aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web
Commit message (Collapse)AuthorAgeFilesLines
* verify some edge case http signatureszotlabs2018-10-111-4/+2
|
* SECURITY: signature issuezotlabs2018-10-091-0/+15
|
* Page meta propertiesM. Dent2018-09-221-2/+13
|
* prepare submodule to interact with routeMario Vavti2018-09-171-0/+17
|
* checkjs fix ($page not bin-hex in all cases)zotlabs2018-07-191-2/+2
|
* mangled urls on redirectszotlabs2018-07-181-1/+1
|
* functions to support module and widget registration by plugins. These have ↵zotlabs2018-07-121-7/+25
| | | | identical construction to core modules and widgets and are registered just like hooks during addon load. Also additional Apps functions addon_app_installed() and system_app_installed() which will eventually replace feature_installed() for features which are converted to apps. The convention being used is that the module associated with the app calls the appropriate *_app_installed() function and if not present emits descriptive text about the app and exits. This allows one to click on an 'available' app and learn about it. Once installed, the app module behaves normally and may offer functionality or what once were addon settings on the settings/featured page. Refer to zap-addons in the zap repository for examples of how this is being used to eliminate the 'additional features' and 'addon settings' pages.
* as_fetch depends on the pubcrawl plugin, but is referenced in core. Ensure ↵zotlabs2018-04-221-1/+3
| | | | that it doesn't chuck a wobbly if the function isn't found. This is undergoing significant revision for zot6 so this action is considered a short-term workaround until that work work stabilises.
* draft-cavage issueszotlabs2018-04-151-3/+9
|
* accept system_language through either get or postzotlabs2018-04-121-3/+3
|
* :white_check_mark: Unit Test for HTTPSig.Klaus Weidenbach2018-02-281-30/+87
|
* zot6 testingzotlabs2018-02-081-6/+1
|
* missing quotezotlabs2018-02-081-1/+1
|
* loggingzotlabs2018-02-081-1/+3
|
* z6 testingzotlabs2018-02-081-1/+1
|
* debug the crypto functionzotlabs2018-02-071-0/+3
|
* Merge branch 'master' into z6zotlabs2018-02-052-34/+47
|\
| * simplify webserver logic flow, remove obsolete $a from routerzotlabs2018-01-182-34/+47
| |
* | z6 deliverzotlabs2018-01-161-0/+15
|/
* cleanup of last fixzotlabs2018-01-131-1/+1
|
* unexpected openssl resultzotlabs2018-01-131-1/+1
|
* Fix whitespace formattingMatthew Dent2017-12-231-14/+14
|
* fix dupe bug in content hooksM.Dent2017-12-231-15/+15
|
* fix typo in HTTPSigMario Vavti2017-12-041-1/+1
|
* :bulb: Improving Doxygen documentation.Klaus Weidenbach2017-11-031-15/+25
| | | | | Fix some Doxygen parsing errors. Improve hooks documentation.
* sort out the notification idszotlabs2017-10-121-1/+2
|
* experimental new notifications - needs pconfig experimental_notif set to 1 ↵Mario Vavti2017-10-081-1/+1
| | | | for your channel to work.
* Merge pull request #862 from waitman/patch-4git-marijus2017-09-281-1/+5
|\ | | | | prevent 'my_address' being set with bogus info
| * prevent 'my_address' being set with bogus infoWaitman Gobble2017-09-181-1/+5
| | | | | | After a user has authenticated, it is possible to set my_address in $_SESSION to 'anything' using zid= parameter in URL - if user is authenticated then zid is never set. This change kills the authenticated switch if a person sends a new zid through for processing, which will trigger remote authentication.
* | move the Link header initialisation from Router (where it does not really ↵zotlabs2017-09-252-18/+28
| | | | | | | | belong) to Webserver, where we do similar module specific initialisations prior to calling Router->Dispatch()
* | typozotlabs2017-09-241-1/+1
| |
* | For zot6, allow HTTP Signatures to be encrypted, as they may contain ↵zotlabs2017-09-241-6/+46
| | | | | | | | sensitive (envelope, metadata) information.
* | log the lack of http sig infozotlabs2017-09-211-1/+3
| |
* | provide a space between link header paramszotlabs2017-09-201-1/+1
| |
* | add more signature loggingzotlabs2017-09-201-1/+7
| |
* | add HTTP link header to channel page, making it pluggablezotlabs2017-09-201-0/+19
|/
* more zot6zotlabs2017-09-131-1/+6
|
* owa - first commitzotlabs2017-09-072-0/+14
|
* some more prep work for Zot VI - some of this will need to be undone or at ↵zotlabs2017-09-041-3/+10
| | | | least re-arranged later but we need to bootstrap a test environment.
* Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_mergezotlabs2017-09-031-1/+1
|\
| * add combined index for item.uid and item.item_unseen. this speeds up ↵Mario Vavti2017-09-011-1/+1
| | | | | | | | notifications by a magnitude.
* | only validate headers that aren't "spoofable", which will be somewhat ↵zotlabs2017-09-031-3/+8
|/ | | | implementation dependent.
* some changes after testing server-to-server magic authzotlabs2017-08-311-2/+8
|
* now letsencrypt is creating a .htaccess file with re-write rules which kills ↵zotlabs2017-08-311-0/+12
| | | | most of our .well-known routes
* some issues with mod_display on very first anonymous page visit (prior to ↵zotlabs2017-08-301-3/+3
| | | | any browser cookies being set)
* httpsig - return an array with all the different signing possibilities ↵zotlabs2017-08-201-8/+21
| | | | enumerated
* mv HTTPSig to core - so we can use it as an auth methodzotlabs2017-08-171-0/+220
|
* more work on activitypub httpsignature verificationzotlabs2017-08-141-0/+14
|
* get rid of some more deprecated uses of $azotlabs2017-03-281-1/+1
|
* remove obsolete app argument from load_pdlzotlabs2017-03-281-1/+1
|