Issue #258 has been updated by Clément Oudot. Status changed from Feedback to Closed % Done changed from 80 to 100
I rework a little the way the messages are displayed (r105 and r107) Works for me, this issue wille be closed. Thanks for contributing it! ---------------------------------------- Bug #258: LTB advertises features even if not configured http://tools.lsc-project.org/issues/258 Author: Jonathan Clarke Status: Closed Priority: Normal Assigned to: Jonathan Clarke Category: Self Service Password Target version: self-service-password-0.4 Just checked out the latest trunk, and saw a few nice new features: reset password by questions and by token. This is great work! However, I edited my config, and did not adjust anything to do with these new features, since I don't want to use them at the moment (just a quick upgrade). But, I see links offering to change my questions, etc, anyway. Please find attached a proposed patch to add config switches for these features, and only display text for activated features. This patch also tightens what PHP files can be included in index.php (otherwise you could include myBadCrackerzFile.php by passing an appriopriate parameter. Unlikely exploit, but you never know: better safe than sorry :) ). -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
