Commit Graph

1397 Commits

Author SHA1 Message Date
Zach Copley
9fb08ec45e CSRF protection in remotesubscribe
darcs-hash:20080829054038-7b5ce-d0503a8eb7f89a9d2de4aadd4550f4342b943b09.gz
2008-08-29 01:40:38 -04:00
Zach Copley
a034e13bf0 CSRF protection in emailsettings
darcs-hash:20080829053337-7b5ce-6d94638c57d185e5d44e02ad458593a3f4de36d9.gz
2008-08-29 01:33:37 -04:00
Evan Prodromou
2dc50d7e37 CSRF protection in user registration
darcs-hash:20080829054017-84dde-c9268e5c815934dcbca2451dd6c9016f2ac4a03a.gz
2008-08-29 01:40:17 -04:00
Zach Copley
47726844a0 CSRF protection in recoverpassword
darcs-hash:20080829052824-7b5ce-39a8fd299b7a85793ad7a19fe00c93813ca882b6.gz
2008-08-29 01:28:24 -04:00
Evan Prodromou
98e941753b session token in userauthorization form
darcs-hash:20080829052847-84dde-a64918a75f8300ec8fb230202881691066147652.gz
2008-08-29 01:28:47 -04:00
Evan Prodromou
63438008e0 csrf protection in userauthorization
darcs-hash:20080829052732-84dde-0ebb7e32236b480cc3aa2eb7a4bb2b41ff6177d6.gz
2008-08-29 01:27:32 -04:00
Evan Prodromou
9b741c4f9a better client error on CSRF problem with subscribe/unsubscribe
darcs-hash:20080829051628-84dde-2a339a35c422afb9ec04f757771764ed43b2c28b.gz
2008-08-29 01:16:28 -04:00
Evan Prodromou
4272da4e9e CSRF protection for subscription/unsubscription
darcs-hash:20080829051104-84dde-9bd23c28c2c8a720046060a33ff3e5f246c47116.gz
2008-08-29 01:11:04 -04:00
Zach Copley
2e239e3fbb CSRF protection in imsettings.php
darcs-hash:20080829035707-7b5ce-69a9ff98390ff8b9671ede948d78fdb37371aac6.gz
2008-08-28 23:57:07 -04:00
Zach Copley
6be7cbc5cd CSRF protection in smssettings.php
darcs-hash:20080829035118-7b5ce-57613e88b29617ea422c7f7003e81ef885e3debb.gz
2008-08-28 23:51:18 -04:00
Evan Prodromou
6afb7f576e add csrf protection to profile settings
darcs-hash:20080829043909-84dde-c70a633c93ab89560bc300817bda66eebf6176cf.gz
2008-08-29 00:39:09 -04:00
Evan Prodromou
9a65f45c45 CSRF protection in openidsettings
darcs-hash:20080829042908-84dde-1d1a22dfd3d89c5521aeb9069dc64c5f6dad3a27.gz
2008-08-29 00:29:08 -04:00
Evan Prodromou
d0a466bdb7 swap around some stuff to show the form correctly on a CSRF error in openidlogin
darcs-hash:20080829040925-84dde-7195734eeb3df6439c099c1139caf77e2c2ea3c1.gz
2008-08-29 00:09:25 -04:00
Evan Prodromou
42a6492152 CSRF protection for OpenID form
darcs-hash:20080829035934-84dde-cf36fd802bed76fdf15ac39b838494a414d5cc1e.gz
2008-08-28 23:59:34 -04:00
Evan Prodromou
d6dd35a66a add a token for CSRF avoidance
darcs-hash:20080829034854-84dde-a636b446dc254aaa77ac65f63be01e49c192bf32.gz
2008-08-28 23:48:54 -04:00
Evan Prodromou
93e67c7133 show error in delete notice
darcs-hash:20080829025559-84dde-bd29b5e6750a1ff72bd39e8e76bde325b0313fb8.gz
2008-08-28 22:55:59 -04:00
Evan Prodromou
dd55916d56 CSRF protection in deletenotice
darcs-hash:20080829025127-84dde-b3e2eb64b7dd8302037f471f6dba6949e2e15ecc.gz
2008-08-28 22:51:27 -04:00
Evan Prodromou
d3c86d0016 add CSRF protection to avatar
darcs-hash:20080829023919-84dde-38e4bf6bddc120a221af5f856d9f88b7a532096b.gz
2008-08-28 22:39:19 -04:00
Evan Prodromou
d146355875 return after failed token
darcs-hash:20080829023731-84dde-8920bbaf1e1f171829d0acff3f89ec987deb6368.gz
2008-08-28 22:37:31 -04:00
Evan Prodromou
1df845db78 fix random function name
darcs-hash:20080829021854-84dde-818492a31c07dd0921c2a693095ca7ac901b6d35.gz
2008-08-28 22:18:54 -04:00
Evan Prodromou
54bee1b999 code for session token
darcs-hash:20080829015304-84dde-1c93203bdfbd4c1696cdd3c07212ff16a9f727dd.gz
2008-08-28 21:53:04 -04:00
Evan Prodromou
ff566a149d add session token check to password change
darcs-hash:20080829014515-84dde-bce51f66ba0b3b4347a55a70b2b266b72c242304.gz
2008-08-28 21:45:15 -04:00
Evan Prodromou
cf3902d8ac get language before setting it.
darcs-hash:20080828005323-84dde-8f69e1e6115faa544c22436539148dac53ed6f65.gz
2008-08-27 20:53:23 -04:00
Evan Prodromou
f3dc863d8f don't do too many broadcasts or confirms before checking the message queue
darcs-hash:20080827142336-84dde-2bec2149d86900fd0291f8c00f85aa756842bbe1.gz
2008-08-27 10:23:36 -04:00
Evan Prodromou
9bdc7f8ec7 add back in a session start handler
darcs-hash:20080827135422-84dde-857d6e980e18803186d080a60eea60f1362bb348.gz
2008-08-27 09:54:22 -04:00
Evan Prodromou
b69b206c97 restoring upstream XMLStream.php after pulling ciarang's patch
darcs-hash:20080827133048-84dde-cb99ac89c65008a8832395684386518718247887.gz
2008-08-27 09:30:48 -04:00
CiaranG
b6d67b06d4 XMPP daemon that doesn't eat messages - note change to XMPPHP as well (Ticket #551)
darcs-hash:20080826200057-f6e2c-fb9a88251d034824218d20b3fefcde96ddaef827.gz
2008-08-26 16:00:57 -04:00
Evan Prodromou
28ed510854 don't show unknown (debug) errors
darcs-hash:20080827132346-84dde-c5499ac960fbb28bced28ff9355846f7183fcb5c.gz
2008-08-27 09:23:46 -04:00
Evan Prodromou
108b1e7bfd fixup whitespace
darcs-hash:20080827131603-84dde-7be64f28840a29c5833bc625aaf6cb8f07b891e5.gz
2008-08-27 09:16:03 -04:00
Evan Prodromou
44c1863f0e import upstream XMPPHP with @ciarang's fix
darcs-hash:20080827124430-84dde-654751781702f5518153a01aa3dae4a8580b7f35.gz
2008-08-27 08:44:30 -04:00
Evan Prodromou
b1ff7d7a2b fix error storing uris of remote notices
darcs-hash:20080826211108-84dde-b277bdb1476b9cec0c0d93fa8d565c4642ba16c8.gz
2008-08-26 17:11:08 -04:00
Evan Prodromou
4a28e70cf8 use notice URI if it's not local and it's an HTTP URL
darcs-hash:20080826210314-84dde-34d4eb71c7d74b65c0c4b486f345ed7d9301af15.gz
2008-08-26 17:03:14 -04:00
Evan Prodromou
0bc0568e66 only send local messages to public XMPP stream
darcs-hash:20080826205341-84dde-04c1641f4b9c5aa5318b76512664ee9df170d779.gz
2008-08-26 16:53:41 -04:00
Evan Prodromou
782fe0130f optionally turn encryption on or off in the XMPP connection
For identi.ca, we had some problems with the XMPP daemon getting
"stuck" in I/O through the encrypted (by default) XMPP socket. Turning
off encryption helped. So, now it's an option.

darcs-hash:20080826131814-84dde-2c4a809c6fb666dfb4b96d0d61205fe418f4e4b4.gz
2008-08-26 09:18:14 -04:00
Evan Prodromou
4cc84c3225 never allow blank passwords
darcs-hash:20080825185245-84dde-f2ad86c1aedc2a42f7b468775234be53a7e84d5b.gz
2008-08-25 14:52:45 -04:00
Evan Prodromou
08a3c5ac7f use better SQL date, fix security problem with OpenID logins
darcs-hash:20080825184104-84dde-5735c1791002a12c3417603dc85da31ea868f263.gz
2008-08-25 14:41:04 -04:00
Evan Prodromou
21e4fb864f change DataObject_Cast to use sql_now
darcs-hash:20080825183005-84dde-c1d24a057d9545cc6d1f0dc21c5af4ea7316d8e9.gz
2008-08-25 14:30:05 -04:00
Evan Prodromou
cba4b50e44 use common_sql_now() instead of DB_DataObject_Cast
darcs-hash:20080825182338-84dde-ec0edef9469b294b7e23945f1bc7d810da988ed7.gz
2008-08-25 14:23:38 -04:00
Evan Prodromou
55b6e17ee1 use mb_strlen instead of strlen in xmpp daemon
darcs-hash:20080825173105-84dde-ea607521c78694fe558514b423f1c6dc0e70241e.gz
2008-08-25 13:31:05 -04:00
Evan Prodromou
3fda5a684f notify user of remote subscriptions
darcs-hash:20080824200517-84dde-9662d89dbcd948e3ef7b7f8d4e82d90b4891c684.gz
2008-08-24 16:05:17 -04:00
Evan Prodromou
bf5176a711 big scarygram warning in config.php.sample about using DB_DataObject's debug mode
darcs-hash:20080824171202-84dde-fd3ed2b9645f2c2ec5439824dbc6f6a765c0a622.gz
2008-08-24 13:12:02 -04:00
Evan Prodromou
69e6e812b7 move README to main dir
darcs-hash:20080824113719-84dde-fce2da5de5de7cd76c001ac2c48b99edbedb80a8.gz
2008-08-24 07:37:19 -04:00
Evan Prodromou
a20a038542 be a little more liberal for sites that accidentally put whitespace before the xml decl
darcs-hash:20080824013803-84dde-9c5d9ce9c588cfb9baddae64366e3417f0a5fee9.gz
2008-08-23 21:38:03 -04:00
Evan Prodromou
7d6e1bb47f request token is not readonly
darcs-hash:20080824011706-84dde-bf35373c3bfc631f8285f8630155195c3c5cc304.gz
2008-08-23 21:17:06 -04:00
CiaranG
192a673472 Prevent jabber.php error by checking key exists
darcs-hash:20080823053548-f6e2c-dfc8a0acd9fb8589ed37e54c7d0d3d38afff34f5.gz
2008-08-23 01:35:48 -04:00
CiaranG
6593092bfd Escape profile url in xmpp in case fancy urls off (Ticket #521)
darcs-hash:20080823052534-f6e2c-aa452a8c2c6ee33399f4079d0bf2224847e1450a.gz
2008-08-23 01:25:34 -04:00
CiaranG
1e68183377 Fixed attempt to read nonexistent match in JID regex
darcs-hash:20080822191751-f6e2c-578869b8524e3238c461872981a5dd8c285937e3.gz
2008-08-22 15:17:51 -04:00
CiaranG
92645bbc57 XMPP sub/unsub and help commands
darcs-hash:20080822191032-f6e2c-a3a7efbbaad1ec7c48ef132a8ba34fc8b8651969.gz
2008-08-22 15:10:32 -04:00
CiaranG
ce3cdb20c0 Define xmpp daemon claim timeout time
darcs-hash:20080822185955-f6e2c-569bc9d304e904fd26e3cc976e8246e3eb7f93bd.gz
2008-08-22 14:59:55 -04:00
CiaranG
ebe35f56ae Fix bug in xmpp on/off (ticket #528)
darcs-hash:20080819071321-f6e2c-a7ee326669eba917fff8dd37c85c13db46c93f19.gz
2008-08-19 03:13:21 -04:00