summaryrefslogtreecommitdiffstats
path: root/admin/inc
Commit message (Collapse)AuthorAgeFilesLines
* Make authentication timing-safenashe2015-08-041-1/+2
| | | | | | | Improve the authentication to make it timing-safe against bruteforce attacks. See code comments for more details on the implementation.
* Improve coding stylenashe2015-08-031-7/+5
|
* Avoid type juggling vulnerability.nashe2015-08-031-2/+2
| | | | | | | | | | | | | | | | | Password comparison should not be done with the `==` operator, but `===`, due to type juggling. References: * http://phpsadness.com/sad/47 * turbochaos.blogspot.fr/2013/08/exploiting-exotic-bugs-php-type-juggling. html ### Test case * Create an administrator with the password "240610708". * Try to login to the dashboard with the password "QNKCDZO" :-)
* convert all files saved in Windows(CRLF) to Unix (LF)Pascal Chevrel2012-03-091-2/+2
|
* Use a centralized template for the admin section to avoid repeating htmlPascal Chevrel2012-03-061-5/+0
|
* Initial commitMaurice Svay2010-02-163-0/+17