Commit Graph

122 Commits

Author SHA1 Message Date
Lukas Reschke f7fa8662e2 Remove `session_id_regenerate` from here
Jenkins somewhat complains that there are already sent headers.
2014-02-21 08:12:45 +01:00
Lukas Reschke 0241ddc759 Merge pull request #6519 from nhirokinet/master
Security Update: session fixation
2014-02-20 14:28:26 +01:00
Scrutinizer Auto-Fixer adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00
Jörn Friedrich Dreyer 2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Thomas Müller 9b7c3a5c66 fixing PHPDoc and use cameCase names 2014-01-09 10:27:47 +01:00
Arthur Schiwon 4585b4ea3f Infowarning about 32bit 2014-01-08 19:41:10 +01:00
Arthur Schiwon d7cb5ab080 add tests for user counting 2014-01-08 13:26:48 +01:00
Arthur Schiwon cb6a3e2617 if backends have the same class name, sum their users up instead of overwriting 2014-01-08 13:24:28 +01:00
Arthur Schiwon 1e1ced7772 Introduce user count action to user management 2014-01-07 23:05:37 +01:00
NARUKAWA Hiroki 068688063e Security Update: session fixation
Previous version is vulnerable to session fixation attack in some situations, guessing non-apache-module-php5 environment. Regeneration of session id should be done here.
2013-12-20 03:38:51 +09:00
Robin Appelman e7a5c90cab Replace static usage of OC_Config and OC_Preferences with the injected \OC\ConfigAll 2013-12-18 13:03:19 +01:00
Robin Appelman a6c1b3ece3 fix the config option to remove the ability for users to set their displayname 2013-12-18 13:03:19 +01:00
Arthur Schiwon 91d6a6dd7c On webdav sesssions, loginname was compared to username which does not need to match necessarily 2013-12-13 16:58:03 +01:00
Robin Appelman f23b7a262f fix fallback overwriting result of getHome 2013-12-12 12:57:25 +01:00
Robin Appelman 366d75e947 cache the home folder of a User 2013-12-11 16:22:26 +01:00
Arthur Schiwon 8ccac86c98 Enable user backends to provide avatar images 2013-11-22 13:25:20 +01:00
Vincent Petry 013444813e Now removing stray old cookies from 5.0.12
Cookies from 5.0.12 seemed to have an extra slash in the path.
Firefox doesn't allow to remove them if the trailing slash isn't
there,
thus making it impossible to logout correctly.

This fix adds extra code to delete such stray cookies.

Ported from stable5 branch 99e5c6f7eb
2013-11-07 18:49:50 +01:00
Bjoern Schiessle f021dad204 remove user from cache if he was deleted successfully 2013-10-29 15:50:33 +01:00
Arthur Schiwon 466b6c1ee0 local user backend shall search for both username and displayname, fixes #5401 2013-10-25 21:57:12 +02:00
Andreas Fischer 75588fc0b6 Use strict comparison === instead of ==. 2013-10-08 20:03:16 +02:00
Andreas Fischer 6eab36a89b Make OC_User_Dummy::checkPassword() compatible with OC_User_Example.
The user id has to be returned.
2013-10-08 19:57:37 +02:00
Thomas Müller 9c9dc276b7 move the private namespace OC into lib/private - OCP will stay in lib/public
Conflicts:
	lib/private/vcategories.php
2013-09-30 16:36:59 +02:00