This repository has been archived on 2024-08-19. You can view files and clone it, but cannot push or open issues or pull requests.

Waitman Gobble b3c805d7d0 prevent 'my_address' being set with bogus info ...

After a user has authenticated, it is possible to set my_address in $_SESSION to 'anything' using zid= parameter in URL - if user is authenticated then zid is never set. This change kills the authenticated switch if a person sends a new zid through for processing, which will trigger remote authentication.

2017-09-18 06:02:14 -05:00

..

CheckJS.php

some issues with mod_display on very first anonymous page visit (prior to any browser cookies being set)

2017-08-30 18:55:56 -07:00

Controller.php

support cookie auth in Sabre DAV

2016-06-14 20:30:34 -07:00

HTTPHeaders.php

more work on activitypub httpsignature verification

2017-08-14 22:40:29 -07:00

HttpMeta.php

turn 'OpenGraph' into a more general purpose HTTP meta facility for setting any meta header

2016-03-08 16:06:58 -08:00

HTTPSig.php

more zot6

2017-09-13 20:40:01 -07:00

Router.php

now letsencrypt is creating a .htaccess file with re-write rules which kills most of our .well-known routes

2017-08-31 17:47:32 -07:00

Session.php

This explains it all. Don't set the domain when creating a cookie. You'll get a wildcard and sessions will break if you have multiple domains running hubzilla (or any php basic session based code).

2016-05-18 21:00:31 -07:00

SessionHandler.php

more backticks

2016-10-03 21:48:53 -07:00

SubModule.php

[TASK] Update Doxyfile and fix Doxygen errors.

2016-10-13 11:27:23 +02:00

WebServer.php

prevent 'my_address' being set with bogus info

2017-09-18 06:02:14 -05:00