1. 19 Jul, 2018 1 commit
  2. 12 Jul, 2018 1 commit
  3. 09 Mar, 2018 2 commits
  4. 08 Mar, 2018 2 commits
  5. 12 Dec, 2017 1 commit
  6. 09 Nov, 2017 2 commits
  7. 08 Nov, 2017 1 commit
  8. 15 Oct, 2017 1 commit
  9. 15 Sep, 2017 1 commit
  10. 14 Sep, 2017 2 commits
  11. 13 Sep, 2017 1 commit
  12. 06 Sep, 2017 3 commits
    • Thomas Löffler's avatar
      Fixes typo · 13ef3c94
      Thomas Löffler authored
      13ef3c94
    • Helmut Hummel's avatar
      Allow SOAP endpoint to authenticate via session · a2d12007
      Helmut Hummel authored
      Since we call the SOAP endpoint for certain actions
      of an authenticated user on extensions.typo3.org
      (like registering ext keys) and we do not know
      the password at this point any more,
      we now include the session id in the SOAP request,
      so that TYPO3 will login this user before the SOAP
      endpoint is triggered.
      
      In the endpoint, we can then just check if a user is
      already logged in and whether the username given
      matches the username of the logged in user.
      a2d12007
    • Thomas Löffler's avatar
      c1262252
  13. 05 Sep, 2017 2 commits
  14. 01 Sep, 2017 1 commit
    • Helmut Hummel's avatar
      [SECURITY] Fix unauthorized SOAP access · 0ecc7fc6
      Helmut Hummel authored
      By having an inverted condition, attackers
      could upload arbitrary extensions by only knowing
      the username and the extension key.
      
      When knowing a username of a TER admin,
      it was also possible to perform TER admin
      commands (like deleting extensions) via SOAP
      0ecc7fc6
  15. 11 Aug, 2017 3 commits
  16. 10 Aug, 2017 1 commit
  17. 28 Jul, 2017 1 commit
  18. 19 Jul, 2017 1 commit
  19. 02 Mar, 2017 1 commit
  20. 27 Feb, 2017 1 commit