summaryrefslogtreecommitdiffstats
path: root/application/core
AgeCommit message (Collapse)AuthorFilesLines
2014-10-15add file/do_multipaste to CSRF exception listFlorian Pritz1-0/+1
This is only needed for clients not yet using api keys. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-10-03Rework image manipulation classFlorian Pritz1-0/+1
This is the first of hopefully more classes using namespaces and proper classes that can be used as objects rather than CI's singleton approach. The namespace is mainly used to gain nice autoloading capabilities and it's not really yet used for separation. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-08-30Improve migration error messageFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-07-23Move migration code to CLI callable functionFlorian Pritz1-3/+16
This is necessary to prevent migrations from running multiple times in parallel. A git hook can be used to run this after checkout so impact should be fairly low. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-22Move user_logged_in check to controller constructorFlorian Pritz1-0/+3
TL;DR: Allows us to show a proper error page if encryption_key is missing from the config. muser->logged_in() can load the session class which will die if encryption_key is not set in the config causing an error to be displayed. Because the header is also loaded when we display an error loading the class will be tried again. CI maintains an array with information which classes have been tried to be loaded and will simply return true without loading again. muser->logged_in() will then try to access $this->session which doesn't exist. Since all of this happens when we are already in the header the error message appears in the navigation being hard to read. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-16Remove executable bitsFlorian Pritz1-0/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-10Add file/get_max_size to csrf whitelistFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-05Disable CSRF for cli clients on user/create_apikeyFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Add support for enabling the profilerFlorian Pritz1-0/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Replace is_cli_client() with stateful_client where applicableFlorian Pritz1-1/+0
Stateless clients (cli client and clients using api keys) can't reclaim IDs (no cookie) so they should be required to log in asap and they will always get an error if they didn't log in. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Generalize request_type() to static_storage()Florian Pritz1-3/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Disable CSRF checks for CLI requestsFlorian Pritz1-1/+1
Otherwise we get an error in the Security class trying to access $_SERVER["REQUEST_METHOD"]. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Add GET parameter for json outputFlorian Pritz1-0/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Add CSRF protectionFlorian Pritz1-0/+46
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Provide json output for api functionsFlorian Pritz1-1/+11
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-22Deduplicate initialisation code in controllersFlorian Pritz1-0/+36
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-01-28update to CI 2.0Florian Pritz1-0/+10
Signed-off-by: Florian Pritz <bluewind@server-speed.net>