user mentions from nesting 2018-07-25 15:07:34 -07:00
Frédéric Guillot 29b1357cd2 Make HTTP client timeout configurable 2018-07-05 14:39:58 -07:00
Frédéric Guillot 6ae97d399d Improve dashboard pagination 2018-05-09 11:21:57 -07:00
Frédéric Guillot 2d2b50d5dc Remove all attachments when removing a project 2018-04-27 14:32:58 -07:00
Frédéric Guillot bb406d57b1 Update Parsedown library 2018-04-20 16:05:50 -07:00
Frédéric Guillot c84378648f Fallback to "status:open" if there is no user filter 2018-04-02 19:18:11 -07:00
Aurélien 5f7a3442d6 Add default filter per user 2018-04-02 14:07:04 -07:00