| #
8071beaa |
| 15-Oct-2011 |
Andreas Gohr <andi@splitbrain.org> |
bind security token to username
This makes the security token more robust agains session fixation
attacks. A CSRF warning will no longer abort a page save but lead to the
preview mode to avoid infor
bind security token to username
This makes the security token more robust agains session fixation
attacks. A CSRF warning will no longer abort a page save but lead to the
preview mode to avoid information loss when a user logs in during
editing (eg in another tab).
show more ...
|
| #
d9162c6c |
| 09-Jun-2011 |
Kate Arzamastseva <pshns@ukr.net> |
fullscreen media manager
|
| #
31bc8f11 |
| 24-May-2011 |
Michael Hamann <michael@content-space.de> |
Check permissions + security token in lock + draft modification FS#2265
This disables lock and draft creation for pages the user can't edit. It
additionally adds a security token to the draft creati
Check permissions + security token in lock + draft modification FS#2265
This disables lock and draft creation for pages the user can't edit. It
additionally adds a security token to the draft creation and deletion
request so - at least for logged in users - drafts can't be created,
modified or deleted so easily anymore.
show more ...
|
| #
c828a5d6 |
| 02-May-2011 |
Andreas Gohr <andi@splitbrain.org> |
execute edit action when draft was specified but no draft exists FS#2240
|
| #
24ea6500 |
| 04-Mar-2011 |
Andreas Gohr <andi@splitbrain.org> |
check manager/admin role earlier for admin plugins FS#2180
|
| #
bd07158f |
| 22-Feb-2011 |
Anika Henke <anika@selfthinker.org> |
deleted redundant line
|
| #
4c36bf82 |
| 03-Jan-2011 |
Guillaume Turri <guillaume.turri@gmail.com> |
Change sitemap filename to sitemap.xml(.gz). Closes FS#2127
|
| #
ec5906e6 |
| 13-Dec-2010 |
Michael Hamann <michael@content-space.de> |
Delete superfluous assignment created by the last commit
|
| #
03f008cd |
| 12-Dec-2010 |
Michael Hamann <michael@content-space.de> |
Copy changes from ajax_lock to act_draftsave
|
| #
e3776c06 |
| 29-Nov-2010 |
Michael Hamann <michael@content-space.de> |
Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3
As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is o
Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3
As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is opened,
thus this commit removes the enc setting from the modeline.
show more ...
|
| #
85dcda20 |
| 20-Nov-2010 |
Robin Getz <rgetz@blackfin.uclinux.org> |
Send 403 header for permission denied screens when send404 is enabled
|
| #
4064e2d3 |
| 20-Nov-2010 |
Robin Getz <rgetz@blackfin.uclinux.org> |
Handle do=check before ACL checking
|
| #
762b4c44 |
| 10-Oct-2010 |
Michael Hamann <michael@content-space.de> |
Merge remote branch 'origin/master' into sitemap
|
| #
c346111a |
| 29-Sep-2010 |
Adrian Lang <lang@cosmocode.de> |
Add back globals for templates
|
| #
de3eb1d7 |
| 28-Sep-2010 |
Adrian Lang <lang@cosmocode.de> |
Small fixes / cleanup
|
| #
eae17177 |
| 22-Sep-2010 |
Michael Hamann <michael@content-space.de> |
Action handler for sitemaps improved
The action handler for the sitemap now makes use of the sitemapper
methods for determining the filename and uses http conditional requests.
|
| #
2897eb23 |
| 26-Jun-2010 |
Michael Hamann <michael@content-space.de> |
Transformed the sitemapper into a class
This makes it possible to autoload the sitemapper when needed.
|
| #
c4f79b71 |
| 07-Apr-2010 |
Michael Hamann <michael@content-space.de> |
Sitemap rewrite
|
| #
396c218f |
| 27-Aug-2010 |
Andreas Gohr <andi@splitbrain.org> |
make use of tpl_get_action in tpl_actiondropdown FS#2005
|
| #
134b7bd9 |
| 27-Jun-2010 |
Andreas Gohr <andi@splitbrain.org> |
do not require special permissions to look at index FS#1720
|
| #
9fa341d0 |
| 26-Jun-2010 |
Andreas Gohr <andi@splitbrain.org> |
check for user in act_subscription FS#1935
|
| #
b6258081 |
| 13-Jun-2010 |
Andreas Gohr <andi@splitbrain.org> |
msgs are saved in send_redirect now, less code duplication needed
|
| #
de4d479a |
| 17-May-2010 |
Adrian Lang <lang@cosmocode.de> |
Let actionOK detect auth backend capabilities
|
| #
c9d5430b |
| 29-Mar-2010 |
Adrian Lang <lang@cosmocode.de> |
Call act_edit for locked pages
50e988b accidentally stopped act_dispatch from calling act_edit for locked
pages, thus showing a generic »page not writable« message instead of a
page lock message.
|
| #
d7879495 |
| 12-Mar-2010 |
Andreas Gohr <andi@splitbrain.org> |
Merge branch 'requireall'
Conflicts:
inc/fulltext.php
|