1. 06 Nov, 2018 1 commit
  2. 19 Jul, 2018 1 commit
  3. 12 Jul, 2018 1 commit
  4. 09 Mar, 2018 2 commits
  5. 08 Mar, 2018 2 commits
  6. 12 Dec, 2017 1 commit
  7. 09 Nov, 2017 2 commits
  8. 08 Nov, 2017 1 commit
  9. 15 Oct, 2017 1 commit
  10. 15 Sep, 2017 1 commit
  11. 14 Sep, 2017 2 commits
  12. 13 Sep, 2017 1 commit
  13. 06 Sep, 2017 3 commits
    • Thomas Löffler's avatar
      Fixes typo · 13ef3c94
      Thomas Löffler authored
      13ef3c94
    • Helmut Hummel's avatar
      Allow SOAP endpoint to authenticate via session · a2d12007
      Helmut Hummel authored
      Since we call the SOAP endpoint for certain actions
      of an authenticated user on extensions.typo3.org
      (like registering ext keys) and we do not know
      the password at this point any more,
      we now include the session id in the SOAP request,
      so that TYPO3 will login this user before the SOAP
      endpoint is triggered.
      
      In the endpoint, we can then just check if a user is
      already logged in and whether the username given
      matches the username of the logged in user.
      a2d12007
    • Thomas Löffler's avatar
      c1262252
  14. 05 Sep, 2017 2 commits
  15. 01 Sep, 2017 1 commit
    • Helmut Hummel's avatar
      [SECURITY] Fix unauthorized SOAP access · 0ecc7fc6
      Helmut Hummel authored
      By having an inverted condition, attackers
      could upload arbitrary extensions by only knowing
      the username and the extension key.
      
      When knowing a username of a TER admin,
      it was also possible to perform TER admin
      commands (like deleting extensions) via SOAP
      0ecc7fc6
  16. 11 Aug, 2017 3 commits
  17. 10 Aug, 2017 1 commit
  18. 28 Jul, 2017 1 commit
  19. 19 Jul, 2017 1 commit
  20. 02 Mar, 2017 1 commit
  21. 27 Feb, 2017 1 commit