Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge pull request #862 from waitman/patch-4 | git-marijus | 2017-09-28 | 1 | -1/+5 |
|\ | | | | | prevent 'my_address' being set with bogus info | ||||
| * | prevent 'my_address' being set with bogus info | Waitman Gobble | 2017-09-18 | 1 | -1/+5 |
| | | | | | | After a user has authenticated, it is possible to set my_address in $_SESSION to 'anything' using zid= parameter in URL - if user is authenticated then zid is never set. This change kills the authenticated switch if a person sends a new zid through for processing, which will trigger remote authentication. | ||||
* | | move the Link header initialisation from Router (where it does not really ↵ | zotlabs | 2017-09-25 | 2 | -18/+28 |
| | | | | | | | | belong) to Webserver, where we do similar module specific initialisations prior to calling Router->Dispatch() | ||||
* | | typo | zotlabs | 2017-09-24 | 1 | -1/+1 |
| | | |||||
* | | For zot6, allow HTTP Signatures to be encrypted, as they may contain ↵ | zotlabs | 2017-09-24 | 1 | -6/+46 |
| | | | | | | | | sensitive (envelope, metadata) information. | ||||
* | | log the lack of http sig info | zotlabs | 2017-09-21 | 1 | -1/+3 |
| | | |||||
* | | provide a space between link header params | zotlabs | 2017-09-20 | 1 | -1/+1 |
| | | |||||
* | | add more signature logging | zotlabs | 2017-09-20 | 1 | -1/+7 |
| | | |||||
* | | add HTTP link header to channel page, making it pluggable | zotlabs | 2017-09-20 | 1 | -0/+19 |
|/ | |||||
* | more zot6 | zotlabs | 2017-09-13 | 1 | -1/+6 |
| | |||||
* | owa - first commit | zotlabs | 2017-09-07 | 2 | -0/+14 |
| | |||||
* | some more prep work for Zot VI - some of this will need to be undone or at ↵ | zotlabs | 2017-09-04 | 1 | -3/+10 |
| | | | | least re-arranged later but we need to bootstrap a test environment. | ||||
* | Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_merge | zotlabs | 2017-09-03 | 1 | -1/+1 |
|\ | |||||
| * | add combined index for item.uid and item.item_unseen. this speeds up ↵ | Mario Vavti | 2017-09-01 | 1 | -1/+1 |
| | | | | | | | | notifications by a magnitude. | ||||
* | | only validate headers that aren't "spoofable", which will be somewhat ↵ | zotlabs | 2017-09-03 | 1 | -3/+8 |
|/ | | | | implementation dependent. | ||||
* | some changes after testing server-to-server magic auth | zotlabs | 2017-08-31 | 1 | -2/+8 |
| | |||||
* | now letsencrypt is creating a .htaccess file with re-write rules which kills ↵ | zotlabs | 2017-08-31 | 1 | -0/+12 |
| | | | | most of our .well-known routes | ||||
* | some issues with mod_display on very first anonymous page visit (prior to ↵ | zotlabs | 2017-08-30 | 1 | -3/+3 |
| | | | | any browser cookies being set) | ||||
* | httpsig - return an array with all the different signing possibilities ↵ | zotlabs | 2017-08-20 | 1 | -8/+21 |
| | | | | enumerated | ||||
* | mv HTTPSig to core - so we can use it as an auth method | zotlabs | 2017-08-17 | 1 | -0/+220 |
| | |||||
* | more work on activitypub httpsignature verification | zotlabs | 2017-08-14 | 1 | -0/+14 |
| | |||||
* | get rid of some more deprecated uses of $a | zotlabs | 2017-03-28 | 1 | -1/+1 |
| | |||||
* | remove obsolete app argument from load_pdl | zotlabs | 2017-03-28 | 1 | -1/+1 |
| | |||||
* | move db_upgrade to zlib | zotlabs | 2017-03-23 | 1 | -7/+10 |
| | |||||
* | move admin permission decision out of the router - it is already provided in ↵ | zotlabs | 2017-02-25 | 1 | -6/+0 |
| | | | | the module and the higher level check is causing some oembed redirect issues. | ||||
* | typo | zotlabs | 2017-02-15 | 1 | -1/+1 |
| | |||||
* | provide HTTP header parser which honours continuation lines and despite the ↵ | zotlabs | 2017-02-14 | 1 | -0/+46 |
| | | | | fact that continuation lines have been deprecated - as they still exist in the wild. | ||||
* | move dreamhost hack to plugin | zotlabs | 2017-02-01 | 1 | -15/+10 |
| | |||||
* | router error reporting | zotlabs | 2016-12-09 | 1 | -6/+12 |
| | |||||
* | [TASK] Update Doxyfile and fix Doxygen errors. | Klaus Weidenbach | 2016-10-13 | 2 | -52/+70 |
| | | | | | | Updated Doxyfile to include new folders. Add a list for @hooks tags. Fixed some parsing problems for Doxygen. | ||||
* | more backticks | redmatrix | 2016-10-03 | 1 | -5/+5 |
| | |||||
* | document the SubModule class and provide an option to change where the ↵ | redmatrix | 2016-09-06 | 1 | -4/+16 |
| | | | | submodule name is located in the url path | ||||
* | use SubModule class for generalising submodules, move back to the ↵ | redmatrix | 2016-09-05 | 1 | -0/+31 |
| | | | | zotlabs/module hierarchy | ||||
* | missing s | redmatrix | 2016-07-26 | 1 | -1/+1 |
| | |||||
* | set App::$error on 404 so we don't get two 'Page not found.' page bodies. | redmatrix | 2016-07-26 | 1 | -0/+1 |
| | |||||
* | more ZAT work | redmatrix | 2016-07-14 | 1 | -1/+8 |
| | |||||
* | force non-null sess_data | redmatrix | 2016-07-11 | 1 | -1/+2 |
| | |||||
* | channel homepage not providing content when javascript disabled | redmatrix | 2016-06-21 | 1 | -0/+3 |
| | |||||
* | support cookie auth in Sabre DAV | redmatrix | 2016-06-14 | 1 | -1/+2 |
| | |||||
* | more removal of reserved words from DB schemas | redmatrix | 2016-05-31 | 1 | -3/+3 |
| | |||||
* | consolidate all the sys_boot functionality that is common between the web ↵ | redmatrix | 2016-05-26 | 1 | -59/+1 |
| | | | | server and the cli daemon manager. Get rid of yet another global variable ($default_timezone) whilst doing so. | ||||
* | more work associated with DBA and index.php shuffle | redmatrix | 2016-05-24 | 1 | -9/+6 |
| | |||||
* | relocate index and db | redmatrix | 2016-05-24 | 1 | -0/+191 |
| | |||||
* | This explains it all. Don't set the domain when creating a cookie. You'll ↵ | redmatrix | 2016-05-18 | 1 | -17/+10 |
| | | | | get a wildcard and sessions will break if you have multiple domains running hubzilla (or any php basic session based code). | ||||
* | Document what I know about the session regeneration issue. I'm really tired ↵ | redmatrix | 2016-05-18 | 1 | -0/+13 |
| | | | | of fighting this darn thing. Sessions and cookies need to work. | ||||
* | comment out session_regenerate until we get this sorted | redmatrix | 2016-05-18 | 1 | -1/+1 |
| | |||||
* | Revert "Revert "yet more session work"" | redmatrix | 2016-05-18 | 1 | -2/+2 |
| | | | | This reverts commit 37d14f3a1dbc8b4fea6831585c746be4a6602fcb. | ||||
* | Revert "yet more session work" | redmatrix | 2016-05-18 | 1 | -2/+2 |
| | | | | This reverts commit 51edd472c2e007490bdad3198ba1b2a3d7a09c45. | ||||
* | support work for a long-term fix for issue #390, essentially one can specify ↵ | redmatrix | 2016-05-17 | 1 | -3/+5 |
| | | | | a theme:schema string anywhere a theme is input. It will be honoured unless an existing schema setting over-rides this behaviour. This should also be backward compatible but the theme selection code has been cleaned up slightly and there may be subtle differences in behaviour after this commit. On my site this required a page refresh as the first page load after this change was a bit confused. | ||||
* | yet more session work | redmatrix | 2016-05-16 | 1 | -2/+2 |
| |