summaryrefslogtreecommitdiffstats
path: root/application
AgeCommit message (Collapse)AuthorFilesLines
2016-06-05config: Clarify comment about password hashing settingsFlorian Pritz1-1/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-05Fix redirect on login after registering new accountFlorian Pritz3-1/+4
Previously the login box in the navigation would redirect to the current page, but this page will throw an error in the case of the registration page since that's the page with the invition key and that key is no longer valid. Fix this by redirecting to the $redirect_uri and ensure that this value is set for all requests. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-05-24mfile/valid_id: Remove duplicate codeFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-05-24Fix TypeError when getting thumbnail for invalid IDFlorian Pritz1-0/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01Fix typoFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01Support rehashing of passwords not conforming to configFlorian Pritz2-0/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01muser: Add set_passwordFlorian Pritz2-4/+8
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01Support changing password hashing settingsFlorian Pritz2-1/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-03-29Catch potential password hashing errorsFlorian Pritz1-1/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-03-29Increase size of password field in DBFlorian Pritz2-1/+28
The php documentation for password_hash recommends 255. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-03-29Use PHP's password_hash functionFlorian Pritz3-259/+2
This drops a third party library, but bumps our required php version to 5.5 which is currently old stable. Earlier versions are no longer supported by php upstream nor by us. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-02-26Fix MYSQL error in migration 14/15Florian Pritz2-24/+16
Error was: You can't specify target table 'testsuite_prefix_file_storage' for update in FROM clause The new code is ported from the existing postgres migration. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-02-19view/user/profile: Fix typoFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-01-24PHP7: Ignore Notice when getting mimetype0.9.10Florian Pritz1-0/+5
Sometimes php7 throws an internal notice in this function which we convert to an exception. Catching the exception will however not set $mimetype so this error needs to be ignored. This should be removed once php has fixed the bug. References: https://bugs.php.net/bug.php?id=71434 Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-12-14PasswordHash: Fix PHP7 compatability0.9.9Florian Pritz1-1/+1
Using the class name for the constructor is deprecated. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-11-23l/Pygments: Fix exception for filenames ending with a dotFlorian Pritz2-1/+11
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-11-02view/client: Hardcode URLsFlorian Pritz3-7/+4
Clients are only hosted on paste.xinu.at and everywhere else the links will point to missing files so they become useless. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-11-02l/Image/D/imagemagick: Allow output on stderrFlorian Pritz1-1/+1
Imagemagick sometimes output warnings about files that do not conform to standards, but still renders them. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-30Bring a/views/file_plaintext in line with a/v/fileFlorian Pritz8-4/+30
- Add missing files - Fix paths missing FCPATH - Remove left over header/footer Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-28Fix login redirect with multipate URLFlorian Pritz1-1/+1
The - from m-ID was missing in the regex. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-26f/cron: Fix missing field when deleting unowned uploadsFlorian Pritz1-2/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-20Migration 16: Increase length of ci_session.ip_address for IPv6Florian Pritz2-1/+28
Reported-by: Michael Mueller <michael.mueller@selfnet.de> Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-20postgres: Add missing prefix to index creationFlorian Pritz7-11/+11
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-20postgres: Adapt MySQL query for thumbnail historyFlorian Pritz1-3/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-20postgres: Fix multiple queries using MySQL syntaxFlorian Pritz2-11/+11
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-20Implement migration 14 for postgresFlorian Pritz3-49/+101
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-20Fix missing prefix in migration 7Florian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-20l/Image::type_supported: improve performanceFlorian Pritz1-3/+10
service/file::history calls this for every entry which is rather slow. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-20API 2.1: Add thumbnail link to historyFlorian Pritz4-4/+26
Also adjust test cases to check for the new value. API v1 does not change. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-14API 2.0: Remove private fields from file/historyFlorian Pritz6-1/+620
Since this is a breaking change bump the api version to 2. The private fields are user_id and multipaste_id which where leaked via the multipaste_items field. This commit also adds a test case to both api versions that checks the returned fields. NOTE: Most of this commit is copied from the files of api v1 so when viewing the diff use --find-copies-harder for an easy to read diff. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-09-14API 1.4: Add more values to file/get_configFlorian Pritz3-2/+15
These are necessary for clients that want to send lots of fields e.g. in a delete request or upload multiple files in one upload request. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-18claim_id: Support multiple upload batchesFlorian Pritz1-5/+13
If the user has multiple tabs open, but is not logged in this will be called multiple times (unless he logs in after the first upload batch) and earlier uploads would be lost. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-18Fix redirect URI when using multiple tabsFlorian Pritz4-21/+14
If we store only the last called URI in the session we can't support multiple browser tabs that all need to log in again. Fix this by storing the URI in the URL. Also change a trim() to ltrim() so that the URI string we store keeps it's trailing slash. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-10Increase thumbnail cache ttlFlorian Pritz2-1/+3
Also try to clean up when files are deleted since 1 month is a rather long time. Granted, thumbnails are small, but whatever Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-09Improve performance of thumbnail historyFlorian Pritz2-13/+17
- Use the filedata we already have in c/file->upload_history_thumbnails() rather than fetching it per id in m/mfile->valid_id - Construct the config array for s/f::valid_id only once and not for every validation. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-09Increase performance of thumbnail viewFlorian Pritz1-1/+17
site_url is rather slow and the improvement is noticeable when there are lots of thumbnails (thumbnail history). Also make the code more readable in the process by inserting some linebreaks. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-04Add audio and video players to multipastesFlorian Pritz3-1/+24
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-08-02Add PLS playlist support for multipastesFlorian Pritz2-0/+32
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-07-18Display hash on file info pageFlorian Pritz1-0/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-07-18Fix double path in exception handlerFlorian Pritz1-1/+1
APPPATH is an absolute path already so prepending FCPATH will make an invalid path. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-07-10Make javascript baseUrl honor subdirsFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-06-05Keep email reset keys after useFlorian Pritz1-2/+0
The user might click the wrong link or might change their mind and it is really not necessary to clean them up early. Let the cron job take care of that. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-06-05Allow users to change their emailFlorian Pritz4-3/+135
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-06-05Move public files to ./public_htmlFlorian Pritz4-6/+6
./data/local is not moved because it contains likely untracked files and moving it would throw an error when updating. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-06-04Refactor exception handling into dedicated classFlorian Pritz3-2/+156
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-06-01Allow stderr for pygmentsFlorian Pritz1-1/+0
This happens when an invalid lexer is used so until we use the exceptions this should not be forbidden since we won't fall back to plain text then. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-05-31test: Add more \libraries\Image testsFlorian Pritz1-0/+30
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-05-28JS: Use newest file time for cache buster0.9.2Florian Pritz1-2/+20
Really no need to reload the files with each page load. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-05-28imagemagick: Use nested exceptionFlorian Pritz2-3/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-05-28Improve running of external commandsFlorian Pritz4-27/+156
Signed-off-by: Florian Pritz <bluewind@xinu.at>