Mercurial Mercurial > repos > enano-1.1 / file revisions
summary | shortlog | changelog | graph | tags | bookmarks | branches | file | revisions | annotate | diff | comparison | rss | help
(0) -100 -60 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/sessions.php
Mon, 28 Jun 2010 10:43:04 -0400 Dan Fuhry SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst(). file | diff | annotate
Wed, 02 Jun 2010 21:58:26 -0400 Dan Rewrote category editor. This breaks the JSON API. Also fixed a few bugs with how Wiki Mode is set in $paths. (Hopefully that doesn't cause infinite loops, heh). Fixes issue 20. file | diff | annotate
Sat, 17 Apr 2010 03:33:14 -0400 Dan Made separate methods in sessionManager for static and non-static generate_aes_form(), because PHP (erroneously) always calls that method statically. file | diff | annotate
Tue, 06 Apr 2010 15:54:45 -0400 Dan Added Diffie-Hellman crypto support into the installer. Fixes issue 13. file | diff | annotate
Tue, 30 Mar 2010 11:37:00 -0400 Dan Added selection and popup for <pre> tags within wikitext. Also fixed more bugs found in the HTML paragraph parser (mostly self-closing tags e.g. <hr />). file | diff | annotate
Sun, 28 Mar 2010 23:10:46 -0400 Dan Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing. file | diff | annotate
Mon, 01 Feb 2010 02:15:04 -0500 Dan Fixed more places where author_uid wasn't right. file | diff | annotate
Sun, 10 Jan 2010 17:13:03 -0500 Dan Fixed author_uid in activation request insertion file | diff | annotate
Wed, 06 Jan 2010 02:02:51 -0500 Dan Fixed some bugs with account activation, especially if you're a half-logged-in vegetable. file | diff | annotate
Wed, 06 Jan 2010 01:18:19 -0500 Dan Sessions: fixed on_critical_page(), it referenced the wrong global; enabled better extensible behavior in the account_active column file | diff | annotate
Fri, 18 Dec 2009 19:17:18 -0500 Dan AJAX login: Fixed error box failure to destroy upon cancel. Fixes issue 8. file | diff | annotate
Fri, 18 Dec 2009 19:06:49 -0500 Dan Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6. file | diff | annotate
Fri, 18 Dec 2009 05:12:02 -0500 Dan Comments (AJAX): Now paginated server side. Fixes issue 2. file | diff | annotate
Thu, 17 Dec 2009 04:31:55 -0500 Dan ACP: Added lockout management feature file | diff | annotate
Sat, 12 Dec 2009 15:44:36 -0500 Dan Re-merge changes from a2hosting dev file | diff | annotate
Sat, 12 Dec 2009 15:39:36 -0500 Dan CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later. file | diff | annotate
Fri, 11 Dec 2009 17:11:47 -0500 Dan A couple fixes to permission out-of-scope errors. file | diff | annotate
Mon, 07 Dec 2009 15:21:47 -0500 Dan Sessions: Made acl_check_deps() verify scope, so that all of an action's dependencies must apply to the namespace of the given action. file | diff | annotate
Sun, 06 Dec 2009 21:51:55 -0500 Dan PostgreSQL: Fixed $session->create_user() file | diff | annotate
Tue, 03 Nov 2009 22:08:48 -0500 Dan Logins: reorganized data structures a bit. WiP - needs test routine done. file | diff | annotate
Fri, 21 Aug 2009 20:41:38 -0400 Dan Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses file | diff | annotate
Fri, 21 Aug 2009 13:49:45 -0400 Dan User ACP: redirect to Special:Login on own account deletion file | diff | annotate
Thu, 20 Aug 2009 21:15:19 -0400 Dan Sessions: whoops, left a debug message in by accident, broke a few redirects file | diff | annotate
Thu, 20 Aug 2009 20:01:55 -0400 Dan Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7 file | diff | annotate
Mon, 10 Aug 2009 22:43:26 -0400 Dan Added ability for authentication plugins to modify session keys (to allow invalidation when their own authentication data is changed) as well as the ability to disable the built-in password change facility file | diff | annotate
Mon, 03 Aug 2009 02:58:43 -0400 Dan Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes. file | diff | annotate
Fri, 31 Jul 2009 19:15:48 -0400 Dan Merged development from Scribus and Charlie file | diff | annotate
Fri, 17 Jul 2009 17:11:09 -0400 Dan AJAX Login: Fixed all known issues with lockout (and some unknown ones) file | diff | annotate
Wed, 29 Jul 2009 11:49:30 -0400 Dan Fixed logins with usernames containing Unicode characters file | diff | annotate
Thu, 02 Jul 2009 09:01:29 -0400 Dan Login and sessions: fixed some improper handling of the config for lockout logic file | diff | annotate
Sun, 21 Jun 2009 00:16:21 -0400 Dan AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page file | diff | annotate
Fri, 22 May 2009 13:49:02 -0400 Dan Sped up AJAX de-auth a little; added a little extra info to login_success JSON responses file | diff | annotate
Fri, 15 May 2009 15:56:10 -0400 Dan Fixed undefined indices for user_extra in various places file | diff | annotate
Tue, 05 May 2009 00:10:26 -0400 Dan Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas. file | diff | annotate
Sun, 19 Apr 2009 19:01:08 -0400 Dan Upgrader: UX: Added welcome page, different between Caoineag and Banshee file | diff | annotate
Wed, 15 Apr 2009 19:44:47 -0400 Dan New, beautiful, rethought Admin:Home. No, really, you'll like it. file | diff | annotate
Sat, 11 Apr 2009 16:58:32 -0400 Dan session: login_process_userdata_json hook should work with more than one installed auth plugin now file | diff | annotate
Sat, 04 Apr 2009 22:35:44 -0400 Dan Session: additional metadata passed back from auth plugins is passed through to client for optional further parsing file | diff | annotate
Sat, 14 Mar 2009 14:06:02 -0400 Dan Added support for alternate port numbers on database servers. Also in install-cli, merged in new sysreqs functionality. file | diff | annotate
Thu, 26 Feb 2009 01:07:32 -0500 Dan Added possibility for auth plugins, which can log a user in using non-standard authentication methods. file | diff | annotate
Mon, 16 Feb 2009 16:17:25 -0500 Dan Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) file | diff | annotate
Sun, 25 Jan 2009 21:20:14 -0500 Dan Replaced integer checks that used preg_match() to use ctype_digit() instead file | diff | annotate
Fri, 16 Jan 2009 13:13:37 -0500 Dan Deprecated old grab_password_hash() functions in session file | diff | annotate
Sun, 11 Jan 2009 21:37:49 -0500 Dan Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API. file | diff | annotate
Sun, 04 Jan 2009 01:43:16 -0500 Dan Upgrades should work now. file | diff | annotate
Sun, 04 Jan 2009 00:55:40 -0500 Dan Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6. file | diff | annotate
Sun, 21 Dec 2008 17:25:28 -0500 Dan Corrected a few issues with languages and client-side code file | diff | annotate
Sun, 21 Dec 2008 07:07:21 -0500 Dan Fixed a couple PostgreSQL bugs. file | diff | annotate
Sun, 21 Dec 2008 04:26:56 -0500 Dan Fixed timezone preference setting not fully implemented; added ability for users to select their own rank from a list of possible ranks based on group membership and user level file | diff | annotate
Thu, 20 Nov 2008 22:59:25 -0500 Dan Added dependency checking in ACL tracer file | diff | annotate
Sun, 09 Nov 2008 14:22:41 -0500 Dan Merging with upstream file | diff | annotate
Mon, 03 Nov 2008 08:56:44 -0500 Dan Fixed error-out when DiffieHellman not supported and respawn requested (part of OS X QA process) file | diff | annotate
Sun, 09 Nov 2008 09:03:10 -0500 Dan Added config option to grant userpage rights to new users (defaults to on, as it was hardcoded on before) file | diff | annotate
Sat, 08 Nov 2008 22:35:59 -0500 Dan Fixed DiffieHellman being included twice when not supported and login fails file | diff | annotate
Sun, 21 Sep 2008 09:01:27 -0400 Dan Added initial support for DST. Rules are defined in constants.php and are extensible. file | diff | annotate
Tue, 19 Aug 2008 20:57:17 -0400 Dan Made upgrades from 1.1.4 -> 1.1.5 work if keyhash is not present file | diff | annotate
Wed, 13 Aug 2008 08:48:03 -0400 Dan Made login forms that use $session->aes_javascript() use new whiteOutForm() function file | diff | annotate
Tue, 12 Aug 2008 00:06:35 -0400 Dan Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary) file | diff | annotate
Mon, 11 Aug 2008 22:31:04 -0400 Dan Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme. file | diff | annotate
Sat, 12 Jul 2008 03:55:14 -0400 Dan Added Gravatar support in UserManager in admin panel file | diff | annotate
less more (0) -100 -60 tip
Enano CMS (1.1.x)