Issue #258 has been updated by Jonathan Clarke. Status changed from New to Feedback Assigned to set to Jonathan Clarke % Done changed from 0 to 80
Committed as requested. Needs testing and translation updates though! ---------------------------------------- Bug #258: LTB advertises features even if not configured http://tools.lsc-project.org/issues/258 Author: Jonathan Clarke Status: Feedback Priority: Normal Assigned to: Jonathan Clarke Category: Self Service Password Target version: self-service-password-0.4 Just checked out the latest trunk, and saw a few nice new features: reset password by questions and by token. This is great work! However, I edited my config, and did not adjust anything to do with these new features, since I don't want to use them at the moment (just a quick upgrade). But, I see links offering to change my questions, etc, anyway. Please find attached a proposed patch to add config switches for these features, and only display text for activated features. This patch also tightens what PHP files can be included in index.php (otherwise you could include myBadCrackerzFile.php by passing an appriopriate parameter. Unlikely exploit, but you never know: better safe than sorry :) ). -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
