• last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates
improve safety of SQL queries

  1. … 4 more files in changeset.
Use the new 'email' input type widget

  1. … 1 more file in changeset.
Use the new 'url' and 'email' input type widgets

  1. … 1 more file in changeset.
improve spelling

  1. … 16 more files in changeset.
use "-varname" parameter for message_exists_p

  1. … 1 more file in changeset.
Fix remaining occurrence of "screen_name" variable used to actually tell HOW to display the screen_name

Use ad_include_contract

Add ad_include_contract

bug-fix: don't use variable "screen_name" for controlling display of ScreenName,

since it used as value for the actual screen name as well.

as a consequence, user got e.g. a value of "none" set as their acutal screen name, which

lead to a conflict with the unique screen name constraint of the data model

the conflicst with CVS: ----------------------------------------------------------------------

provde a global variable as transitional code for controlling passing of password as query variable

  1. … 2 more files in changeset.
don't pass sensitive information (e.g. password) as query variable, but use client properties instead.

see also issue #3344

  1. … 5 more files in changeset.
Add a new instance parameter 'LoginPasswordAutocomplete' with the value of the 'autocomplete' attribute of the password field of the login form, to let each subsite decide.

  1. … 1 more file in changeset.
Rework query to use permission api instead of just removed materialized views

Modernize logic for protecting against cached passwords from forms,

when users log out and other users use the back button (for Nora).

- switch to more modern caching prevention

- add CSRF protection to login form against forgery requests

- none of the cache-preventing mechanisms helps when the user

stores the password in the browser (no change to the past).

- For admins of existing sites: alter kernel parameter

"LoginPageExpirationTime" to 0 make use of this feature

  1. … 2 more files in changeset.
whitespace changes

obtain default authority_id via "auth::authority::get"

  1. … 3 more files in changeset.
Do not abort when returning a message

Fix regression retrieving the member state

Remove dead adp code: if user is found and token is correct, email_verified_p will be always true, because it is forcefully set by the proc. In any other case, we will execute a different adp (lib/message)

Reduce divergency between oracle and postgres codebase

Reduce divergency between oracle and postgres codebase

Note that this include might be obsolete

Use cached api

Add ad_include_contract (fixes automated tests)

Add ad_include_contract (fixes automated test)

Replace ad_decode idioms

  1. … 1 more file in changeset.
new parameter PersistentLoginDefault: let admin decide, whether default value in login box should be true of false

  1. … 1 more file in changeset.
add autocomplete hint as suggested by chrome

Add (trivial) ad_include_contract