Commit Graph

7 Commits

Author SHA1 Message Date
xisi
76a67cb71a Changed the config options for CSRF/disabling forms
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
2014-01-20 04:41:13 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
2014-01-20 04:40:38 -05:00
Neozonz
d9b8f11f67 [FIX] Password change for mobile users
[FIX] Allow unlock via mobile phone
2014-01-13 17:42:23 -05:00
Sebastian Grewe
f98d08df83 [SECURITY] Fixing XSS in PHP_SELF
Fixes #1364 once merged.
2014-01-11 19:01:14 +01:00
Sebastian Grewe
ceadf30a85 [SECURITY] Fixing potential XSS issues
Will resolve #926 once merged.
2013-12-09 08:02:41 +01:00
Sebastian Grewe
bc1ca7feb3 Fixing mobile template warning on reset pw 2013-07-03 19:12:32 +02:00
Sebastian Grewe
d4f4b9073f Working jQuery Mobile frontend for mobile devices
* Added mobile device detection PHP library
* Call PHP library to decide which theme to use
* Added theme as a configuration option into global config
 * Selectable Desktop theme (default: mmcFE)
 * Selectable Mobile theme (default: mobile)
 * Disable mobile theme support entirely

**NOTE**: This requires updates to the `global.inc.php` so please check
the dist file and update your config before filing a new issue!

Addresses #25
2013-06-28 13:45:14 +02:00