| Sun, 04 Oct 2009 19:56:54 +0200 |
Suggested new helper functions: SEC_filterPermissions, SEC_hasAccess2
|
file | diff | annotate |
| Fri, 11 Sep 2009 13:03:06 +0200 |
The session and password cookies are now created with the HttpOnly flag set to make it somewhat harder to read them from JavaScript (requires browser support)
|
file | diff | annotate |
| Sun, 06 Sep 2009 15:46:20 +0200 |
Let's use count() instead of sizeof() everywhere from now on
|
file | diff | annotate |
| Wed, 26 Aug 2009 21:58:30 +0200 |
While I'm at it: ensure consistent spelling of "COM_errorLog"
|
file | diff | annotate |
| Thu, 11 Jun 2009 15:37:17 +0200 |
E_ALL fix
|
file | diff | annotate |
| Sat, 30 May 2009 21:03:23 +0200 |
Use array notation for DBMS-specific SQL
|
file | diff | annotate |
| Sun, 10 May 2009 21:43:03 +0200 |
Avoid SQL error in the unlikely event that a user is not a member of any groups ("this shouldn't happen"; cf. bug #0000863)
|
file | diff | annotate |
| Sat, 28 Mar 2009 16:02:55 +0100 |
@param bool -> @param boolean, since "boolean" is used more often in the existing code
|
file | diff | annotate |
| Sat, 28 Mar 2009 15:55:37 +0100 |
@param integer -> @param int, since "int" is used more often in the existing code
|
file | diff | annotate |
| Sat, 28 Mar 2009 14:15:00 +0100 |
Documentation updates
|
file | diff | annotate |
| Sun, 15 Mar 2009 21:54:28 +0100 |
phpDocumentor messes up obfuscated email addresses in angle brackets, so use a different style
|
file | diff | annotate |
| Sat, 07 Mar 2009 22:12:04 +0100 |
phpDocumentor doesn't support @note
|
file | diff | annotate |
| Sat, 07 Mar 2009 17:41:43 +0100 |
Fixed errors reported by phpDocumentor
|
file | diff | annotate |
| Sat, 28 Feb 2009 19:44:23 +0100 |
We really should be using DB_delete instead of DB_query("DELETE...") where possible
|
file | diff | annotate |
| Sat, 28 Feb 2009 09:39:18 +0100 |
DB_Query -> DB_query, for consistency
|
file | diff | annotate |
| Sun, 01 Feb 2009 11:26:53 +0100 |
Sort groups non-case sensitive
|
file | diff | annotate |
| Sun, 01 Feb 2009 13:34:44 +0100 |
Display group names with an uppercase first letter everywhere
|
file | diff | annotate |
| Sun, 01 Feb 2009 11:26:53 +0100 |
Sort groups non-case sensitive
|
file | diff | annotate |
| Sun, 21 Sep 2008 08:37:12 +0000 |
Fixed protection against direct execution on non-case sensitive file systems
|
file | diff | annotate |
| Wed, 13 Aug 2008 07:22:26 +0000 |
Hard-coded "gl_token" table name (spotted by Sami Barakat)
|
file | diff | annotate |
| Tue, 08 Jul 2008 18:42:54 +0000 |
Terminate a user's session when they are being banned
|
file | diff | annotate |
| Sun, 29 Jun 2008 19:02:50 +0000 |
MSSQL issues resolved in calendar plugin and in CSRF tokens.
|
file | diff | annotate |
| Fri, 20 Jun 2008 19:10:38 +0000 |
Started a "bugfixes only" branch for a possible 1.5.0-1 release and ported the first fixes over from the trunk.
|
file | diff | annotate |
| Fri, 20 Jun 2008 14:32:51 +0000 |
Changed SEC_createToken so that it will only return one token per page (effectively making it a singelton). This fixes the problem of not being able to delete comments when you also have trackbacks for the same article.
|
file | diff | annotate |
| Sat, 24 May 2008 16:16:14 +0000 |
TTL For CSRF
|
file | diff | annotate |
| Fri, 02 May 2008 12:12:06 +0000 |
Changed Trinity's email address, as requested
|
file | diff | annotate |
| Thu, 01 May 2008 19:23:47 +0000 |
Sanitize service filename
|
file | diff | annotate |
| Sun, 09 Mar 2008 10:23:13 +0000 |
Moved collection of remote auth modules to a separate function; only display the "Service" dropdown if necessary
|
file | diff | annotate |
| Sun, 09 Mar 2008 09:33:15 +0000 |
Soure code cosmetics
|
file | diff | annotate |
| Fri, 29 Feb 2008 08:22:53 +0000 |
Security change refinement + implementation for other issues.
|
file | diff | annotate |
| Fri, 22 Feb 2008 08:22:42 +0000 |
COM_getCurrentURL not my own rubbish...
|
file | diff | annotate |
| Thu, 21 Feb 2008 19:52:53 +0000 |
Security changes.
|
file | diff | annotate |
| Wed, 20 Feb 2008 20:07:59 +0000 |
Ensure every template class has site_url, site_admin_url, layout_url and xhtml variables set. My eyes, they bleed...
|
file | diff | annotate |
| Sun, 17 Feb 2008 18:31:56 +0000 |
SEC_authenticate should always return - caller will have to handle errors etc.
|
file | diff | annotate |
| Sun, 09 Dec 2007 18:05:39 +0000 |
New function SEC_encryptPassword() to get all the direct calls to md5() out of the core code and give us a chance to switch to some other encryption method in the future.
|
file | diff | annotate |
| Sun, 25 Nov 2007 06:59:56 +0000 |
XHTML optional updates
|
file | diff | annotate |
| Sun, 18 Nov 2007 09:32:58 +0000 |
Typo in comment
|
file | diff | annotate |
| Sat, 26 May 2007 19:29:44 +0000 |
Prevent warning about undefined index
|
file | diff | annotate |
| Fri, 02 Mar 2007 08:02:35 +0000 |
Extended Remote Authentication API to provide homepage and fullname hooks.
|
file | diff | annotate |
| Tue, 24 Oct 2006 08:09:50 +0000 |
fixed bug [#603] hardcoded mysql_error()
|
file | diff | annotate |
| Thu, 03 Aug 2006 14:39:13 +0000 |
Moved the code to create a dropdown of all groups to SEC_getGroupDropdown to avoid code duplication
|
file | diff | annotate |
| Fri, 30 Jun 2006 12:20:49 +0000 |
Prevent direct execution (ported over from the trunk)
|
file | diff | annotate |
| Thu, 15 Jun 2006 18:26:45 +0000 |
Get rid of the eregi
|
file | diff | annotate |
| Sun, 14 May 2006 20:16:08 +0000 |
Fixed warning (undefined variable)
|
file | diff | annotate |
| Sun, 14 May 2006 15:35:53 +0000 |
SEC_removeFeatureFromDB() will remove a feature from all groups and from the features table
|
file | diff | annotate |
| Thu, 27 Apr 2006 11:30:44 +0000 |
moving permissions-layout into template & css
|
file | diff | annotate |
| Wed, 26 Apr 2006 19:51:53 +0000 |
Moved constants to more accessible location.
|
file | diff | annotate |
| Mon, 20 Mar 2006 00:08:46 +0000 |
Added new function SEC_buildAccessSql to generate group access SQL string.
|
file | diff | annotate |
| Sat, 03 Dec 2005 11:58:31 +0000 |
Use constants for user status, and document the constants in lib-user.php
|
file | diff | annotate |
| Thu, 24 Nov 2005 14:27:56 +0000 |
removing leftover references to links & polls in core code
|
file | diff | annotate |
| Sat, 19 Nov 2005 04:20:39 +0000 |
Cleaned up some uninitialized variables
|
file | diff | annotate |
| Thu, 17 Nov 2005 15:05:10 +0000 |
fixing warnings
|
file | diff | annotate |
| Sun, 13 Nov 2005 21:13:20 +0000 |
Restored user activation/authentication process to original order.
|
file | diff | annotate |
| Sun, 13 Nov 2005 09:18:30 +0000 |
Allow group admin, user admin and root access to admin remote users.
|
file | diff | annotate |
| Mon, 03 Oct 2005 19:00:34 +0000 |
Issues with signing into a blogger account (for example) seizing control of a local account
|
file | diff | annotate |
| Sun, 18 Sep 2005 12:09:46 +0000 |
Introduced config.php options to set the default permissions for new objects (feature request #90)
|
file | diff | annotate |
| Sat, 27 Aug 2005 18:16:31 +0000 |
Amended method declarations to use pass by reference rather than runtime pass by reference.
|
file | diff | annotate |
| Thu, 30 Jun 2005 23:56:41 +0000 |
added SEC_addUserToGroup shortcut function for use with plugins and other uses
|
file | diff | annotate |
| Thu, 30 Jun 2005 23:45:43 +0000 |
added SEC_addUserToGroup shortcut function for use with plugins and other uses
|
file | diff | annotate |
| Sun, 26 Jun 2005 09:05:32 +0000 |
Fixed typeo in $_SERVER fix (oops) (no, really this time, mega oops)
|
file | diff | annotate |