aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #862 from waitman/patch-4git-marijus2017-09-281-1/+5
|\ | | | | prevent 'my_address' being set with bogus info
| * prevent 'my_address' being set with bogus infoWaitman Gobble2017-09-181-1/+5
| | | | | | After a user has authenticated, it is possible to set my_address in $_SESSION to 'anything' using zid= parameter in URL - if user is authenticated then zid is never set. This change kills the authenticated switch if a person sends a new zid through for processing, which will trigger remote authentication.
* | move the Link header initialisation from Router (where it does not really ↵zotlabs2017-09-252-18/+28
| | | | | | | | belong) to Webserver, where we do similar module specific initialisations prior to calling Router->Dispatch()
* | typozotlabs2017-09-241-1/+1
| |
* | For zot6, allow HTTP Signatures to be encrypted, as they may contain ↵zotlabs2017-09-241-6/+46
| | | | | | | | sensitive (envelope, metadata) information.
* | log the lack of http sig infozotlabs2017-09-211-1/+3
| |
* | provide a space between link header paramszotlabs2017-09-201-1/+1
| |
* | add more signature loggingzotlabs2017-09-201-1/+7
| |
* | add HTTP link header to channel page, making it pluggablezotlabs2017-09-201-0/+19
|/
* more zot6zotlabs2017-09-131-1/+6
|
* owa - first commitzotlabs2017-09-072-0/+14
|
* some more prep work for Zot VI - some of this will need to be undone or at ↵zotlabs2017-09-041-3/+10
| | | | least re-arranged later but we need to bootstrap a test environment.
* Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_mergezotlabs2017-09-031-1/+1
|\
| * add combined index for item.uid and item.item_unseen. this speeds up ↵Mario Vavti2017-09-011-1/+1
| | | | | | | | notifications by a magnitude.
* | only validate headers that aren't "spoofable", which will be somewhat ↵zotlabs2017-09-031-3/+8
|/ | | | implementation dependent.
* some changes after testing server-to-server magic authzotlabs2017-08-311-2/+8
|
* now letsencrypt is creating a .htaccess file with re-write rules which kills ↵zotlabs2017-08-311-0/+12
| | | | most of our .well-known routes
* some issues with mod_display on very first anonymous page visit (prior to ↵zotlabs2017-08-301-3/+3
| | | | any browser cookies being set)
* httpsig - return an array with all the different signing possibilities ↵zotlabs2017-08-201-8/+21
| | | | enumerated
* mv HTTPSig to core - so we can use it as an auth methodzotlabs2017-08-171-0/+220
|
* more work on activitypub httpsignature verificationzotlabs2017-08-141-0/+14
|
* get rid of some more deprecated uses of $azotlabs2017-03-281-1/+1
|
* remove obsolete app argument from load_pdlzotlabs2017-03-281-1/+1
|
* move db_upgrade to zlibzotlabs2017-03-231-7/+10
|
* move admin permission decision out of the router - it is already provided in ↵zotlabs2017-02-251-6/+0
| | | | the module and the higher level check is causing some oembed redirect issues.
* typozotlabs2017-02-151-1/+1
|
* provide HTTP header parser which honours continuation lines and despite the ↵zotlabs2017-02-141-0/+46
| | | | fact that continuation lines have been deprecated - as they still exist in the wild.
* move dreamhost hack to pluginzotlabs2017-02-011-15/+10
|
* router error reportingzotlabs2016-12-091-6/+12
|
* [TASK] Update Doxyfile and fix Doxygen errors.Klaus Weidenbach2016-10-132-52/+70
| | | | | | Updated Doxyfile to include new folders. Add a list for @hooks tags. Fixed some parsing problems for Doxygen.
* more backticksredmatrix2016-10-031-5/+5
|
* document the SubModule class and provide an option to change where the ↵redmatrix2016-09-061-4/+16
| | | | submodule name is located in the url path
* use SubModule class for generalising submodules, move back to the ↵redmatrix2016-09-051-0/+31
| | | | zotlabs/module hierarchy
* missing sredmatrix2016-07-261-1/+1
|
* set App::$error on 404 so we don't get two 'Page not found.' page bodies.redmatrix2016-07-261-0/+1
|
* more ZAT workredmatrix2016-07-141-1/+8
|
* force non-null sess_dataredmatrix2016-07-111-1/+2
|
* channel homepage not providing content when javascript disabledredmatrix2016-06-211-0/+3
|
* support cookie auth in Sabre DAVredmatrix2016-06-141-1/+2
|
* more removal of reserved words from DB schemasredmatrix2016-05-311-3/+3
|
* consolidate all the sys_boot functionality that is common between the web ↵redmatrix2016-05-261-59/+1
| | | | server and the cli daemon manager. Get rid of yet another global variable ($default_timezone) whilst doing so.
* more work associated with DBA and index.php shuffleredmatrix2016-05-241-9/+6
|
* relocate index and dbredmatrix2016-05-241-0/+191
|
* This explains it all. Don't set the domain when creating a cookie. You'll ↵redmatrix2016-05-181-17/+10
| | | | get a wildcard and sessions will break if you have multiple domains running hubzilla (or any php basic session based code).
* Document what I know about the session regeneration issue. I'm really tired ↵redmatrix2016-05-181-0/+13
| | | | of fighting this darn thing. Sessions and cookies need to work.
* comment out session_regenerate until we get this sortedredmatrix2016-05-181-1/+1
|
* Revert "Revert "yet more session work""redmatrix2016-05-181-2/+2
| | | | This reverts commit 37d14f3a1dbc8b4fea6831585c746be4a6602fcb.
* Revert "yet more session work"redmatrix2016-05-181-2/+2
| | | | This reverts commit 51edd472c2e007490bdad3198ba1b2a3d7a09c45.
* support work for a long-term fix for issue #390, essentially one can specify ↵redmatrix2016-05-171-3/+5
| | | | a theme:schema string anywhere a theme is input. It will be honoured unless an existing schema setting over-rides this behaviour. This should also be backward compatible but the theme selection code has been cleaned up slightly and there may be subtle differences in behaviour after this commit. On my site this required a page refresh as the first page load after this change was a bit confused.
* yet more session workredmatrix2016-05-161-2/+2
|