b2b84f3a6f
Update Sabre to version 1.7.1
13 years ago
de7b46c66a
Use `get_magic_quotes_gpc()` to determine if magic_quotes is enabled
...
set_magic_quotes_runtime gives a PHP warning
13 years ago
8b01286a5d
Merged branch 'master'
13 years ago
8be9c04a3a
128byte is not 128bit - now we realy use 256bit (same as PHPSESSID)
13 years ago
ae1f33db54
implement fixed php session timeout and session id regeneration
13 years ago
b92fd984aa
removed username and password from token generation
13 years ago
a6c4046f48
fixed typo and redundant method call
13 years ago
d8fe6fbb40
added a warning message to the log when a cookie is rejected
13 years ago
382f8d060c
fixed wrong variable usage
13 years ago
38b9bffaea
call unsetMagicInCookie if token is invalid
13 years ago
eb79ccafe3
forgot a class name
13 years ago
2ea06f67bd
delete all tokens on password change
13 years ago
45f1c3f120
further improvements on multiple login token support
...
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
13 years ago
ee5d0f328f
improve token security
...
switched from time() to internal method OC_Util::generate_random_bytes()
13 years ago
4b799a6982
Make the lifetime of the remember login cookie
13 years ago
7f3e0b5566
Cleanup login tokens on login success
13 years ago
1012d317e3
Add support for multiple login cookie tokens
13 years ago
7095b3a083
extend logon page to display multiple error messages
13 years ago
44133a07d6
Add doctrine-common and doctrine-dbal
13 years ago
9a35bd76fb
Use resolved path for require_once in autoloader
13 years ago
2c3674ea87
Add logging when stripping apps from autoload include path
13 years ago
fe40277ec2
Use __DIR__ instead of __FILE__ to get SERVERROOT
13 years ago
cda2135966
Send a HSTS HTTP header to enforce SSL
13 years ago
3affeb5bd7
destroy invalid sessions
13 years ago
f3a211c03c
Implement routing on javascript side
13 years ago
f8eebcbb01
reload the current url when login in instead of always redirecting to the default app (oc-1873)
13 years ago
578aa4e425
Removed sectoken
...
This token is completly useless since an attacker can easily extract it
from the page.
13 years ago
743826bbf3
Reimplementation of CSRF protection including autorefresh
13 years ago
2b6869bcea
Uncaught exception logging
13 years ago
c4fc291fa7
Passwords containing a ":" don't work with this explode
...
Thanks to mETz
13 years ago
b206d16b10
add support for loading namespaced test cases
13 years ago
b261c980c7
Fix autoloader merge conflict
13 years ago
182f890110
Remove a merge conflict
13 years ago
bbf8bb0bb3
Log PHP errors to the OC log
13 years ago
c5f9b887ff
Don't call clearCache() for OC_Minimizer statically, create OC_Minimizer objects for both CSS and JS to clear cache after upgrade
13 years ago
46422e6dbe
don't use regular expresions for a simple string replace
13 years ago
bd83422095
put filestorages in a namespace
13 years ago
ceec5e593c
Remove redundant loadApps
13 years ago
3829460ab8
adding space between) and {
13 years ago
5e55b4d6e7
Whitespace fixes in lib
13 years ago
9ea7817a40
Remove core.{css,js} cache on upgrade
13 years ago
9eccc0121a
Respect coding style
13 years ago
7901fc33a8
fixing syntax error
13 years ago
aff08925c1
fixing syntax error - sorry for that
13 years ago
2028500c0a
fixing syntax error - sorry for that
13 years ago
e4e0b5a822
Respect coding style
13 years ago
2508f64efe
set debug mode if an xdebug session is active
13 years ago
a7255181ad
fix autoloader throwing errors for non-oc classes
13 years ago
3dacf149de
allow configuring user backends in config.php
13 years ago
f67aef608f
load authentication apps on login
13 years ago
Susinthiran Sithamparanathan