1. 24 Nov, 2017 1 commit
  2. 16 Nov, 2017 4 commits
    • Dave Cridland's avatar
      Fix client route removal (#930) · 92293147
      Dave Cridland authored
      Cut/paste error in removeClientRoute() caused old sessions to be
      kept around.
      
      In order to help debug this, I also added some detailing to
      session-details.jsp which turned out not to be needed. But it
      might prove useful/interesting.
      92293147
    • Dave Cridland's avatar
      Fix several security issues in 4.2 (#929) · 7ff1f730
      Dave Cridland authored
      * OF-1417 CVE-2017-15911 Fix XSS issues in host setup
      
      * OF-1329 Prevent session fixation attack
      
      * OF-1403 Escape group name in MUC admin
      
      * OF-1393 Make randomString more random
      
      * OF-1400 Escape servername field
      
      * OF-1401 Validate SMS host and escape error message
      7ff1f730
    • Dmitry Deshevoy's avatar
      Set correct sequence number in the <resumed/> element · 56ac5211
      Dmitry Deshevoy authored
      According to XEP-0198 'h' attribute should be set to the sequence number
      of the last handled stanza sent over the former stream from the client to the server
      56ac5211
    • Paweł Ścibiorski's avatar
      Test was looking trying to assure that English names for time units are the... · 04628004
      Paweł Ścibiorski authored
      Test was looking trying to assure that English names for time units are the same as foreignin. That was causing problems while I was building Openfire and units were named in Polish (e.g. second - sekunda). (#925)
      
      04628004
  3. 15 Nov, 2017 1 commit
  4. 14 Nov, 2017 9 commits
    • akrherz's avatar
      remove now-unneeded return statements · 22bf8d26
      akrherz authored
      22bf8d26
    • akrherz's avatar
      ensure all files end with line feed · 66b3cb97
      akrherz authored
      command form this time was
      git ls-files  '*.jsp' | while read f; do tail -n1 $f | read -r _ || echo >> $f; done
      66b3cb97
    • akrherz's avatar
      replace tabs with spaces, when tabs start the line · 42f2cd51
      akrherz authored
      the command line form was
      find . -name '*.jsp' ! -type d -exec bash -c 'expand -i -t 4 "$0" > /tmp/e && mv /tmp/e "$0"' {} \;
      42f2cd51
    • akrherz's avatar
      remove CRLF from *.{html,css,sql,xml,js,properties,jspf,java,jsp} · 0bc646f9
      akrherz authored
      all done via the magic of dos2unix
      0bc646f9
    • GregDThomas's avatar
    • Dave Cridland's avatar
      OF-1309 Route based on DomainPairs (#916) · 5815efc8
      Dave Cridland authored
      * OF-1309 Route based on DomainPairs
      
      * Fixes found during test
      
      * Fixes found during test II
      
      * Fixes in plugins (Kraken)
      
      * Update minServerVersion/version for Kraken
      5815efc8
    • Guus der Kinderen's avatar
      OF-210: Additional work. (#923) · fa6beb91
      Guus der Kinderen authored
      * Support for Roster Versioning (without send the modifications via roster pushes)
      
      * Roster versioning comparison clearing
      
      * Implementation Note: This empty IQ-result is different from an empty <query/> element, thus disambiguating this usage from an empty roster.
      
      * Avoid cache miss while updating roster
      
      When the roster is updated via group renaming, group user adding or removing, the roster pushes only happen if there is a cache hit. If there is a cache miss (what can happen if the cache is full or if the admin cleaned up the cache) the user is not properly notified about the roster update. Thus only update rosters in memory can lead to this undesired behavior.
      
      This commit avoids the use of the cache directly (where there can be a cache miss or a cache hit). It is using the method getRoster(username) that instantiante a new Roster in the case of a cache miss.
      
      * Clarify the code
      
      * OF-210: Base roster version on its hashCode.
      
      This commit removes all fields from the Roster class that do not relate to its state
      (replacing them with method variables - which seems harmless, as they're all final
      singletons). This allows for an easy override of Object#hashCode() and equals().
      These, in turn, are used to calculate the roster version from.
      
      * Simplified loop
      
      * Prevent potential NPEs.
      
      * Log exceptions for exceptions that cannot happen.
      
      If they cannot happen, we should scream murder if they do...
      
      * OF-210: Roster versioning enabled by default.
      fa6beb91
    • akrherz's avatar
      OF-1286 sync Openfire's truststore with Mozzila's shipped CAs · 1494c6b2
      akrherz authored
      Simply repeated dwd's commit 73b59106 on Ubuntu Trusty (20170717~14.04.1)
      1494c6b2
    • Dave Cridland's avatar
      OF-1427 Respond to PEP node disco#info · ca435745
      Dave Cridland authored
      ca435745
  5. 13 Nov, 2017 8 commits
  6. 06 Nov, 2017 1 commit
  7. 03 Nov, 2017 8 commits
  8. 02 Nov, 2017 2 commits
  9. 31 Oct, 2017 3 commits
  10. 30 Oct, 2017 1 commit
  11. 27 Oct, 2017 2 commits