Age | Commit message (Collapse) | Author | Files | Lines |
|
Apparently firefox doesn't like "style-src * 'unsafe-inline'", but wants
"style-src 'unsafe-inline' *" otherwise it doesn't honor
'unsafe-inline'. In chromium both behave the same.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Initial-patch-by: Lukas Epple <lukas.epple@me.com>
Switch from <table> to <div> like we did for pygments.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
It interferes with multiuser setups if you use X-Sendfile and it isn't
really needed anyway because you can set an upload_path outside the
docroot and because the default path is protected by an .htaccess file.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Nginx and Lighttpd
* The rangeDownload() function has been moved to libraries/Ddownload/drivers/Ddownload_php.php
* The nginx and lighttpd drivers can be set via $config['download_driver']
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
TL;DR: Allows us to show a proper error page if encryption_key is
missing from the config.
muser->logged_in() can load the session class which will die if
encryption_key is not set in the config causing an error to be
displayed.
Because the header is also loaded when we display an error
loading the class will be tried again. CI maintains an array with
information which classes have been tried to be loaded and will simply
return true without loading again.
muser->logged_in() will then try to access $this->session which doesn't
exist. Since all of this happens when we are already in the header the
error message appears in the navigation being hard to read.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Stateless clients (cli client and clients using api keys) can't reclaim
IDs (no cookie) so they should be required to log in asap and they will
always get an error if they didn't log in.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
The thumbnail function generates an invalid image (HTML error message)
if the ID is invalid resulting in empty images. Catch those when
creating the page to prevent that.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This supports more caching backends and doesn't force users to install
the memcache extension.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Way, way, way, way faster. Did I mention it is faster?
Also we now have line numbers because we can.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Simply enabling it again would cause breakage (json handling). Just get
rid of it.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Newest first to match the normal history's default.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
$this->output->parse_exec_vars is a protected variable so we can't
access it like the documentation suggests (yes this is a bug that
should be reported...), but even if it worked I'm not confident the
output class should be trusted with arbitrary input. Upstream might at
some point add another "feature" so this is the safe way to go.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
cron code already handled this correctly, valid() didn't.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Only login when necessary.
This also makes test_login() work properly (before the automatic login
would have intercepted the failure and in case of a good login
test_login() would test the credentials a second time.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
trim() would give us an empty string if base64_decode() returns false.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This change *should* be backwards compatible.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Initial-work-by: Oliver Mader <b52@reaktor42.de>
Additional-work-by: Markus Cisler <mrkscslr@gmail.com>
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Passing the authentication headers is slightly complicated with fastcgi
so we support both and let the users choose.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Pygments calls it that and mode was an undescriptive name anyway.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Previously we displayed an empty page since stderr usually goes to the
error log of the web server.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|