Lukas Reschke
f7fa8662e2
Remove session_id_regenerate
from here
...
Jenkins somewhat complains that there are already sent headers.
2014-02-21 08:12:45 +01:00
Lukas Reschke
0241ddc759
Merge pull request #6519 from nhirokinet/master
...
Security Update: session fixation
2014-02-20 14:28:26 +01:00
Scrutinizer Auto-Fixer
adaee6a5a1
Scrutinizer Auto-Fixes
...
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720
Enabled analysis tools:
- PHP Analyzer
- JSHint
- PHP Copy/Paste Detector
- PHP PDepend
2014-02-19 09:31:54 +01:00
Jörn Friedrich Dreyer
2a6a9a8cef
polish documentation based on scrutinizer patches
2014-02-06 17:02:21 +01:00
Thomas Müller
9b7c3a5c66
fixing PHPDoc and use cameCase names
2014-01-09 10:27:47 +01:00
Arthur Schiwon
4585b4ea3f
Infowarning about 32bit
2014-01-08 19:41:10 +01:00
Arthur Schiwon
d7cb5ab080
add tests for user counting
2014-01-08 13:26:48 +01:00
Arthur Schiwon
cb6a3e2617
if backends have the same class name, sum their users up instead of overwriting
2014-01-08 13:24:28 +01:00
Arthur Schiwon
1e1ced7772
Introduce user count action to user management
2014-01-07 23:05:37 +01:00
NARUKAWA Hiroki
068688063e
Security Update: session fixation
...
Previous version is vulnerable to session fixation attack in some situations, guessing non-apache-module-php5 environment. Regeneration of session id should be done here.
2013-12-20 03:38:51 +09:00
Robin Appelman
e7a5c90cab
Replace static usage of OC_Config and OC_Preferences with the injected \OC\ConfigAll
2013-12-18 13:03:19 +01:00
Robin Appelman
a6c1b3ece3
fix the config option to remove the ability for users to set their displayname
2013-12-18 13:03:19 +01:00
Arthur Schiwon
91d6a6dd7c
On webdav sesssions, loginname was compared to username which does not need to match necessarily
2013-12-13 16:58:03 +01:00
Robin Appelman
f23b7a262f
fix fallback overwriting result of getHome
2013-12-12 12:57:25 +01:00
Robin Appelman
366d75e947
cache the home folder of a User
2013-12-11 16:22:26 +01:00
Arthur Schiwon
8ccac86c98
Enable user backends to provide avatar images
2013-11-22 13:25:20 +01:00
Vincent Petry
013444813e
Now removing stray old cookies from 5.0.12
...
Cookies from 5.0.12 seemed to have an extra slash in the path.
Firefox doesn't allow to remove them if the trailing slash isn't
there,
thus making it impossible to logout correctly.
This fix adds extra code to delete such stray cookies.
Ported from stable5 branch 99e5c6f7eb
2013-11-07 18:49:50 +01:00
Bjoern Schiessle
f021dad204
remove user from cache if he was deleted successfully
2013-10-29 15:50:33 +01:00
Arthur Schiwon
466b6c1ee0
local user backend shall search for both username and displayname, fixes #5401
2013-10-25 21:57:12 +02:00
Andreas Fischer
75588fc0b6
Use strict comparison === instead of ==.
2013-10-08 20:03:16 +02:00
Andreas Fischer
6eab36a89b
Make OC_User_Dummy::checkPassword() compatible with OC_User_Example.
...
The user id has to be returned.
2013-10-08 19:57:37 +02:00
Thomas Müller
9c9dc276b7
move the private namespace OC into lib/private - OCP will stay in lib/public
...
Conflicts:
lib/private/vcategories.php
2013-09-30 16:36:59 +02:00