php/archived-web-master
1
0
Fork 0
mirror of https://github.com/php/web-master.git synced 2026-03-24 07:42:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,360 Commits 8 Branches 4 Tags
main
Commit Graph

173 Commits

Author SHA1 Message Date
Derick Rethans
22ddaa0fd1 Remove the GitHub repository management tool 
This tool is no longer in use, and it is also not working.
 2026-01-20 12:54:10 +01:00
Derick Rethans
4c2c9e83fb Fixed mail headers for VCS user approval emails 2025-09-05 10:05:53 +01:00
Derick Rethans
bfa3b1793e Align admin users with GH Org admins 2025-04-17 16:43:06 +01:00
Derick Rethans
2c6628863f Try to block a persistent spammer 2025-03-18 16:14:18 +00:00
Christoph M. Becker
0a0bcf6055 Fix recently introduced regex 2022-10-24 18:17:44 +02:00
Christoph M. Becker
0762e6a1b5 Treat note starting with https:// as spam 
We recently got a lot of these, and it is rather uncommon for a non-spam
user note to immediately start with an URL.

Closes GH-16.
 2022-10-24 17:21:02 +02:00
Christoph M. Becker
a52c27b12a Add even more spam words 
Might as well add `'.'`.
 2022-10-19 19:40:12 +02:00
Christoph M. Becker
ed5505d6cc Add more spam words for user notes 
Recently, we get an awful lot of spam; let's constrain it.
 2022-10-19 16:29:18 +02:00
Peter Cowburn
104336042d consider simple html anchors as spam 2022-08-07 10:08:31 +01:00
Christoph M. Becker
b056f4275a Also count https:// URLs 
Might not make much sense nowadays to count `http://` URLs, but not
checking `https://` is certainly unhelpful.
 2022-08-05 18:29:15 +02:00
Christoph M. Becker
b693250eb5 Add more spam words for user notes 
Recently, we get an awful lot of spam; let's constrain it.
 2022-08-05 18:10:38 +02:00
Kamil Tekiela
4f98bb7878 Migrate mysql_* API 2022-07-18 22:25:22 +02:00
Niklas Keller
edc40853cd Remove is_sqlite_type_available 
Last usage was removed in abc631369a.
 2021-04-11 22:57:14 +02:00
Niklas Keller
c155378dd6 Move cvs-auth.php from include path to Composer autoload 2021-04-11 22:51:54 +02:00
Niklas Keller
bcb226b644 Add docker development setup (#10) 
* Add docker development setup

* Centralize DB credentials

* Remove symlink in favor of separate static file serving

* Update generated composer files
 2021-04-11 21:56:50 +02:00
Nikita Popov
90515b33df Switch authentication to use PDO 2021-04-11 21:44:40 +02:00
Nikita Popov
5ea1233c65 Don't mention svn.php.net in welcome message 2021-04-11 20:49:17 +02:00
Nikita Popov
031dbfdb8a Minor code cleanups 
Applying various minor improvements suggested by PhpStorm.
 2021-04-11 20:46:25 +02:00
Nikita Popov
6d94ee66d3 Add a PSR-4 root 
Following the convention of other php.net projects, use App\ as
the top-level namespace.
 2021-04-11 20:16:19 +02:00
Nikita Popov
9117dcd751 Remove logo.gif 
Not referenced anywhere, and wouldn't be accessible from the
server anyway, as it's part of include/.
 2021-04-08 22:13:19 +02:00
Nikita Popov
819070de35 Add PHPMailer as composer dependency 
Instead of requiring it to be on the include path.
 2021-04-08 21:30:58 +02:00
Sergey Panteleev
0f49caf647 Use composer to manage dependencies (#8) 
While composer is used to manage the dependencies, the vendor/ directory is also being committed to make sure we know exactly what we're deploying.
 2021-04-07 15:35:50 +02:00
Nikita Popov
2a21449000 Move to public/ directory 
Move everything that should be accessible from the webserver into
a public/ directory. Previously the document root was the root
of the repository, which is not great.
 2021-04-07 12:12:02 +02:00
Nikita Popov
c25e9bd288 Drop code for handling md5 passwords 
As we reset all passwords anyway, there's no need to handle
upgrade anymore.
 2021-04-07 11:04:07 +02:00
Nikita Popov
d88d123005 Merge branch 'master' into main 2021-04-05 20:42:27 +02:00
Nikita Popov
369ff2016a Try adding Reply-To header to commit mails 
Not sure whether this will get stripped by the mailing list, but
let's try it. I don't want to specify the author/committer email
in From, as it'll likely run afoul of DMARC.
 2021-04-02 22:43:57 +02:00
Nikita Popov
89fd8c2964 Try to fix mail charset issue 
Set utf-8 as the charset when using PHPMailer. The manual encoding
code was a leftover from direct calls to mail() and only handles
the charset in the subject but not other headers.
 2021-04-02 22:08:41 +02:00
Nikita Popov
eeda4f265a Use bcrypt for password hashes 2021-04-02 16:09:38 +02:00
Rasmus Lerdorf
60c25aa2be New PHP 8-compatible main branch 2021-04-01 14:27:05 -07:00
Nikita Popov
9cfe978d68 Remove magic_quotes filter handling 
The magic quotes filter is now disabled.
 2021-04-01 20:53:45 +02:00
Nikita Popov
81b302aac8 Finish migration to safe queries 2021-04-01 19:05:40 +02:00
Nikita Popov
2e2d507fed Let me view phpinfo 2021-04-01 17:55:37 +02:00
Nikita Popov
1a08ce75cd Migrate more code to safe query abstraction 
Getting closer to done...
 2021-04-01 17:52:12 +02:00
Nikita Popov
6135e250d1 Move more queries to safe abstraction 
Add a Query class to assemble queries by parts, and ?int placeholder
which is needed for LIMIT clauses.
 2021-04-01 16:28:24 +02:00
Nikita Popov
105450fc56 Remove alerts functionality 
This was never used, and is in a broken state right now (references
an incorrect database schema).

It seems rather unlikely that this functionality is going to be
finished at this point, so instead drop it entirely.
 2021-04-01 13:13:08 +02:00
Nikita Popov
ed931f77c1 Add safe(r) query abstraction 
Add db_query_safe that accepts parameters separately. Use it in
some places.
 2021-04-01 12:31:37 +02:00
Nikita Popov
6cc0deb4c4 Use db_connect() in some places 2021-04-01 11:32:53 +02:00
Nikita Popov
5b8719f285 Don't handle full_special_chars default.filter 
default.filter on this server is set to magic_quotes, so remove
the handling for the full_special_chars case.
 2021-04-01 10:24:19 +02:00
Nikita Popov
d0822675ee Replace uses of escape() with appropriate functions 
For queries, use real_clean(), for html use hsrc().
 2021-03-31 22:40:35 +02:00
Nikita Popov
c8506579ad Remove get_magic_quotes_gpc() checks 
master.php.net runs PHP 5.4, where magic quotes no longer exist.
Add a sanity check that they're really disable, and drop code
handling them. There was at least one use of escape() that wouldn't
do the right thing if this code was run with magic quotes.
 2021-03-31 22:29:09 +02:00
Nikita Popov
68c0837938 Use strict comparison for password 
Rather unlikely, but could give false positives for 0e comparisons.
 2021-03-31 21:36:49 +02:00
Sergey Panteleev
f14e88a6a9 Fix email message (#5) 2021-03-31 12:10:09 +03:00
Rasmus Lerdorf
f417e150be Switch forgot.php to PHPMailer 2021-03-30 10:00:13 -07:00
Rasmus Lerdorf
600780d700 More PHP 8/Phan fixes 2021-01-30 13:24:58 -08:00
Rasmus Lerdorf
48cb59d326 A bit of PHP 7.4/8.0 cleanup 2021-01-30 13:18:46 -08:00
Sobak
eb0d668b71 Drop some unused functions 2020-04-19 02:08:04 +02:00
Sobak
54328e85c2 Remove mirrors related code (in rather non-risky, not so intrusive way) 
I tried to keep backwards compatibility where it seemed to make sense
(e.g. the API endpoint) or the script that might still be called
somehow. Hopefully I didn't break anything but if I did feel free
to point it at me and sorry in advance :/
 2020-04-18 23:21:37 +02:00
Peter Cowburn
182dbad729 sync admin list with karma givers 
This commit mostly adds PHP Group folk, and some
old names who aren't very active any more. But it makes
the list of people who can approve VCS accounts and
those who can grant commit karma basically aligned.
 2019-10-12 12:08:30 +01:00
Christoph M. Becker
73ab4d8234 Grant nikic admin rights 2019-10-12 10:49:12 +02:00
Peter Kokot
0e511803a5 Refactor long array() syntax to short [] 
Since app is using PHP 5.4+ already, the longer `array()` syntax can be
refactored to shorter `[]`.
 2018-12-10 03:26:03 +01:00