Commit Graph

269 Commits (752743a349dbe013fe46c6a00778cd77d42ce1a8)

Author SHA1 Message Date
Oliver Günther 31b2862b94
[24365] Allow controllers to specify redirect-safe params 8 years ago
Jens Ulferts 5c73efc616
rely on url_for to fill in request's parameters on session timeout back url 8 years ago
Jens Ulferts daa2d07e4b
rely on url_for to fill in request's parameters on back url 8 years ago
Oliver Günther 8c42f5ae35
Fix invalid find_project_by_project_id 8 years ago
Oliver Günther 7994631440
Use unreleased version of friendly_id and fix project finder 8 years ago
Oliver Günther fe0e8dd919
Rename before_filter to before_action 8 years ago
Oliver Günther 638e8ca735
Build simple service to initialize setting on login 8 years ago
Jens Ulferts ab93799c8b
improve menu performance by rendering to existing controller 8 years ago
Jens Ulferts 8c827bbbec remove costly eager loading 8 years ago
Oliver Günther 638340e7b6 Fix rubocop issues 9 years ago
Cyril Rohr 1b29d8ec92 Move email settings out of the YAMl configuration file, and into the Settings page 9 years ago
Markus Kahl 6827c832f6 make available standard I18n's #t 9 years ago
Oliver Günther fb4bf739d9 Allow the configuration to disable APIv2 basic auth 9 years ago
Oliver Günther 82eb512450 Make session name configurable 9 years ago
Oliver Günther c7e410ef11 Warn users when OP cookie is missing 9 years ago
Jens Ulferts be21a7a504 update error message for bulk operations across multiple projects 9 years ago
Oliver Günther a6b4372b09 Always preprocess URLs with CGI.unescape 9 years ago
Oliver Günther fcd450af3f Fix redirect vulnerability 9 years ago
Oliver Günther 6eeea9d1da Avoid mutator sort on relations 9 years ago
Jens Ulferts 6e01b27f18 rename service's method to be in accordance with proc 9 years ago
Jens Ulferts c471080e08 set locale before API v3 request 9 years ago
Markus Kahl dd496297fd don't use random language as user's language 9 years ago
Oliver Günther 7ebac37c14 Repository Management - Refactoring and Preparation 9 years ago
Alex Coles 0ad3cfb4b2 Prefer do…end for controller respond_to blocks 10 years ago
Markus Kahl bcd981df5c consider X-Authentication-Scheme; opt scoped realm 10 years ago
Markus Kahl d854df5175 suppress browser prompt on authenticate failure 10 years ago
Alex Coles e02eb0181d Migrate AR finder/query methods in controllers 10 years ago
Alex Coles ec1bb39f9b Fix syntax (w/Rubocop) in (Rails) controllers 10 years ago
Alex Coles 57618b25ec Replace dynamic finder usages with #find_by, etc. 10 years ago
Alex Coles bc5abb34ab Remove explicit require_dependency of Principal 10 years ago
Markus Kahl 560d970b0f in-regex comments 10 years ago
Markus Kahl 4abd716dd6 more comments 10 years ago
Markus Kahl 52fe1da137 don't redirect back to logout 10 years ago
Alex Coles e0191e759c Update year in copyright header to 2015 10 years ago
Alex Coles 3629ded2ae Handle ActionController::ParameterMissing globally 10 years ago
Alex Coles bb0e6e6aa5 Fix syntax (w/Rubocop) in (Rails) controllers 10 years ago
Alex Coles 336446c59d Use 1.9+ Hash syntax in (Rails) controllers 10 years ago
Richard 72b6e26461 Twist redirect to back url method to work with JSON params. 10 years ago
Martin Linkhorst 8877883c63 given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path. 10 years ago
Marek Takac 2269f9a8ee Fixed authorization service calls 11 years ago
Martin Linkhorst 1f36d43b70 there was a wrong parenthesis: the last match needs to be ANDed with all the prior checks. instead of changing it, refactored the code to be more clear. still allows redirects to different sub-uris. 11 years ago
Philipp Tessenow d8cb82a2e8 explicitly allow home path in back_url 11 years ago
Philipp Tessenow 0cdbaf39f6 fix protocol-relative redirection test 11 years ago
jplang 1db8642ac6 [security] fixed back url verification 11 years ago
Marek Takac 1ca62def08 Used named params in AuthorizationService constructor 11 years ago
Marek Takac bb8aa422b1 Refactored Authorization service 11 years ago
Marek Takac ac2c89c0d7 Initial foundations for API v3 11 years ago
Michael Frister 98f81665db CSRF Protection: Prevent login CSRF 11 years ago
Michael Frister ed7ffdc616 CSRF Protection: Don't attempt to catch unused InvalidAuthenticityToken 11 years ago
Michael Frister c2fdfd0f1d Fix API requests without CSRF token being rejected 11 years ago