summaryrefslogtreecommitdiffstats
path: root/application/core
AgeCommit message (Collapse)AuthorFilesLines
2016-06-05Fix redirect on login after registering new accountFlorian Pritz1-0/+1
Previously the login box in the navigation would redirect to the current page, but this page will throw an error in the case of the registration page since that's the page with the invition key and that key is no longer valid. Fix this by redirecting to the $redirect_uri and ensure that this value is set for all requests. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-05-22Forbid cli requests until database is updatedFlorian Pritz1-1/+1
This mainly tries to prevent problems when file cron is run with an old database. Tools is whitelisted for the future, if there are cron jobs in tools they will need to check the migrations themselves. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-02-03Use exceptions instead of show_errorFlorian Pritz1-3/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-02-03Remove unstable json apiFlorian Pritz1-27/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-02-03implement api/user/create_apikeyFlorian Pritz1-1/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-01-16miscFlorian Pritz1-1/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-10-15add file/do_multipaste to CSRF exception listFlorian Pritz1-0/+1
This is only needed for clients not yet using api keys. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-10-03Rework image manipulation classFlorian Pritz1-0/+1
This is the first of hopefully more classes using namespaces and proper classes that can be used as objects rather than CI's singleton approach. The namespace is mainly used to gain nice autoloading capabilities and it's not really yet used for separation. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-08-30Improve migration error messageFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-07-23Move migration code to CLI callable functionFlorian Pritz1-3/+16
This is necessary to prevent migrations from running multiple times in parallel. A git hook can be used to run this after checkout so impact should be fairly low. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-22Move user_logged_in check to controller constructorFlorian Pritz1-0/+3
TL;DR: Allows us to show a proper error page if encryption_key is missing from the config. muser->logged_in() can load the session class which will die if encryption_key is not set in the config causing an error to be displayed. Because the header is also loaded when we display an error loading the class will be tried again. CI maintains an array with information which classes have been tried to be loaded and will simply return true without loading again. muser->logged_in() will then try to access $this->session which doesn't exist. Since all of this happens when we are already in the header the error message appears in the navigation being hard to read. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-16Remove executable bitsFlorian Pritz1-0/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-10Add file/get_max_size to csrf whitelistFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-05Disable CSRF for cli clients on user/create_apikeyFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Add support for enabling the profilerFlorian Pritz1-0/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Replace is_cli_client() with stateful_client where applicableFlorian Pritz1-1/+0
Stateless clients (cli client and clients using api keys) can't reclaim IDs (no cookie) so they should be required to log in asap and they will always get an error if they didn't log in. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-04Generalize request_type() to static_storage()Florian Pritz1-3/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Disable CSRF checks for CLI requestsFlorian Pritz1-1/+1
Otherwise we get an error in the Security class trying to access $_SERVER["REQUEST_METHOD"]. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Add GET parameter for json outputFlorian Pritz1-0/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Add CSRF protectionFlorian Pritz1-0/+46
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-09-02Provide json output for api functionsFlorian Pritz1-1/+11
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2013-08-22Deduplicate initialisation code in controllersFlorian Pritz1-0/+36
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-01-28update to CI 2.0Florian Pritz1-0/+10
Signed-off-by: Florian Pritz <bluewind@server-speed.net>