From: wolfgang Date: Mon, 5 Feb 2007 22:09:38 +0000 (+0000) Subject: git-svn-id: http://svn.opengroupware.org/SOGo/inverse/trunk@1016 d1b88da0-ebda-0310... X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19b343fc43b2eae146855250a26d4273029fa4d9;p=scalable-opengroupware.org git-svn-id: http://svn.opengroupware.org/SOGo/inverse/trunk@1016 d1b88da0-ebda-0310-925b-ed51d893ca5b --- diff --git a/ChangeLog b/ChangeLog index 516357d9..68a071c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,17 @@ +2007-02-05 Wolfgang Sourdeau + + * SoObjects/SOGo/SOGoAuthenticator.m ([SOGoAuthenticator + -checkLogin:_loginpassword:_pwd]): fixed a bug where a wrong + password would be accepted anyway as long as its length was > 0. + This can be the case ONLY when LDAP is disabled otherwise we have + a serious security issue... + + * SoObjects/Appointments/SOGoAppointmentObject.m + ([SOGoAppointmentObject -roleOfUser:logininContext:context]): if a + user is not an organizer nor a participant, he is declared as + "Owner" if he owns the calendar the entry where the entry is + contained. Other cases should not be possible. + 2007-02-02 Wolfgang Sourdeau * UI/Contacts/UIxContactEditor.m: display and handle the new diff --git a/SoObjects/Appointments/SOGoAppointmentObject.m b/SoObjects/Appointments/SOGoAppointmentObject.m index cd2d9070..e9c9b73f 100644 --- a/SoObjects/Appointments/SOGoAppointmentObject.m +++ b/SoObjects/Appointments/SOGoAppointmentObject.m @@ -550,6 +550,8 @@ role = @"Organizer"; else if ([event isParticipant: email]) role = @"Participant"; + else if ([[[self container] ownerInContext: nil] isEqualToString: login]) + role = @"SoRole_Owner"; else role = nil; diff --git a/SoObjects/SOGo/SOGoAuthenticator.m b/SoObjects/SOGo/SOGoAuthenticator.m index a44d5532..18c00d27 100644 --- a/SoObjects/SOGo/SOGoAuthenticator.m +++ b/SoObjects/SOGo/SOGoAuthenticator.m @@ -72,11 +72,16 @@ static SOGoAuthenticator *auth = nil; - (BOOL) checkLogin: (NSString *) _login password: (NSString *) _pwd { + BOOL accept; + + if ([authMethod isEqualToString: @"LDAP"]) + accept = [self LDAPCheckLogin: _login password: _pwd]; + else + accept = ([_login length] > 0); + return (([_login isEqualToString: @"freebusy"] && [_pwd isEqualToString: @"freebusy"]) - || ([authMethod isEqualToString: @"LDAP"] - && [self LDAPCheckLogin: _login password: _pwd]) - || [_login length] > 0); + || accept); } - (BOOL) LDAPCheckLogin: (NSString *) _login diff --git a/UI/Contacts/English.lproj/Localizable.strings b/UI/Contacts/English.lproj/Localizable.strings index 739f2a1d..8f237d56 100644 --- a/UI/Contacts/English.lproj/Localizable.strings +++ b/UI/Contacts/English.lproj/Localizable.strings @@ -30,7 +30,7 @@ "invalidemailwarn" = "invalidemailwarn"; "new" = "new"; -"Name or Address" = "Name or Address"; +"Name or Email" = "Name or Email"; "Personal Addressbook" = "Personal Addressbook"; "Search in Addressbook" = "Search in Addressbook"; diff --git a/UI/Contacts/French.lproj/Localizable.strings b/UI/Contacts/French.lproj/Localizable.strings index 4892982f..dd95584b 100644 --- a/UI/Contacts/French.lproj/Localizable.strings +++ b/UI/Contacts/French.lproj/Localizable.strings @@ -28,7 +28,7 @@ "invalidemailwarn" = "Champ de l'email invalide, continuer quand même ?"; "new" = "Nouveau"; -"Name or Address" = "Le nom ou l'adresse"; +"Name or Email" = "Le nom ou l'adresse"; "Personal Addressbook" = "Adresses personnelles"; "Search in Addressbook" = "Carnet d'adresses..."; diff --git a/UI/Templates/ContactsUI/UIxContactsFilterPanel.wox b/UI/Templates/ContactsUI/UIxContactsFilterPanel.wox index ae498506..54614dc0 100644 --- a/UI/Templates/ContactsUI/UIxContactsFilterPanel.wox +++ b/UI/Templates/ContactsUI/UIxContactsFilterPanel.wox @@ -9,7 +9,7 @@
  • + onmouseup="setSearchCriteria(event);">