Robin Appelman
38371d1275
Merge branch 'master' into filesystem
2012-10-27 14:28:24 +02:00
Bart Visscher
0120f3fd62
Merge branch 'routing'
...
Conflicts:
core/lostpassword/index.php
core/lostpassword/resetpassword.php
2012-10-27 11:58:02 +02:00
Bart Visscher
43e8293d9c
Change Symfony/Component/Routing from submodule to composer fetching
2012-10-27 11:32:16 +02:00
Robin Appelman
7b150dfa96
merge master into filesystem
2012-10-24 15:32:29 +02:00
Felix Moeller
6a00a6b9ed
Make Jenkins more happy.
...
This is NoSpaceAfterComma
2012-10-23 00:28:12 +02:00
Bart Visscher
6081bfa2bc
Merge branch 'master' into routing
...
Conflicts:
lib/search/provider/file.php
settings/ajax/changepassword.php
settings/settings.php
2012-10-17 16:38:11 +02:00
Robin Appelman
77cef5f514
merge master into filesystem
2012-10-17 13:14:17 +02:00
Lukas Reschke
de7b46c66a
Use get_magic_quotes_gpc()
to determine if magic_quotes is enabled
...
set_magic_quotes_runtime gives a PHP warning
2012-10-16 19:42:17 +02:00
Lukas Reschke
59404b5675
Merge pull request #31 from visit1985/persistentcookies
...
reresubmit: improved persistent cookies :)
2012-10-16 04:46:22 -07:00
Victor Dubiniuk
ddcd738357
Merge branch 'extended_log'
...
PHP errors logging into the owncloud log
2012-10-16 01:30:45 +03:00
Michael Göhler
8be9c04a3a
128byte is not 128bit - now we realy use 256bit (same as PHPSESSID)
2012-10-15 20:04:22 +02:00
Michael Göhler
ae1f33db54
implement fixed php session timeout and session id regeneration
2012-10-14 22:36:26 +02:00
Michael Göhler
b92fd984aa
removed username and password from token generation
2012-10-14 22:36:26 +02:00
Michael Göhler
a6c4046f48
fixed typo and redundant method call
2012-10-14 22:36:25 +02:00
Michael Göhler
d8fe6fbb40
added a warning message to the log when a cookie is rejected
2012-10-14 22:36:25 +02:00
Michael Göhler
382f8d060c
fixed wrong variable usage
2012-10-14 22:36:25 +02:00
Michael Göhler
38b9bffaea
call unsetMagicInCookie if token is invalid
2012-10-14 22:36:25 +02:00
Michael Göhler
eb79ccafe3
forgot a class name
2012-10-14 22:36:25 +02:00
Michael Göhler
2ea06f67bd
delete all tokens on password change
2012-10-14 22:36:25 +02:00
Michael Göhler
45f1c3f120
further improvements on multiple login token support
...
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
2012-10-14 22:36:25 +02:00
Michael Göhler
ee5d0f328f
improve token security
...
switched from time() to internal method OC_Util::generate_random_bytes()
2012-10-14 22:36:25 +02:00
Bart Visscher
4b799a6982
Make the lifetime of the remember login cookie
2012-10-14 22:36:25 +02:00
Bart Visscher
7f3e0b5566
Cleanup login tokens on login success
2012-10-14 22:36:25 +02:00
Bart Visscher
1012d317e3
Add support for multiple login cookie tokens
2012-10-14 22:36:25 +02:00
Michael Göhler
7095b3a083
extend logon page to display multiple error messages
2012-10-14 19:57:24 +02:00
Robin Appelman
11e9ce25e6
merge master into filesystem
2012-10-13 04:29:20 +02:00
Bart Visscher
9a35bd76fb
Use resolved path for require_once in autoloader
2012-10-12 15:47:41 +02:00
Robin Appelman
fb2d2bc201
merge master into filesystem
2012-10-11 22:54:39 +02:00
Bart Visscher
2c3674ea87
Add logging when stripping apps from autoload include path
2012-10-10 21:06:15 +02:00
Bart Visscher
fe40277ec2
Use __DIR__ instead of __FILE__ to get SERVERROOT
2012-10-10 21:06:15 +02:00
Lukas Reschke
cda2135966
Send a HSTS HTTP header to enforce SSL
2012-10-10 18:56:14 +02:00
Robin Appelman
e7899e17de
merge phpunit into filesystem
2012-10-08 13:53:53 +02:00
Arthur Schiwon
3affeb5bd7
destroy invalid sessions
2012-10-08 13:36:11 +02:00
Bart Visscher
f3a211c03c
Implement routing on javascript side
2012-10-05 09:42:36 +02:00
Robin Appelman
b7eb3f3dff
merge master into filesystem
2012-10-01 14:21:49 +02:00
Robin Appelman
f8eebcbb01
reload the current url when login in instead of always redirecting to the default app (oc-1873)
2012-09-30 03:47:37 +02:00
Lukas Reschke
578aa4e425
Removed sectoken
...
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:18:38 +02:00
Bart Visscher
c9317b5a68
Merge branch 'master' into routing
2012-09-28 21:41:21 +02:00
Bart Visscher
bf1057143c
Merge branch 'master' into routing
...
Conflicts:
apps/files/js/filelist.js
core/js/js.js
lib/ocs.php
2012-09-28 15:38:49 +02:00
Christian Reiner
743826bbf3
Reimplementation of CSRF protection including autorefresh
2012-09-28 13:30:44 +02:00
Robin Appelman
88bca9bc49
Merge branch 'master' into filesystem
2012-09-26 17:52:28 +02:00
VicDeo
2b6869bcea
Uncaught exception logging
2012-09-26 14:38:06 +03:00
Lukas Reschke
c4fc291fa7
Passwords containing a ":" don't work with this explode
...
Thanks to mETz
2012-09-25 19:57:40 +02:00
Robin Appelman
b206d16b10
add support for loading namespaced test cases
2012-09-22 14:51:34 +02:00
Robin Appelman
93292516d9
Merge branch 'master' into filesystem
2012-09-22 14:28:14 +02:00
Victor Dubiniuk
bbf8bb0bb3
Log PHP errors to the OC log
2012-09-12 22:30:04 +03:00
Michael Gapczynski
c5f9b887ff
Don't call clearCache() for OC_Minimizer statically, create OC_Minimizer objects for both CSS and JS to clear cache after upgrade
2012-09-12 01:18:07 -04:00
Robin Appelman
46422e6dbe
don't use regular expresions for a simple string replace
2012-09-08 23:40:23 +02:00
Robin Appelman
bd83422095
put filestorages in a namespace
2012-09-07 18:30:48 +02:00
Bart Visscher
ceec5e593c
Remove redundant loadApps
2012-09-07 16:19:08 +02:00