includes/sessions.php
Sun, 04 Sep 2011 02:32:49 -0400 Dan Fuhry SECURITY: Various security enhancements to password resets. They are now rate-limited by username and IP, and it is possible to disable username autofill for guests.
Tue, 16 Nov 2010 12:31:41 -0500 Dan Fuhry SECURITY: Fix SQL injection in banlist check (1.1.7 branch) 1.1.7-maintenance 1.1.7pl2
Tue, 16 Nov 2010 12:11:29 -0500 Dan Fuhry SECURITY: Fix SQL injection in banlist check
Fri, 20 Aug 2010 01:36:44 -0400 Dan Fuhry Fixed some ACL scope warnings
Thu, 29 Jul 2010 19:30:11 -0400 Dan Pending group memberships no longer alter result in rank alterations
Mon, 26 Jul 2010 20:10:01 -0400 Dan Improved captcha word generation; fixed duplicate auth parameter in Special:Login privileged login; improved search indexer performance on websites with lots of words
Sun, 25 Jul 2010 11:15:53 -0400 Dan Fuhry Made login window focus the controls earlier if animations are disabled.
Thu, 01 Jul 2010 20:51:53 -0400 Dan Fuhry Fixed the (rather expected) 1.0.x migration issues db revision system
Mon, 28 Jun 2010 10:43:04 -0400 Dan Fuhry SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().
Wed, 02 Jun 2010 21:58:26 -0400 Dan Rewrote category editor. This breaks the JSON API. Also fixed a few bugs with how Wiki Mode is set in $paths. (Hopefully that doesn't cause infinite loops, heh). Fixes issue 20.
Sat, 17 Apr 2010 03:33:14 -0400 Dan Made separate methods in sessionManager for static and non-static generate_aes_form(), because PHP (erroneously) always calls that method statically.
Tue, 06 Apr 2010 15:54:45 -0400 Dan Added Diffie-Hellman crypto support into the installer. Fixes issue 13.
Tue, 30 Mar 2010 11:37:00 -0400 Dan Added selection and popup for <pre> tags within wikitext. Also fixed more bugs found in the HTML paragraph parser (mostly self-closing tags e.g. <hr />).
Sun, 28 Mar 2010 23:10:46 -0400 Dan Going ahead with the switch to tabs. This is a major coding standards change! If any unusual parser bugs show up, check this changeset. Converted all .php, .js, .tpl, .css, and .json files and did basic testing.
Mon, 01 Feb 2010 02:15:04 -0500 Dan Fixed more places where author_uid wasn't right.
Sun, 10 Jan 2010 17:13:03 -0500 Dan Fixed author_uid in activation request insertion
Wed, 06 Jan 2010 02:02:51 -0500 Dan Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.
Wed, 06 Jan 2010 01:18:19 -0500 Dan Sessions: fixed on_critical_page(), it referenced the wrong global; enabled better extensible behavior in the account_active column
Fri, 18 Dec 2009 19:17:18 -0500 Dan AJAX login: Fixed error box failure to destroy upon cancel. Fixes issue 8.
Fri, 18 Dec 2009 19:06:49 -0500 Dan Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Fri, 18 Dec 2009 05:12:02 -0500 Dan Comments (AJAX): Now paginated server side. Fixes issue 2.
Thu, 17 Dec 2009 04:31:55 -0500 Dan ACP: Added lockout management feature
Sat, 12 Dec 2009 15:44:36 -0500 Dan Re-merge changes from a2hosting dev
Sat, 12 Dec 2009 15:39:36 -0500 Dan CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Fri, 11 Dec 2009 17:11:47 -0500 Dan A couple fixes to permission out-of-scope errors.
Mon, 07 Dec 2009 15:21:47 -0500 Dan Sessions: Made acl_check_deps() verify scope, so that all of an action's dependencies must apply to the namespace of the given action.
Sun, 06 Dec 2009 21:51:55 -0500 Dan PostgreSQL: Fixed $session->create_user()
Tue, 03 Nov 2009 22:08:48 -0500 Dan Logins: reorganized data structures a bit. WiP - needs test routine done.
less more (0) -100 -50 -28 tip