Issue #258 has been reported by Jonathan Clarke. ---------------------------------------- Bug #258: LTB advertises features even if not configured http://tools.lsc-project.org/issues/258
Author: Jonathan Clarke Status: New Priority: Normal Assigned to: Category: Self Service Password Target version: self-service-password-0.4 Just checked out the latest trunk, and saw a few nice new features: reset password by questions and by token. This is great work! However, I edited my config, and did not adjust anything to do with these new features, since I don't want to use them at the moment (just a quick upgrade). But, I see links offering to change my questions, etc, anyway. Please find attached a proposed patch to add config switches for these features, and only display text for activated features. This patch also tightens what PHP files can be included in index.php (otherwise you could include myBadCrackerzFile.php by passing an appriopriate parameter. Unlikely exploit, but you never know: better safe than sorry :) ). -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
