| Commit message (Expand) | Author | Age |
* | Don't send relative redirect URLs when behind a reverse proxy | Simon McVittie | 2018-01-08 |
* | improve error message when postsignin is not set | Joey Hess | 2018-01-04 |
* | cgierror: When the CGI fails, print the error to stderr, not "Died" | Simon McVittie | 2017-05-14 |
* | Defend against empty session names | Simon McVittie | 2017-05-14 |
* | CGI, attachment, passwordauth: harden against repeated parameters | Simon McVittie | 2017-01-11 |
* | cgitemplate: actually remove dead code | Simon McVittie | 2016-12-19 |
* | HTML-escape error messages (OVE-20160505-0012) | Simon McVittie | 2016-05-05 |
* | Silence "used only once: possible typo" warnings for variables that are part ... | Simon McVittie | 2016-01-19 |
* | cloak user PII when making commits etc, and let cloaked PII be used in banned... | Joey Hess | 2015-05-14 |
* | Fix double UTF-8 decode on Perl < 5.20 with upgraded Encode.pm | Anders Kaseorg | 2015-03-01 |
* | Merge branch 'ready/html5' | Simon McVittie | 2014-11-26 |
|\ |
|
| * | Now that we're always using HTML5, <base href> can be relative | Simon McVittie | 2014-10-16 |
* | | Call CGI->param_fetch instead of CGI->param in array context | Amitai Schlair | 2014-10-16 |
|/ |
|
* | In html5 mode, generate a host- or protocol-relative <base> for the CGI | Simon McVittie | 2014-10-05 |
* | Add reverse_proxy option which hard-codes cgiurl in CGI output | Simon McVittie | 2014-10-05 |
* | Force use of $config{url} as top URL in w3mmode | Simon McVittie | 2014-10-05 |
* | do not double-decode unicode in CGI forms | Antoine Beaupré | 2014-09-09 |
* | protect $@ whenever a block using $@ is non-trivial | Simon McVittie | 2014-02-21 |
* | save whole form state, not just QUERY_STRING, for postsignin | Joey Hess | 2012-04-08 |
* | record email of new users in userinfo for userlist | Joey Hess | 2011-06-09 |
* | let's assume some web server will think OFF is a good idea.. | Joey Hess | 2011-06-03 |
* | Support the Hiawatha web server which sets HTTPS=off rather than not setting ... | Joey Hess | 2011-06-03 |
* | Fix broken baseurl in cgi mode when usedirs is disabled. Bug introduced in 3.... | Joey Hess | 2011-02-21 |
* | fix urlto(undef) | Joey Hess | 2011-01-05 |
* | add cgitemplate | Joey Hess | 2011-01-05 |
* | factored out an urlabs from aggregate and cgi | Joey Hess | 2011-01-05 |
* | oops | Joey Hess | 2011-01-05 |
* | typo | Joey Hess | 2011-01-05 |
* | Fix redirect to use a full url. | Joey Hess | 2011-01-05 |
* | Fix base url when previewing. Was broken by urlto changes in last release. | Joey Hess | 2011-01-05 |
* | Merge remote branch 'smcv/ready/sslcookie-auto' | Joey Hess | 2010-11-29 |
|\ |
|
| * | Always set secure cookies if logging in via HTTPS | Simon McVittie | 2010-11-29 |
* | | Use local path for even more CGI URLs | Simon McVittie | 2010-11-23 |
* | | Use local paths for redirection where possible | Simon McVittie | 2010-11-23 |
|/ |
|
* | stop using REMOTE_ADDR | Joey Hess | 2010-06-23 |
* | allow misctemplate callers to pass params to suppress actions etc | Joey Hess | 2010-05-14 |
* | moved non-openid signin form into same page as openid selector; show/hide as ... | Joey Hess | 2010-05-08 |
* | simplify formbuilder stylesheet specification | Joey Hess | 2010-05-06 |
* | brace style | Joey Hess | 2010-01-18 |
* | typos | Joey Hess | 2010-01-18 |
* | make decode_form_utf8 safe for arrays | Joey Hess | 2010-01-09 |
* | 404/goto: Fix 404 display of utf-8 pages. | Joey Hess | 2009-12-14 |
* | fix url encoding in redir | Joey Hess | 2009-10-29 |
* | Expand banned_users; it can now include PageSpecs, which allows banning by IP... | Joey Hess | 2009-09-08 |
* | Fix typo attepting→attempting | Jonas Smedegaard | 2009-07-23 |
* | detect sslcookie set and no https | Joey Hess | 2009-02-26 |
* | factor out IE stupididy workaround | Joey Hess | 2009-01-31 |
* | Split cgi_goto into a goto plugin | Simon McVittie | 2009-01-31 |
* | Split apache404 into an independent plugin | Simon McVittie | 2009-01-31 |
* | CGI: pad error responses with 512 bytes of spaces so IE will display them | Simon McVittie | 2009-01-31 |