harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

block channel removal for 48 hours after changing the account password, since the password is required to remove a channel. Somebody looking at an open session on somebody else's computer can simply change the password and then proceed to maliciously remove the channel. This change gives the owner 2 days to discover that something is wrong and recover his/her password and potentially save their channel from getting erased by the vandal. This is most likely to happen if a relationship has gone bad, or something incriminating was found in your private messages when you left your computer briefly unattended.

Browse Source
This commit is contained in:
friendica
2014-07-29 20:13:01 -07:00
parent c8829e7243
commit 35ed18967a
5 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
install/database.sql
View File

@@ -55,6 +55,7 @@ CREATE TABLE IF NOT EXISTS `account` (
`account_expire_notified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`account_service_class` char(32) NOT NULL DEFAULT '',
`account_level` int(10) unsigned NOT NULL DEFAULT '0',
`account_password_changed` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
PRIMARY KEY (`account_id`),
KEY `account_email` (`account_email`),
KEY `account_service_class` (`account_service_class`),
@@ -65,7 +66,8 @@ CREATE TABLE IF NOT EXISTS `account` (
KEY `account_expires` (`account_expires`),
KEY `account_default_channel` (`account_default_channel`),
KEY `account_external` (`account_external`),
KEY `account_level` (`account_level`)
KEY `account_level` (`account_level`),
KEY `account_password_changed` (`account_password_changed`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `addon` (