Age | Commit message (Collapse) | Author | Files | Lines |
|
Apparently firefox doesn't like "style-src * 'unsafe-inline'", but wants
"style-src 'unsafe-inline' *" otherwise it doesn't honor
'unsafe-inline'. In chromium both behave the same.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Initial-patch-by: Lukas Epple <lukas.epple@me.com>
Switch from <table> to <div> like we did for pygments.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
|
|
It interferes with multiuser setups if you use X-Sendfile and it isn't
really needed anyway because you can set an upload_path outside the
docroot and because the default path is protected by an .htaccess file.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
|
|
|
|
|
|
|
|
Looks like this has been missed somewhere along the way
(36a1bb6770cb76ec7baf4e215c4379b070c60639) and ended up too deep down.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
show_error() already exits after displaying the message.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Nginx and Lighttpd
* The rangeDownload() function has been moved to libraries/Ddownload/drivers/Ddownload_php.php
* The nginx and lighttpd drivers can be set via $config['download_driver']
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Mimetype detection doesn't always properly detect code (I saw javascript as
plain text, c as asm) and if there is an extension we can likely get
better result by using that.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
TL;DR: Allows us to show a proper error page if encryption_key is
missing from the config.
muser->logged_in() can load the session class which will die if
encryption_key is not set in the config causing an error to be
displayed.
Because the header is also loaded when we display an error
loading the class will be tried again. CI maintains an array with
information which classes have been tried to be loaded and will simply
return true without loading again.
muser->logged_in() will then try to access $this->session which doesn't
exist. Since all of this happens when we are already in the header the
error message appears in the navigation being hard to read.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
form-horizontal causes the viewport to become too wide.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
|
|
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
We don't use wildcards so we don't need like.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
The files table was MyISAM even though all other tables were InnoDB.
We should avoid mixing types here (backups, transactions and performance).
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
To enable set:
$config['authentication_driver'] = 'fluxbb';
$config['auth_fluxbb'] = array('database' => 'fluxbb');
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Add example array to config.php
Remove $optional_functions from Duser_fluxbb to follow
bb9f9274e8c2d661a1adffd87c87c3d81ec47b4d.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Not implemented functions return null and code using these no longer
has to check if they are implemented, but it has to handle null
properly.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
false means we know it doesn't exist, null means we don't know.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This fixes a possible endless loop when the function is not implemented
in the driver, but the array says it is.
It also allows us to simply call it without checking if it's
implemented.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This could result in too short strings
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Stateless clients (cli client and clients using api keys) can't reclaim
IDs (no cookie) so they should be required to log in asap and they will
always get an error if they didn't log in.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This reduces the amount of db queries and cookies we create since each
update triggers an db update and (which is a bug) sets a new cookie.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This saves us 2 to 4 (useless) db queries per page.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Otherwise we get an error in the Security class trying to access
$_SERVER["REQUEST_METHOD"].
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|