summaryrefslogtreecommitdiffstats
path: root/application
AgeCommit message (Collapse)AuthorFilesLines
2012-07-24Don't call undefined functions on error pageFlorian Pritz1-11/+84
Regression test: URL with disallowed chars: '$url/1234/.exec("asdf")' Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-22display header on client page when using browserFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-22fix call to _non_existent() typosFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Add cron function for user controllerFlorian Pritz2-0/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Improve design of general error pageFlorian Pritz2-61/+22
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12c/user: improve error messagesFlorian Pritz1-6/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12u/register: improve error message for invalid usernameFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Explicitly select fields in db queriesFlorian Pritz2-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Store userid in sessionFlorian Pritz1-6/+2
We don't really have to hit the db here every time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Display nice error message if username exists alreadyFlorian Pritz2-0/+19
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Add unique index for users.usernameFlorian Pritz2-1/+22
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-07Display total size uploaded by user on history pageFlorian Pritz3-0/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-02Only send a Content-Range header when we output a rangeFlorian Pritz1-2/+2
Sending it without being asked for a range breaks tnftp. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-06-22format_bytes(): fix bug if size=0Florian Pritz1-5/+18
If $size is 0 log() will return -INF leading to an "undefined offset" error when trying to get the suffix. We fix this by copying the code from fb-client which handles this issue correctly and will also work for sizes above the biggest suffix (won't happen here, but who cares). Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-06-13Merge tag '2.1.1'Florian Pritz1-2/+2
Retagging 2.1.1 for final release Conflicts: user_guide/changelog.html user_guide/database/active_record.html user_guide/database/caching.html user_guide/database/call_function.html user_guide/database/configuration.html user_guide/database/connecting.html user_guide/database/examples.html user_guide/database/fields.html user_guide/database/forge.html user_guide/database/helpers.html user_guide/database/index.html user_guide/database/queries.html user_guide/database/results.html user_guide/database/table_data.html user_guide/database/transactions.html user_guide/database/utilities.html user_guide/doc_style/index.html user_guide/general/alternative_php.html user_guide/general/ancillary_classes.html user_guide/general/autoloader.html user_guide/general/caching.html user_guide/general/cli.html user_guide/general/common_functions.html user_guide/general/controllers.html user_guide/general/core_classes.html user_guide/general/creating_drivers.html user_guide/general/creating_libraries.html user_guide/general/credits.html user_guide/general/drivers.html user_guide/general/environments.html user_guide/general/errors.html user_guide/general/helpers.html user_guide/general/hooks.html user_guide/general/libraries.html user_guide/general/managing_apps.html user_guide/general/models.html user_guide/general/profiling.html user_guide/general/quick_reference.html user_guide/general/requirements.html user_guide/general/reserved_names.html user_guide/general/routing.html user_guide/general/security.html user_guide/general/styleguide.html user_guide/general/urls.html user_guide/general/views.html user_guide/helpers/array_helper.html user_guide/helpers/captcha_helper.html user_guide/helpers/cookie_helper.html user_guide/helpers/date_helper.html user_guide/helpers/directory_helper.html user_guide/helpers/download_helper.html user_guide/helpers/email_helper.html user_guide/helpers/file_helper.html user_guide/helpers/form_helper.html user_guide/helpers/html_helper.html user_guide/helpers/inflector_helper.html user_guide/helpers/language_helper.html user_guide/helpers/number_helper.html user_guide/helpers/path_helper.html user_guide/helpers/security_helper.html user_guide/helpers/smiley_helper.html user_guide/helpers/string_helper.html user_guide/helpers/text_helper.html user_guide/helpers/typography_helper.html user_guide/helpers/url_helper.html user_guide/helpers/xml_helper.html user_guide/index.html user_guide/installation/downloads.html user_guide/installation/index.html user_guide/installation/troubleshooting.html user_guide/installation/upgrade_120.html user_guide/installation/upgrade_130.html user_guide/installation/upgrade_131.html user_guide/installation/upgrade_132.html user_guide/installation/upgrade_133.html user_guide/installation/upgrade_140.html user_guide/installation/upgrade_141.html user_guide/installation/upgrade_150.html user_guide/installation/upgrade_152.html user_guide/installation/upgrade_153.html user_guide/installation/upgrade_154.html user_guide/installation/upgrade_160.html user_guide/installation/upgrade_161.html user_guide/installation/upgrade_162.html user_guide/installation/upgrade_163.html user_guide/installation/upgrade_170.html user_guide/installation/upgrade_171.html user_guide/installation/upgrade_172.html user_guide/installation/upgrade_200.html user_guide/installation/upgrade_201.html user_guide/installation/upgrade_202.html user_guide/installation/upgrade_203.html user_guide/installation/upgrade_210.html user_guide/installation/upgrade_b11.html user_guide/installation/upgrading.html user_guide/libraries/benchmark.html user_guide/libraries/caching.html user_guide/libraries/calendar.html user_guide/libraries/cart.html user_guide/libraries/config.html user_guide/libraries/email.html user_guide/libraries/encryption.html user_guide/libraries/file_uploading.html user_guide/libraries/form_validation.html user_guide/libraries/ftp.html user_guide/libraries/image_lib.html user_guide/libraries/input.html user_guide/libraries/javascript.html user_guide/libraries/language.html user_guide/libraries/loader.html user_guide/libraries/migration.html user_guide/libraries/output.html user_guide/libraries/pagination.html user_guide/libraries/parser.html user_guide/libraries/security.html user_guide/libraries/sessions.html user_guide/libraries/table.html user_guide/libraries/trackback.html user_guide/libraries/typography.html user_guide/libraries/unit_testing.html user_guide/libraries/uri.html user_guide/libraries/user_agent.html user_guide/libraries/xmlrpc.html user_guide/libraries/zip.html user_guide/license.html user_guide/overview/appflow.html user_guide/overview/at_a_glance.html user_guide/overview/cheatsheets.html user_guide/overview/features.html user_guide/overview/getting_started.html user_guide/overview/goals.html user_guide/overview/index.html user_guide/overview/mvc.html user_guide/toc.html user_guide/tutorial/conclusion.html user_guide/tutorial/create_news_items.html user_guide/tutorial/hard_coded_pages.html user_guide/tutorial/index.html user_guide/tutorial/news_section.html user_guide/tutorial/static_pages.html Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-06-12fix missing negation in deleteFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-06-09detect new curl user agentFlorian Pritz1-1/+1
curl 7.26.0 changed the user agent format to "curl/$version" and no longer sends the library version. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-17Move some functions from file_mod to file controllerFlorian Pritz3-212/+210
Models shouldn't really call views Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-17improve is_cli_client() and use everywhereFlorian Pritz3-17/+23
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-15Ignore etags when displaying HTML pagesFlorian Pritz1-1/+3
This allows the html page to change (user logged in/not logged in), but still keeps etag support for content that's really going to stay the same (images, plain file content, qr codes for urls) Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-12Hide notice when getting key from memcacheFlorian Pritz1-1/+9
This looks horrible, but gets the job done... Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-12fix missing object initialization and properly declare class variablesFlorian Pritz3-3/+11
var is deprecated since ages and in strict mode we have to initialize $this->var as a generic object before using it. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-10Prevent browsers from deleting filesFlorian Pritz1-0/+5
CLI clients are expected to only request deletion when the users wants it. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-10Replace timeout (delete) link with info linkFlorian Pritz1-1/+2
The delete link won't ask for confirmation anymore, so don't use it. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-05Rework file deletion; allow to delete multiple IDs at onceFlorian Pritz6-82/+119
This removes the old form which was used to delete a single upload and replaces it with checkboxes on the history page. All checked IDs will be removed at once, instead of requiring the user to click through multiple pages. The old file/delete page is kept for compatibility with CLI clients. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-03user/hash_password: add form to support normal browsersFlorian Pritz2-2/+42
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-03document ID/info modeFlorian Pritz2-4/+10
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-03remove password column from `files`Florian Pritz2-1/+22
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-03add ID/info to display more information about a fileFlorian Pritz3-21/+45
The table is shared with the old delete_form, but it doesn't display the delete button in info mode. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-01use function to generate links to css filesFlorian Pritz4-4/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-01move file link generation from controller to viewFlorian Pritz2-12/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-01move etag handling into handle_etag()Florian Pritz1-27/+23
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-21Disable cache for upload_history for now.Florian Pritz1-1/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-15upload_hstory: Initialize $lengths correctlyFlorian Pritz2-11/+22
If you only uploaded short filenames "Filename" could e longer than any filename, resulting in a broken table. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14Make sure we keep the uri flashdataFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14claim_id: Fix wrong variable nameFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14cron: Remove expired, unowned filesFlorian Pritz1-4/+10
Unowned files expire whenever a session expires because the user won't be able to reclaim them anymore. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14Allow to keep and reclaim uploads without being logged inFlorian Pritz3-8/+59
If a user keeps the browser open until his session expires and then tries to upload something we now add it to the database, add the ID to the new session and when someone logs in with that session the ID is assigned. Until then even if you guess it correctly, you won't be able to download it. If the user still manages to let the 2nd session expire because he can't find his password, the upload will be lost. Shit happens. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14v/upload_form: Reword primary goalFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-13Hide delete button if user doesn't own the idFlorian Pritz3-3/+9
It won't work anyway. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-13Add nuke_id() commandFlorian Pritz1-0/+26
This can be used to remove an ID and all other IDs referencing the same hash. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-13Add do_paste() and remove ajax from upload_formFlorian Pritz2-15/+46
If the session has timed out, javascript will get the login page and try to redirect to "base_url/$htmlcode" which will obviously fail. Instead of fixing the js code, reintroduce do_paste and use it. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-12CSP: add unsafe-inline to style-srcFlorian Pritz1-1/+1
chromium rejects inline css with this. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Display login boxes on upload_formFlorian Pritz2-10/+8
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Use phpass for password hashingFlorian Pritz2-2/+258
The current implementation sometimes failed to generate valid hashes (had something to do with the random salt). Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Fix password verificationFlorian Pritz1-1/+9
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Add filesize to history viewFlorian Pritz6-7/+65
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Show confirmation after loginFlorian Pritz2-0/+7
Some users might expect confirmation emails, but we don't send those (yet?). Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-10Fix syntax error in migration 2Florian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09Fix plaintext client viewFlorian Pritz1-3/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>