aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web
Commit message (Collapse)AuthorAgeFilesLines
...
* | only validate headers that aren't "spoofable", which will be somewhat ↵zotlabs2017-09-031-3/+8
|/ | | | implementation dependent.
* some changes after testing server-to-server magic authzotlabs2017-08-311-2/+8
|
* now letsencrypt is creating a .htaccess file with re-write rules which kills ↵zotlabs2017-08-311-0/+12
| | | | most of our .well-known routes
* some issues with mod_display on very first anonymous page visit (prior to ↵zotlabs2017-08-301-3/+3
| | | | any browser cookies being set)
* httpsig - return an array with all the different signing possibilities ↵zotlabs2017-08-201-8/+21
| | | | enumerated
* mv HTTPSig to core - so we can use it as an auth methodzotlabs2017-08-171-0/+220
|
* more work on activitypub httpsignature verificationzotlabs2017-08-141-0/+14
|
* get rid of some more deprecated uses of $azotlabs2017-03-281-1/+1
|
* remove obsolete app argument from load_pdlzotlabs2017-03-281-1/+1
|
* move db_upgrade to zlibzotlabs2017-03-231-7/+10
|
* move admin permission decision out of the router - it is already provided in ↵zotlabs2017-02-251-6/+0
| | | | the module and the higher level check is causing some oembed redirect issues.
* typozotlabs2017-02-151-1/+1
|
* provide HTTP header parser which honours continuation lines and despite the ↵zotlabs2017-02-141-0/+46
| | | | fact that continuation lines have been deprecated - as they still exist in the wild.
* move dreamhost hack to pluginzotlabs2017-02-011-15/+10
|
* router error reportingzotlabs2016-12-091-6/+12
|
* [TASK] Update Doxyfile and fix Doxygen errors.Klaus Weidenbach2016-10-132-52/+70
| | | | | | Updated Doxyfile to include new folders. Add a list for @hooks tags. Fixed some parsing problems for Doxygen.
* more backticksredmatrix2016-10-031-5/+5
|
* document the SubModule class and provide an option to change where the ↵redmatrix2016-09-061-4/+16
| | | | submodule name is located in the url path
* use SubModule class for generalising submodules, move back to the ↵redmatrix2016-09-051-0/+31
| | | | zotlabs/module hierarchy
* missing sredmatrix2016-07-261-1/+1
|
* set App::$error on 404 so we don't get two 'Page not found.' page bodies.redmatrix2016-07-261-0/+1
|
* more ZAT workredmatrix2016-07-141-1/+8
|
* force non-null sess_dataredmatrix2016-07-111-1/+2
|
* channel homepage not providing content when javascript disabledredmatrix2016-06-211-0/+3
|
* support cookie auth in Sabre DAVredmatrix2016-06-141-1/+2
|
* more removal of reserved words from DB schemasredmatrix2016-05-311-3/+3
|
* consolidate all the sys_boot functionality that is common between the web ↵redmatrix2016-05-261-59/+1
| | | | server and the cli daemon manager. Get rid of yet another global variable ($default_timezone) whilst doing so.
* more work associated with DBA and index.php shuffleredmatrix2016-05-241-9/+6
|
* relocate index and dbredmatrix2016-05-241-0/+191
|
* This explains it all. Don't set the domain when creating a cookie. You'll ↵redmatrix2016-05-181-17/+10
| | | | get a wildcard and sessions will break if you have multiple domains running hubzilla (or any php basic session based code).
* Document what I know about the session regeneration issue. I'm really tired ↵redmatrix2016-05-181-0/+13
| | | | of fighting this darn thing. Sessions and cookies need to work.
* comment out session_regenerate until we get this sortedredmatrix2016-05-181-1/+1
|
* Revert "Revert "yet more session work""redmatrix2016-05-181-2/+2
| | | | This reverts commit 37d14f3a1dbc8b4fea6831585c746be4a6602fcb.
* Revert "yet more session work"redmatrix2016-05-181-2/+2
| | | | This reverts commit 51edd472c2e007490bdad3198ba1b2a3d7a09c45.
* support work for a long-term fix for issue #390, essentially one can specify ↵redmatrix2016-05-171-3/+5
| | | | a theme:schema string anywhere a theme is input. It will be honoured unless an existing schema setting over-rides this behaviour. This should also be backward compatible but the theme selection code has been cleaned up slightly and there may be subtle differences in behaviour after this commit. On my site this required a page refresh as the first page load after this change was a bit confused.
* yet more session workredmatrix2016-05-161-2/+2
|
* an issue related to #386redmatrix2016-05-161-0/+1
|
* more work on sessions and cookies, as some anomalies appeared in caldav and ↵redmatrix2016-05-161-13/+18
| | | | firefox which suggested deeper issues
* restrict static to the one function that requires itredmatrix2016-05-161-5/+5
|
* changes to session for cdev compatibilityredmatrix2016-05-161-6/+6
|
* try again with shutdown handler, fix issue #373 (live-pubstream div wasn't ↵redmatrix2016-05-101-1/+4
| | | | present
* provide a way for the router to support custom controller objects and allow ↵redmatrix2016-04-211-11/+28
| | | | plugins to register class objects as modules instead of the traditional procedural interface.
* change the 404 warning from the router to reflect the new architectureredmatrix2016-04-201-4/+5
|
* make the cookie check agnostic to cookie stateredmatrix2016-04-201-5/+3
|
* revert the reversal of checkjs logic, but still restrict the behaviour scope ↵redmatrix2016-04-201-1/+14
| | | | to just those urls that require it
* pull in the new object router and a few selected samples for the new ↵redmatrix2016-04-171-5/+14
| | | | controller layout
* cleanup and test of new routerredmatrix2016-04-151-39/+39
|
* get init() working with class modulesredmatrix2016-04-152-9/+27
|
* testing the new router/module coderedmatrix2016-04-151-1/+21
|
* refactor the js detection into a checkjs class which is only enabled on ↵redmatrix2016-04-131-0/+36
| | | | demand (currently only the channel and display pages). Will probably require a bit more work to hide/disable the cover photo when js is disabled. Have not actually tested without js to discover any other potential page issues. Have only confirmed that the detection class works and redirects to set a jsdisabled cookie and reload the page with that cookie+variable set if called from the channel page.