aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web
Commit message (Collapse)AuthorAgeFilesLines
* sort out the notification idszotlabs2017-10-121-1/+2
|
* experimental new notifications - needs pconfig experimental_notif set to 1 ↵Mario Vavti2017-10-081-1/+1
| | | | for your channel to work.
* Merge pull request #862 from waitman/patch-4git-marijus2017-09-281-1/+5
|\ | | | | prevent 'my_address' being set with bogus info
| * prevent 'my_address' being set with bogus infoWaitman Gobble2017-09-181-1/+5
| | | | | | After a user has authenticated, it is possible to set my_address in $_SESSION to 'anything' using zid= parameter in URL - if user is authenticated then zid is never set. This change kills the authenticated switch if a person sends a new zid through for processing, which will trigger remote authentication.
* | move the Link header initialisation from Router (where it does not really ↵zotlabs2017-09-252-18/+28
| | | | | | | | belong) to Webserver, where we do similar module specific initialisations prior to calling Router->Dispatch()
* | typozotlabs2017-09-241-1/+1
| |
* | For zot6, allow HTTP Signatures to be encrypted, as they may contain ↵zotlabs2017-09-241-6/+46
| | | | | | | | sensitive (envelope, metadata) information.
* | log the lack of http sig infozotlabs2017-09-211-1/+3
| |
* | provide a space between link header paramszotlabs2017-09-201-1/+1
| |
* | add more signature loggingzotlabs2017-09-201-1/+7
| |
* | add HTTP link header to channel page, making it pluggablezotlabs2017-09-201-0/+19
|/
* more zot6zotlabs2017-09-131-1/+6
|
* owa - first commitzotlabs2017-09-072-0/+14
|
* some more prep work for Zot VI - some of this will need to be undone or at ↵zotlabs2017-09-041-3/+10
| | | | least re-arranged later but we need to bootstrap a test environment.
* Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_mergezotlabs2017-09-031-1/+1
|\
| * add combined index for item.uid and item.item_unseen. this speeds up ↵Mario Vavti2017-09-011-1/+1
| | | | | | | | notifications by a magnitude.
* | only validate headers that aren't "spoofable", which will be somewhat ↵zotlabs2017-09-031-3/+8
|/ | | | implementation dependent.
* some changes after testing server-to-server magic authzotlabs2017-08-311-2/+8
|
* now letsencrypt is creating a .htaccess file with re-write rules which kills ↵zotlabs2017-08-311-0/+12
| | | | most of our .well-known routes
* some issues with mod_display on very first anonymous page visit (prior to ↵zotlabs2017-08-301-3/+3
| | | | any browser cookies being set)
* httpsig - return an array with all the different signing possibilities ↵zotlabs2017-08-201-8/+21
| | | | enumerated
* mv HTTPSig to core - so we can use it as an auth methodzotlabs2017-08-171-0/+220
|
* more work on activitypub httpsignature verificationzotlabs2017-08-141-0/+14
|
* get rid of some more deprecated uses of $azotlabs2017-03-281-1/+1
|
* remove obsolete app argument from load_pdlzotlabs2017-03-281-1/+1
|
* move db_upgrade to zlibzotlabs2017-03-231-7/+10
|
* move admin permission decision out of the router - it is already provided in ↵zotlabs2017-02-251-6/+0
| | | | the module and the higher level check is causing some oembed redirect issues.
* typozotlabs2017-02-151-1/+1
|
* provide HTTP header parser which honours continuation lines and despite the ↵zotlabs2017-02-141-0/+46
| | | | fact that continuation lines have been deprecated - as they still exist in the wild.
* move dreamhost hack to pluginzotlabs2017-02-011-15/+10
|
* router error reportingzotlabs2016-12-091-6/+12
|
* [TASK] Update Doxyfile and fix Doxygen errors.Klaus Weidenbach2016-10-132-52/+70
| | | | | | Updated Doxyfile to include new folders. Add a list for @hooks tags. Fixed some parsing problems for Doxygen.
* more backticksredmatrix2016-10-031-5/+5
|
* document the SubModule class and provide an option to change where the ↵redmatrix2016-09-061-4/+16
| | | | submodule name is located in the url path
* use SubModule class for generalising submodules, move back to the ↵redmatrix2016-09-051-0/+31
| | | | zotlabs/module hierarchy
* missing sredmatrix2016-07-261-1/+1
|
* set App::$error on 404 so we don't get two 'Page not found.' page bodies.redmatrix2016-07-261-0/+1
|
* more ZAT workredmatrix2016-07-141-1/+8
|
* force non-null sess_dataredmatrix2016-07-111-1/+2
|
* channel homepage not providing content when javascript disabledredmatrix2016-06-211-0/+3
|
* support cookie auth in Sabre DAVredmatrix2016-06-141-1/+2
|
* more removal of reserved words from DB schemasredmatrix2016-05-311-3/+3
|
* consolidate all the sys_boot functionality that is common between the web ↵redmatrix2016-05-261-59/+1
| | | | server and the cli daemon manager. Get rid of yet another global variable ($default_timezone) whilst doing so.
* more work associated with DBA and index.php shuffleredmatrix2016-05-241-9/+6
|
* relocate index and dbredmatrix2016-05-241-0/+191
|
* This explains it all. Don't set the domain when creating a cookie. You'll ↵redmatrix2016-05-181-17/+10
| | | | get a wildcard and sessions will break if you have multiple domains running hubzilla (or any php basic session based code).
* Document what I know about the session regeneration issue. I'm really tired ↵redmatrix2016-05-181-0/+13
| | | | of fighting this darn thing. Sessions and cookies need to work.
* comment out session_regenerate until we get this sortedredmatrix2016-05-181-1/+1
|
* Revert "Revert "yet more session work""redmatrix2016-05-181-2/+2
| | | | This reverts commit 37d14f3a1dbc8b4fea6831585c746be4a6602fcb.
* Revert "yet more session work"redmatrix2016-05-181-2/+2
| | | | This reverts commit 51edd472c2e007490bdad3198ba1b2a3d7a09c45.