/trunk/TODO |
---|
8,7 → 8,6 |
... At least give a hint to the documentation, so they know how to run the tool and how to enter the cost in the configuration (for RA and Admin) |
... or in the setup page make an extra control how complex the admin password should be? but be aware that nobody enters a too big number (it makes DoS possible!) |
- system log plugin: Only show 100 events and let the user switch pages. To avoid that you load a page with 10000+ log entries! |
- check if there are more PHP extensions which are required, and add them to includes/oidplus_dependency.inc.php |
SECURITY Improvements: |
- Small security issue: A visitor can check which plugins are installed by either entering a "goto" command (e.g. "oidplus:vnag_version_check") |
/trunk/includes/oidplus_dependency.inc.php |
---|
20,6 → 20,18 |
function oidplus_get_missing_dependencies() { |
$missing_dependencies = array(); |
if (!extension_loaded('standard')) { |
$missing_dependencies[] = 'standard'; |
} |
if (!extension_loaded('Core')) { |
$missing_dependencies[] = 'Core'; |
} |
if (!extension_loaded('SPL')) { |
$missing_dependencies[] = 'SPL'; |
} |
if (!extension_loaded('iconv')) { |
// Alpine Linux: apk add php-iconv |
$missing_dependencies[] = 'iconv'; |