Commit graph

303 commits

Author SHA1 Message Date
Bart Visscher
fecfeac55d Fix introduced style errors 2012-10-27 17:45:15 +02:00
Bart Visscher
894d44e796 Merge remote-tracking branch 'git://github.com/susinths/SabreDAV_1.7.1.git'
Conflicts:
	lib/base.php
2012-10-27 16:33:10 +02:00
Bart Visscher
0120f3fd62 Merge branch 'routing'
Conflicts:
	core/lostpassword/index.php
	core/lostpassword/resetpassword.php
2012-10-27 11:58:02 +02:00
Bart Visscher
43e8293d9c Change Symfony/Component/Routing from submodule to composer fetching 2012-10-27 11:32:16 +02:00
Felix Moeller
6a00a6b9ed Make Jenkins more happy.
This is NoSpaceAfterComma
2012-10-23 00:28:12 +02:00
Bart Visscher
6081bfa2bc Merge branch 'master' into routing
Conflicts:
	lib/search/provider/file.php
	settings/ajax/changepassword.php
	settings/settings.php
2012-10-17 16:38:11 +02:00
Susinthiran Sithamparanathan
b2b84f3a6f Update Sabre to version 1.7.1 2012-10-17 16:17:36 +02:00
Lukas Reschke
de7b46c66a Use get_magic_quotes_gpc() to determine if magic_quotes is enabled
set_magic_quotes_runtime gives a PHP warning
2012-10-16 19:42:17 +02:00
Lukas Reschke
59404b5675 Merge pull request #31 from visit1985/persistentcookies
reresubmit: improved persistent cookies :)
2012-10-16 04:46:22 -07:00
Victor Dubiniuk
ddcd738357 Merge branch 'extended_log'
PHP errors logging into the owncloud log
2012-10-16 01:30:45 +03:00
Michael Göhler
8be9c04a3a 128byte is not 128bit - now we realy use 256bit (same as PHPSESSID) 2012-10-15 20:04:22 +02:00
Michael Göhler
ae1f33db54 implement fixed php session timeout and session id regeneration 2012-10-14 22:36:26 +02:00
Michael Göhler
b92fd984aa removed username and password from token generation 2012-10-14 22:36:26 +02:00
Michael Göhler
a6c4046f48 fixed typo and redundant method call 2012-10-14 22:36:25 +02:00
Michael Göhler
d8fe6fbb40 added a warning message to the log when a cookie is rejected 2012-10-14 22:36:25 +02:00
Michael Göhler
382f8d060c fixed wrong variable usage 2012-10-14 22:36:25 +02:00
Michael Göhler
38b9bffaea call unsetMagicInCookie if token is invalid 2012-10-14 22:36:25 +02:00
Michael Göhler
eb79ccafe3 forgot a class name 2012-10-14 22:36:25 +02:00
Michael Göhler
2ea06f67bd delete all tokens on password change 2012-10-14 22:36:25 +02:00
Michael Göhler
45f1c3f120 further improvements on multiple login token support
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
2012-10-14 22:36:25 +02:00
Michael Göhler
ee5d0f328f improve token security
switched from time() to internal method OC_Util::generate_random_bytes()
2012-10-14 22:36:25 +02:00
Bart Visscher
4b799a6982 Make the lifetime of the remember login cookie 2012-10-14 22:36:25 +02:00
Bart Visscher
7f3e0b5566 Cleanup login tokens on login success 2012-10-14 22:36:25 +02:00
Bart Visscher
1012d317e3 Add support for multiple login cookie tokens 2012-10-14 22:36:25 +02:00
Michael Göhler
7095b3a083 extend logon page to display multiple error messages 2012-10-14 19:57:24 +02:00
Bart Visscher
9a35bd76fb Use resolved path for require_once in autoloader 2012-10-12 15:47:41 +02:00
Bart Visscher
2c3674ea87 Add logging when stripping apps from autoload include path 2012-10-10 21:06:15 +02:00
Bart Visscher
fe40277ec2 Use __DIR__ instead of __FILE__ to get SERVERROOT 2012-10-10 21:06:15 +02:00
Lukas Reschke
cda2135966 Send a HSTS HTTP header to enforce SSL 2012-10-10 18:56:14 +02:00
Arthur Schiwon
3affeb5bd7 destroy invalid sessions 2012-10-08 13:36:11 +02:00
Bart Visscher
f3a211c03c Implement routing on javascript side 2012-10-05 09:42:36 +02:00
Robin Appelman
f8eebcbb01 reload the current url when login in instead of always redirecting to the default app (oc-1873) 2012-09-30 03:47:37 +02:00
Lukas Reschke
578aa4e425 Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:18:38 +02:00
Bart Visscher
c9317b5a68 Merge branch 'master' into routing 2012-09-28 21:41:21 +02:00
Bart Visscher
bf1057143c Merge branch 'master' into routing
Conflicts:
	apps/files/js/filelist.js
	core/js/js.js
	lib/ocs.php
2012-09-28 15:38:49 +02:00
Christian Reiner
743826bbf3 Reimplementation of CSRF protection including autorefresh 2012-09-28 13:30:44 +02:00
VicDeo
2b6869bcea Uncaught exception logging 2012-09-26 14:38:06 +03:00
Lukas Reschke
c4fc291fa7 Passwords containing a ":" don't work with this explode
Thanks to mETz
2012-09-25 19:57:40 +02:00
Victor Dubiniuk
bbf8bb0bb3 Log PHP errors to the OC log 2012-09-12 22:30:04 +03:00
Michael Gapczynski
c5f9b887ff Don't call clearCache() for OC_Minimizer statically, create OC_Minimizer objects for both CSS and JS to clear cache after upgrade 2012-09-12 01:18:07 -04:00
Robin Appelman
46422e6dbe don't use regular expresions for a simple string replace 2012-09-08 23:40:23 +02:00
Bart Visscher
ceec5e593c Remove redundant loadApps 2012-09-07 16:19:08 +02:00
Bart Visscher
5eba579827 Merge branch 'master' into routing
Conflicts:
	apps/files/js/fileactions.js
	lib/base.php
	lib/helper.php
	lib/ocs.php
2012-09-07 15:51:44 +02:00
Thomas Mueller
3829460ab8 adding space between) and { 2012-09-07 15:22:01 +02:00
Bart Visscher
5e55b4d6e7 Whitespace fixes in lib 2012-09-07 14:08:29 +02:00
Bart Visscher
9ea7817a40 Remove core.{css,js} cache on upgrade 2012-09-07 13:42:22 +02:00
Thomas Müller
9eccc0121a Respect coding style 2012-09-05 13:22:38 +03:00
Thomas Müller
7901fc33a8 fixing syntax error 2012-09-04 15:54:38 +03:00
Thomas Müller
aff08925c1 fixing syntax error - sorry for that 2012-09-04 15:46:43 +03:00
Thomas Müller
2028500c0a fixing syntax error - sorry for that 2012-09-04 15:42:58 +03:00