Previously a JSON error page was shown to the user in-case the CSRF token was not valid. This was confusing and prevented people from login.
With this at least the login page is shown again and not a JSON error message. I consider this as sufficient since adding a new error page just for this sake would uneededly make lib/base.php even more cluttered and this is a edge-case which optimally should anyways not happen that often.
This can be tested by opening the login page, then clearing the cookies, and trying to login.
At the previous point not all apps were initialized. Now the basic auth check happens together at the same location as all others.
Fixes https://github.com/owncloud/core/issues/11129
Using status.php for this.
I modified status.php to also show, whether we're in maintenance.
Checks every 20 seconds if maintenance is over, if yes: reload.
handleRequest() is not called from remote.php or public.php which made these files party available but all included apps in there produced errors.
As the expected behaviour is anyways that a trusted domain warning is shown I moved this to init()
Fixes https://github.com/owncloud/core/issues/10064
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
Adds a little button to the trusted domain warning, if an admin clicks on the warning he will be redirected to ownCloud and asked whether he want to trust this domain.
By far not the cleanest code, or clean at all, but does the job and I don't see a reason to make a lot of changes for this little improvement.
Hopefully this will stop people from copying the sample config. I'm so annoyed by all those wrong bug reports...
Add some explanation about this switch
Move check to init
Users should not be able to enable debug mode on their own by setting a cookie. Using debug mode might leak too much information about the environment or have other unexpected behaviour.
We should backport this.
This `strip_tags` seems to be completely unneeded and will cause problems with passwords containing stripped characters. (e.g. `<` or `>`)
Needs https://github.com/owncloud/core/pull/9735 to be merged first.
