mschop

I was able to bypass all false positives. For me the goal is to reach an MSI of 100% in some libraries. No build should succeed, if the line coverage...

:+1: I just ran into that problem as well. This issue is open for 4 years now. Is there a solution now? Otherwise I will build an own implementation.

@lenamtl > and I removed all encode_html from all pages. This produces security vulnerabilities. This is really critical as your whole system could be compromised through this security vulnerability.

I looked into the issue now and would like to summarize first: - The file path is normalized to non special chars. `testé.txt` becomes `teste.txt` - The file name is...

Normally deleting encode_html from `file-upload.php` function upload_add_to_database should be enough for solving this issue.

Makes absolutely sense. We should implement 2fa for the next bigger release. As there are many options for implementing 2fa, a little research should be done on the best implementation...

@ignacionelson I would recommend not using a hook system for providing a plugin system. The much cleaner approach is using a dependency injection container and the decorator pattern. I think...

@ignacionelson Cookie-Hint should be added, too. See linked issue.

The real problem is, that PHP has not provided an PDOInterface. A real decorator does implement the interface for being compatible with existing implementations. This is not possible here. Therefore...

@kelunik Can you give an example, how to achieve this? This i a big blocker for me right now, because the server does not support keep-alive.