Skip to content

GitLab

E
extensions.typo3.org
Switch branch/tag
  1. 06 Nov, 2018 1 commit
  3. 19 Jul, 2018 1 commit
  5. 12 Jul, 2018 1 commit
  7. 09 Mar, 2018 2 commits
  9. 08 Mar, 2018 2 commits
  11. 12 Dec, 2017 1 commit
  13. 09 Nov, 2017 2 commits
  15. 08 Nov, 2017 1 commit
  17. 15 Oct, 2017 1 commit
  19. 15 Sep, 2017 1 commit
  21. 14 Sep, 2017 2 commits
  23. 13 Sep, 2017 1 commit
  25. 06 Sep, 2017 3 commits
    • Thomas Löffler's avatar
      Fixes typo · 13ef3c94
      Thomas Löffler authored
      13ef3c94
    • Helmut Hummel's avatar
      Allow SOAP endpoint to authenticate via session · a2d12007
      Helmut Hummel authored 
      Since we call the SOAP endpoint for certain actions
of an authenticated user on extensions.typo3.org
(like registering ext keys) and we do not know
the password at this point any more,
we now include the session id in the SOAP request,
so that TYPO3 will login this user before the SOAP
endpoint is triggered.

In the endpoint, we can then just check if a user is
already logged in and whether the username given
matches the username of the logged in user.
      a2d12007
    • Thomas Löffler's avatar
      Adds LDAP validation for checkValidUser via SOAP · c1262252
      Thomas Löffler authored
      c1262252
  27. 05 Sep, 2017 2 commits
  29. 01 Sep, 2017 1 commit
    • Helmut Hummel's avatar
      [SECURITY] Fix unauthorized SOAP access · 0ecc7fc6
      Helmut Hummel authored 
      By having an inverted condition, attackers
could upload arbitrary extensions by only knowing
the username and the extension key.

When knowing a username of a TER admin,
it was also possible to perform TER admin
commands (like deleting extensions) via SOAP
      0ecc7fc6
  31. 11 Aug, 2017 3 commits
  33. 10 Aug, 2017 1 commit
  35. 28 Jul, 2017 1 commit
  37. 19 Jul, 2017 1 commit
  39. 02 Mar, 2017 1 commit
  41. 27 Feb, 2017 1 commit