fusiondirectory issueshttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues2022-09-12T13:26:33Zhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6219[security] - Cookie session is not renewed or set after authentification2022-09-12T13:26:33Zbmortier[security] - Cookie session is not renewed or set after authentification### Requirements
The session cookie is being set on the login page prior to user being authenticated.
It is wise to either renew it after authentication or to only set it up after logged in.
## Descriptive title for this enhancement...### Requirements
The session cookie is being set on the login page prior to user being authenticated.
It is wise to either renew it after authentication or to only set it up after logged in.
## Descriptive title for this enhancement
[security] - Cookie session is not renewed or set after authentification
### Actual behavior
Session cookie is being set prior to user authentication.
### Expected behavior
Session cookie renewed or set after logged in method.
### Step by step description of new behavior
1.Login
2.Session cookie set or renewed
### Benefits
Avoid what we call a Session_Fixation security issue.
### Possible Drawbacks
Possible re-writing on how sessions are initiated.
### Applicable Issues
NoneFusionDirectory 1.3.1bmortierbmortier2022-07-07https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6217[Security] - Set Cookie settings to TRUE for option "HttpOnly"2022-09-12T13:30:01Zbmortier[Security] - Set Cookie settings to TRUE for option "HttpOnly"### Requirements
Security enhancement - it is desirable to set the cookie (upon login page) settings to TRUE for attribute HttpOnly.
"HttpOnly" option makes sure that XSS code injected though JavaScript will be refused by the browser.
...### Requirements
Security enhancement - it is desirable to set the cookie (upon login page) settings to TRUE for attribute HttpOnly.
"HttpOnly" option makes sure that XSS code injected though JavaScript will be refused by the browser.
To be integrated within 1.3-fixes and 1.4-dev.
## Descriptive title for this enhancement
[Security] - Set Cookie settings to TRUE for option "HttpOnly">
### Actual behavior
Cookie HttpOnly is set to FALSE
### Expected behavior
HttpOnly set to TRUE
### Step by step description of new behaviour
Update php.ini to set HttpOnly cookie option to TRUE.
### Benefits
Less possible attack coming from inject of javascript XSS
### Possible Drawbacks
None
### Applicable Issues
NoneFusionDirectory 1.3.1bmortierbmortier2022-07-07https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6222[1.3.1] - Fixing LDAP Search filter code style2022-09-12T13:32:18Zbmortier[1.3.1] - Fixing LDAP Search filter code style### Description
A bug was introduced during the codestyle changes for core.
ldap filter are falty.
### Distribution Name and Version
Debian Buster
### FusionDirectory Version
1.3.1
### PHP version used
7.3 (official buster)
### O...### Description
A bug was introduced during the codestyle changes for core.
ldap filter are falty.
### Distribution Name and Version
Debian Buster
### FusionDirectory Version
1.3.1
### PHP version used
7.3 (official buster)
### Origin of php packages
Distro
### Steps to Reproduce
Try to setup fusiondirectory for its first installation.
**Expected behavior:**
Installation successful
**Actual behavior:**
Error during setup of FD
**Reproduces how often:**
100 percent
### Additional Information
NoneFusionDirectory 1.3.1bmortierbmortier2022-07-28https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6233update the php min version2022-10-12T11:02:15Zbmortierupdate the php min versionHello,
the php min version has changed for 1.3 so we need to update the file include/variables_common.inc :
* define('PHP_MIN_VERSION', '7.3.0');Hello,
the php min version has changed for 1.3 so we need to update the file include/variables_common.inc :
* define('PHP_MIN_VERSION', '7.3.0');FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6230add authors to authors.md for 1.3.12022-09-08T15:48:35Zbmortieradd authors to authors.md for 1.3.1Hello,
we need to add the contributors for 1.3.1 in Authors.md
CheersHello,
we need to add the contributors for 1.3.1 in Authors.md
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6223remove all reference to stretch registry images2023-06-23T20:02:42Zbmortierremove all reference to stretch registry imagesHello,
we need to remove all reference to stretch images in the registry
CheersHello,
we need to remove all reference to stretch images in the registry
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6221[Enhancement] - Change CI 1.3.1 - CodeStyle to refelect 1.4 rules2022-09-12T13:33:03Zbmortier[Enhancement] - Change CI 1.3.1 - CodeStyle to refelect 1.4 rules### Requirements
* Filling out the template is required. Any Enhancement request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
* All new code requires tests to e...### Requirements
* Filling out the template is required. Any Enhancement request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
* All new code requires tests to ensure against regressions
## Descriptive title for this enhancement
1.3.1 uses an old codestyle and it has been agreed to change it to correspond to 1.4 (actual version to date).
### Actual behavior
Old codestyle is being used
### Expected behavior
New codestyle is being used
### Step by step description of new behaviour
```yaml
# PHP codesniffer
create_php_code_sniffer_rapport:
image: registry.fusiondirectory.org/fusiondirectory/fd/phpcodesniffer-cli:stretch
stage: codestyle
only:
- branches
script:
- test -d ../dev-tools/ && rm -Rf ../dev-tools/
- git clone --depth 1 https://gitlab.fusiondirectory.org/fusiondirectory/dev-tools.git -b 1.3 ../dev-tools
- find . -type f -name '*.php' -o -name '*.inc' > ./filelist
- phpcs --standard=../dev-tools/php-codesniffer-rules/FDStandard/ruleset.xml --file-list=./filelist
```
change the git clone with proper updated branch reflecting latest up to date branch.
### Benefits
Code style will be aligned everywhere.
### Possible Drawbacks
Possible risk of automated-testing reporting issues for mistakes introduced during code style changes.
No php lint errors must be reported prior of changing the CI.
### Applicable Issues
NoneFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6220[CodeStyle] - 1.3.1 Requires adaptation to align code style with 1.42022-09-12T13:31:21Zbmortier[CodeStyle] - 1.3.1 Requires adaptation to align code style with 1.4Current customer release 1.3.1 (1.3-fixes) uses old PHP code style, which requires updates to have equivalence with release 1.4-dev.
This will allow uniformization between the two releases.Current customer release 1.3.1 (1.3-fixes) uses old PHP code style, which requires updates to have equivalence with release 1.4-dev.
This will allow uniformization between the two releases.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6173PHP error: Array to string conversion in class_fiInventory.inc:1992022-09-01T09:37:10ZbmortierPHP error: Array to string conversion in class_fiInventory.inc:199Only in 1.3 branch:
```
=== Error ===
PHP error: Array to string conversion
(/usr/share/fusiondirectory/plugins/admin/systems/fusioninventory/class_fiInventory.inc,
line 199)
=== /Error ===
=== Trace ===
Trace[1]:function implode
Fil...Only in 1.3 branch:
```
=== Error ===
PHP error: Array to string conversion
(/usr/share/fusiondirectory/plugins/admin/systems/fusioninventory/class_fiInventory.inc,
line 199)
=== /Error ===
=== Trace ===
Trace[1]:function implode
File :
/usr/share/fusiondirectory/plugins/admin/systems/fusioninventory/class_fiInventory.inc
Line : 199
Type : -
")(macAddress=",array(array("96:00:00:14:4b:82"))
```FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6152Add subscription screen2023-06-23T20:02:17ZbmortierAdd subscription screenThe idea is to have a «Subscription» page in the menu (with its own ACLs), showing either information about how to get a subscription, or information about the subscription stored in the LDAP.
It must be able to import this information f...The idea is to have a «Subscription» page in the menu (with its own ACLs), showing either information about how to get a subscription, or information about the subscription stored in the LDAP.
It must be able to import this information from a file sent to subscribers, not sure yet if it should be LDIF or JSON. Apart from the import field, information is read-only.
The information is stored under ou=fusiondirectory.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6142The filter for configuration is wrong in fusiondirectory-setup2021-03-23T10:27:22ZbmortierThe filter for configuration is wrong in fusiondirectory-setupWhen creating an admin user, fusiondirectory-setup uses the filter `(&(objectClass=fusionDirectoryConf)(cn=fusiondirectory))` but the configuration cn is `config` and not `fusiondirectory`.
It should use the `my $configrdn = "cn=config...When creating an admin user, fusiondirectory-setup uses the filter `(&(objectClass=fusionDirectoryConf)(cn=fusiondirectory))` but the configuration cn is `config` and not `fusiondirectory`.
It should use the `my $configrdn = "cn=config,ou=fusiondirectory"; var` instead.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6139Add a security.md for github compliance2022-09-09T08:24:57ZbmortierAdd a security.md for github complianceHello,
we need a security.md for github compliance
we can use https://www.fusiondirectory.org/en/security/
CheersHello,
we need a security.md for github compliance
we can use https://www.fusiondirectory.org/en/security/
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6122Problems with FD web setup2021-08-25T18:13:38ZbmortierProblems with FD web setupThe «Installation check» page fails to load checks at first load, and only shows two empty warning checks.
Also the right section shows «PHP setup configuration (<a href="?info" target="_blank">show information</a>)» as title, the html ...The «Installation check» page fails to load checks at first load, and only shows two empty warning checks.
Also the right section shows «PHP setup configuration (<a href="?info" target="_blank">show information</a>)» as title, the html link is escaped.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6118Broken links for 1.3.1 release downloads2022-09-01T09:42:46ZbmortierBroken links for 1.3.1 release downloadsLinks for 1.3.1 release downloads are broken. Same problem for plugins.
Broken link for 1.3.1:
https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/archive/fusiondirectory-1.3.1/fd-fusiondirectory-1.3.1.tar.gz
Working link for 1.3:
...Links for 1.3.1 release downloads are broken. Same problem for plugins.
Broken link for 1.3.1:
https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/archive/fusiondirectory-1.3.1/fd-fusiondirectory-1.3.1.tar.gz
Working link for 1.3:
https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/archive/fusiondirectory-1.3/fd-fusiondirectory-1.3.tar.gz
This works for 1.3.1, but is not linked to from releases:
wget https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/archive/fusiondirectory-1.3/fd-fusiondirectory-1.3.1.tar.gzFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6113Add tar.gz build for fixes branch2022-09-01T10:07:21ZbmortierAdd tar.gz build for fixes branch## Descriptive title for this enhancement
Add tar.gz build for fixes branch
### Actual behavior
We only build dev branch
### Expected behavior
Build fixes branches too
### Benefits
Automaticaly build fixes packages after merge## Descriptive title for this enhancement
Add tar.gz build for fixes branch
### Actual behavior
We only build dev branch
### Expected behavior
Build fixes branches too
### Benefits
Automaticaly build fixes packages after mergeFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6112change the donate part to add all the crowfunding possibilities2022-09-01T09:27:38Zbmortierchange the donate part to add all the crowfunding possibilitieshello,
we need to replace the donate with all our crowfunding possibilities
Cheershello,
we need to replace the donate with all our crowfunding possibilities
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6111add the badge for https://bestpractices.coreinfrastructure.org2022-09-09T08:24:35Zbmortieradd the badge for https://bestpractices.coreinfrastructure.orghello,
we need to add the markdown for the best practice badge https://bestpractices.coreinfrastructure.org/en/projects/351
cheershello,
we need to add the markdown for the best practice badge https://bestpractices.coreinfrastructure.org/en/projects/351
cheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6103Unable to change template name or create template2022-09-01T08:11:45ZbmortierUnable to change template name or create template### Description
After given the correct (I'm guessing) ACL to person to modify user templates, those person can modify indeed all template. But the user cannot modify the name of the template (that's minor bug). They are no error messag...### Description
After given the correct (I'm guessing) ACL to person to modify user templates, those person can modify indeed all template. But the user cannot modify the name of the template (that's minor bug). They are no error message, if the person change the name, he can save. But nothing actually change. The name still the old one.
More inconvenient the person cannot create a a template, He got the menu to create a template, he is invited in the tab to create a template, and what ever you name the template, FD say thay are a conflict with some other tempate whos name a nothing to do with the name the person choose, it's even not in the same branch.
Don't know where the problem are. Maybe in the ACL because as super_admin everything work. But because the person can modify anything in the model...
### Distribution Name and Version
Debian 9.12
### FusionDirectory Version
1.3
### PHP version used
7.0.33
### Origin of php packages
Distribution packages
### Steps to Reproduce
1. Select a modele
2. Change the name
3. Save the template
4. Check the name
1. Select Action/Add/Model
2. Enter anything in the name
3. Save
**Expected behavior:**
The name are change.
The template are created
**Actual behavior:**
The name still the same/
Got some strange error about conflict name
**Reproduces how often:**
100%FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6097Smarty path is not set correctly by fusiondirectory-setup --write-vars2020-10-19T12:55:15ZbmortierSmarty path is not set correctly by fusiondirectory-setup --write-vars### Description
When using fusiondirectory-setup with --write-vars, SMARTY value isn't correctly set
### Distribution Name and Version
Debian 10
### FusionDirectory Version
1.4 dev from GIT
### PHP version used
PHP7.3
### Origin of...### Description
When using fusiondirectory-setup with --write-vars, SMARTY value isn't correctly set
### Distribution Name and Version
Debian 10
### FusionDirectory Version
1.4 dev from GIT
### PHP version used
PHP7.3
### Origin of php packages
Debian
### Steps to Reproduce
1. root@fusion-dev:/var/www/html/fusiondirectory# git clone https://gitlab.fusiondirectory.org/fusiondirectory/fd.git
2. /usr/local/bin/fusiondirectory-setup --set-fd_home=/var/www/html/fusiondirectory/fd --yes --check-directories --update-cache --update-locales --write-vars
3. with git diff : I get :
```
-/*!
- * \brief Path for smarty3 libraries
- */
-define("SMARTY", "/usr/share/php/smarty3/Smarty.class.php");
+/* Path for smarty3 libraries */
+define("SMARTY", "/usr/share/php/smarty3");
```
Smarty.class.php is missing
**Reproduces how often:**
100%
### Additional Information
As Smarty isn't loaded, UI could be displayedFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6095put the fusiondirectory/.github/FUNDING.yml for github2023-06-23T20:02:21Zbmortierput the fusiondirectory/.github/FUNDING.yml for github## Descriptive title for this enhancement
<!-- required -->
github now allows to put sponsoring links to the repository for the various monetary contributing platforms
### Actual behavior
<!-- What actually happens -->
no link to ou...## Descriptive title for this enhancement
<!-- required -->
github now allows to put sponsoring links to the repository for the various monetary contributing platforms
### Actual behavior
<!-- What actually happens -->
no link to our donating platforms
### Expected behavior
<!-- What you expect to happen-->
be able to promote crowfunding platform
### Step by step description of new behaviour
we need to add a .github/FUNDING.yml
### Benefits
<!-- optional -->
<!-- What benefits will be realized by the code change? -->
raise awardness of way of micro donating to fusiondirectory
### Possible Drawbacks
<!-- optional -->
<!-- What are the possible side-effects or negative impacts of the code change? -->
none
### Applicable Issues
<!-- optional -->
<!-- Enter any applicable Issues here -->
crowfundingFusionDirectory 1.3.1bmortierbmortier