The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
This replaces the hardcoded "LIMIT 10" with "LIMIT <page_size>".
Patch by Dan <dannyro @SF>, https://sourceforge.net/p/postfixadmin/patches/133/
Additional change on top of Dan's patch:
- wrap $CONF['page_size'] in intval() to avoid that a broken config
setting can break or exploit the query
* Make it possible by config option that non global admins can send
broadcast messages to their domains.
* Allow the sender to select the domains the broadcast message should be
delivered to
* Allow the sender to decide if the broadcast message should just be
delivered to mailboxes
- add $msg['confirm'] (confirmation message when attemping to delete an
item, displayed by list.php)
*.lang:
- add various confirm_delete_* texts needed by *Handler
- rename confirm_domain to confirm_delete_domain
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1749 a1433add-5e2c-0410-b055-b7f2511e0802
- initStruct:
- set column write permissions depending on superadmin status
- add _can_edit and _can_delete (also depending on superadmin status)
- webformConfig(): reduce required permissions to 'admin'
- add beforestore() - aborts writing for non-superadmins
- delete: allow deletion only for superadmins
*.lang:
- new text 'no_delete_permissions'
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1718 a1433add-5e2c-0410-b055-b7f2511e0802
- check that $tActiveUntil >= today and $tActiveUntil >= $tActiveFrom
- update header comments
- display "vacation is active" notice also to admins
(based on a patch by J.Kruis @SF,
https://sourceforge.net/p/postfixadmin/patches/122/ )
*.lang:
- add
- pVacation_until_before_today
- pVacation_until_before_from
- reply_once_per_day
- change pUsersVacation_welcome_text to 'Auto response for %s is active!'
- remove "obsolete" marker from pUsersVacation_activefrom and
pUsersVacation_activeuntil, they are still used
nl.lang:
- translation update by J.Kruis @SF
https://sourceforge.net/p/postfixadmin/patches/122/
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1697 a1433add-5e2c-0410-b055-b7f2511e0802
- add note that $CONF[vacation_domain] can't be used for "normal" mails
model/DomainHandler.php:
- validate_new_id():
- error out when trying to add $CONF[vacation_domain]
- some whitespace fixes
- remove superfluous comment on initStruct()
*.lang:
- add 'domain_conflict_vacation_domain' error message
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1694 a1433add-5e2c-0410-b055-b7f2511e0802
restrict reply type to a list of options ($CONF[vacation_choice_of_reply]),
remove input field for custom interval
config.inc.php:
- change $CONF['vacation_choice_of_reply'] to [seconds] => [$PALANG label]
(note: reply to every mail is commented by default because it can be
annoying. Admins will have to explicitely add/enable it in their config.)
- remove $CONF[vacation_replytype_default]
- update comment about dovecot:* for $CONF[encrypt]
*.lang:
- add texts for reply types
VacationHandler.php:
- remove reply_type at various places
- set_away(): remove reply_type from list of function parameters
templates/vacation.tpl:
- update reply type dropdown for the changed $CONF['vacation_choice_of_reply']
- remove the input fields for custom reply delay
vacation.php:
- restrict reply type to a list of options ($CONF[vacation_choice_of_reply])
- if vacation is disabled, but old values are stored in the database,
change the activeFrom and activeUntil date to today to avoid users
have to scroll through the calendar a lot
xmlrpc.php:
- update set_away() call to match the removed parameter
upgrade.php:
- comment out upgrade_1345_mysql() which created the reply_type and
interval_time fields in the vacation table in mysql
- add upgrade_1610() to add the vacation.interval_time field
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1610 a1433add-5e2c-0410-b055-b7f2511e0802
- only allow @domain as target if $this->id is a catchall
- delete commented out version of delete()
- better error messages
languages/*.lang
- add new texts needed for AliasHandler
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1587 a1433add-5e2c-0410-b055-b7f2511e0802
- rename pAdminCreate_admin_username_text to email_address
- rename pAdminEdit_admin_super_admin to super_admin
AdminHandler.php - initStruct():
- adopt to the renamed $PALANG texts
- remove some TODOs
- whitespace changes
setup.php, adminlistadmin.tpl:
- adopt to the renamed $PALANG texts
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1580 a1433add-5e2c-0410-b055-b7f2511e0802
- delete(): check if the domain is an alias domain target - if yes, do
not allow to delete it
- better error message if domain_postdeletion() fails
*.lang:
- rename pAdminDelete_domain_error to domain_postdel_failed and change
the text
- add delete_domain_aliasdomain_target
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1567 a1433add-5e2c-0410-b055-b7f2511e0802
- initMsg(): better texts for error_already_exists and error_does_not_exist
*.lang:
- rename pAdminCreate_admin_username_text_error2 to admin_already_exists
and change the text
- add admin_does_not_exist
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1565 a1433add-5e2c-0410-b055-b7f2511e0802
- make error messages in _inp_*() translateable
- make date format in SQL "translateable"
*.lang:
- add the texts needed for the changes listed above
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1556 a1433add-5e2c-0410-b055-b7f2511e0802
ADDITIONS/fetchmail.pl
- add sslcertck, sslcertpath and sslfingerprint to fetchmail config
- some whitespace fixes
fetchmail.php
- add sslcertck, sslcertpath, sslfingerprint fields
(sslcertpath and sslfingerprint require $CONF[fetchmail_extra_options]
because they don't have input validation)
languages/*.lang
- add new texts needed for the added fields
templates/fetchmail.tpl:
- add the new fields
- also add extra_options and mda fields - they were not displayed yet
upgrade.php
- fix _db_add_field() to call _db_field_exists() with correct table name
- upgrade_1519(): add sslcertck, sslcertpath, sslfingerprint fields to the
fetchmail table
Most parts of this commit are based on the work of Lars Engelhard
(modified files sent on the mailinglist 2013-07-30)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1519 a1433add-5e2c-0410-b055-b7f2511e0802