aboutsummaryrefslogtreecommitdiffstats
path: root/install/update.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-07-29 20:13:01 -0700
committerfriendica <info@friendica.com>2014-07-29 20:13:01 -0700
commit35ed18967a61e9871becbe6676603ce8e43eeec3 (patch)
tree1c2694dbbd956db6e5fc5dfce3a1d980203b4fb9 /install/update.php
parentc8829e72434c4d5342d9b2c4a4f22b33e8ea1887 (diff)
downloadvolse-hubzilla-35ed18967a61e9871becbe6676603ce8e43eeec3.tar.gz
volse-hubzilla-35ed18967a61e9871becbe6676603ce8e43eeec3.tar.bz2
volse-hubzilla-35ed18967a61e9871becbe6676603ce8e43eeec3.zip
block channel removal for 48 hours after changing the account password, since the password is required to remove a channel. Somebody looking at an open session on somebody else's computer can simply change the password and then proceed to maliciously remove the channel. This change gives the owner 2 days to discover that something is wrong and recover his/her password and potentially save their channel from getting erased by the vandal. This is most likely to happen if a relationship has gone bad, or something incriminating was found in your private messages when you left your computer briefly unattended.
Diffstat (limited to 'install/update.php')
-rw-r--r--install/update.php11
1 files changed, 10 insertions, 1 deletions
diff --git a/install/update.php b/install/update.php
index 5bc5c9aa3..0818cc888 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
<?php
-define( 'UPDATE_VERSION' , 1118 );
+define( 'UPDATE_VERSION' , 1119 );
/**
*
@@ -1314,3 +1314,12 @@ DROP INDEX `channel_a_bookmark` , ADD INDEX `channel_w_like` ( `channel_w_like`
}
+function update_r1118() {
+ $r = q("ALTER TABLE `account` ADD `account_password_changed` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
+ADD INDEX ( `account_password_changed` )");
+ if($r)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+}
+
+