Parent Directory
| 
Revision Log
| 
Revision Graph
| Links to HEAD: | (view) (download) (as text) (annotate) |
| Sticky Tag: |
#575280 follow-up by mfb and chx: Fixed impersonation attack when an https session exists.
- Patch #584966 by mr.baileys, sun: add doxygen group for PHP function wrappers in Drupal.
- Patch by #1577 by chx, boombatower, Bèr Kessels, kkaefer: made SSL support a bit easier by providing two cookies and ... hook_goto_alter.
- Patch #477944 by DamZ: more streamlining and clean-up of session handling code.
- Patch #477944 by Damien Tournoud: fix and streamline page cache and session handling.
- Patch #422374 by JamesAn: convert to use the new static caching API.
Roll-back of users -> user table name change in #330983: Broken pgsql is no fun.
#330983 by recidive and boombatower: Rename users/users_roles tables to user/user_role for consistency.
- Patch #201122 by c960657, Moshe Weitzman: never write anonymous sessions, unless something has been written to . This is an important performance improvements -- as long as you use modules that use carefully. It might be good to report some analytics about this in the performance settings page so administrators can see if there is a 'broken' module.
#280934 rolled back: was incompatible with PHP before version 5.2
Rolling back #280934. PHP 4 incompatibility.
#280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS
#280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS
- Patch #280934 by pwolanin, swentel, et al: harden session regeneration. It took a while, but it comes with tests and extra features now.
More code style removing trivial differences with 6.x. Last commit was actually: #213699 reported by gpk, patch by c960657: Race condition in sess_write() caused duplicate entry errors in the sessions table, fix that.
code style
#293612 by egfrith, Bart Jansens: let user_authenticate() be called without cookies previously set; allows web service modules to start a session with the authentication.
- Patch #299778 by hswong3i, Arancaytar, Dave Reid et al: code clean-up.
- Patch #297860 by Damien Tournoud: converted session.inc to the new database abstraction layer.
#293612 by egfrith, Bart Jansens: let user_authenticate() be called without cookies previously set; allows web service modules to start a session with the authentication
#293612 by egfrith: user_authenticate() should work when is empty.
- Patch #161301 by Eaton, Sun, moshe and webchick: make checking for node edit forms easier. DX improvement.
- Patch #309488 by kbahey: correct capitalization of TRUE and FALSE.
#213699 reported by gpk, patch by c960657: Race condition in sess_write() caused duplicate entry errors in the sessions table, fix that.
- Patch #305645 by pwolanin: ['REQUEST_TIME'] -> REQUEST_TIME. Improved developer experience.
#308534 by Dave Reid: Remove stray whitespace core-wide.
- Patch #253702 by Damien Tournoud et al: further clean-up of the session handling code.
- Patch #253702 by jscheel, gpk: clarified session handling functions.
- Patch #302763 by Dave Reid, Rob Loach: replace time() by ['REQUEST_TIME'] as per Rasmus' suggestion. Removed drupal_referrer() for consistency.
#297860 by catch: Reverting reversion to reverted DBTNG stuff. Tests should pass now.
- Patch #297860 by Damien Tournoud: sess_write should use a db_merge().
- Patch #225450 by Crell, chx, bjaspan, catch, swentel, recidive et al: next generation database layer for Drupal 7.
- Patch #293421 by Bart Jansens: fixed documentation of sess_count().
- Patch #293421 by Bart Jansens: fixed documentation of sess_count().
- Patch #213699 by Damien Tournoud, c960657: fixed race condition in sess_write().
- Patch #245504 by catch, David_Rothstein, Freso, et al: removed the throttle module from Drupal core.
- Patch #245115 by kkaefer, John Morahan, JohnAlbin et al: after a long discussion we've decided to make the concatenation operator consistent with the other operators.
- Patch #218116 by greggles: document session_save_session().
- Patch #221364 by chx: removed PHP 4.3 workaround. Oh, yeah.
#218116 by greggles: better documentation for session_save_session() for security education
#203274 by Pasqualle: remove excessive witespace from our code (minor)
security fixes forward ported from Drupal 5.2 - previously not committed parts of http://drupal.org/cvs?commit=74833
- Patch #163191 by hswong3i: removed db_num_rows() for compatibility with Oracle and DB2. Also a performance improvement.
Drupal 5.2
- Patch #40545 by Moshe: reduces contention in the users table.
- Patch #142773 by kbahey: made Drupal work correctly when behind a reverse proxy.
- Patch #139517 by Grugnog2: improved code comment. Backport from HEAD.
- Patch #139517 by Grugnog2: improved code comment.
#130971: Kitchen sink (E_NOTICE compliance / Code style / Bugfix in book toc)
#93945, Session handler executed after object is destructed, backport to 4.6
#87372, duplicate session cookies prevent login, backport
- Patch #90612 by Bart Jansens: user_logout should only end the current session.
#93945, Session handler executed after $user object is destructed, backport from HEAD
#93945 by chx. Save sessions before objects are destroyed on some configurations.
#91046 by jvandyk. Fix handling of expired sessions.
- Patch #87372 by drumm: Broken login
- Patch #87372 by crunchywelch: work around PHP session bug.
- Patch #77936 by moshe and rdouglass: pluggable session handling.
#79511 by timcn. Clean up some notices.
- Patch #79166 by hunmonk: fixed session breakage.
- Patch #node/76931 by Robert: improved performance of Drupal's session handling.
#61802 by Zen, Double spaced sentences clean up
#58166, fixes for typos, patch by Uwe Herrmann
- Patch #41870 by fgm: improved debugging support.
- Pach #44947 by Moshe: fixed bug with session handling.
- Patch #44947 by rkerr / Moshe: fixed race condition in session handling, reduced query overhead of session handling, reduced database overhead of session handling.
- Patch #44379 by Moshe: code improvements: always grant the 'authenticated user' role to authenticated users. Fixed glitch with udpate path.
- Patch 42115 by Cvbge/ m3avrck: improved performance of session loading.
- Patch #40393 by Richard: corrected permissions of menu/path settings on the content submission form.
- Patch #35354 by Moshe/chx: only update the last access time for authenticated users.
- Patch #30676 by robertgarrigos: make the logout feature work.
- Patch #29143 by Cvbge: fixed invalid query in session handling when using PostgreSQL.
- Patch #29385 by chx: no ?> add end of files.
- Always use the database abstraction layer.
- Patch by Thomas: always use db abstraction layer
- Patch by Thomas: always use db abstraction layer
- Patch #18213 by chx: boostrap system. Modified to work with HEAD, tidied
up the documentation a little.
chx: can you double-check whether the global $conf variable is secure?
(That is, make sure it can't be send using the URL or something.)
- User module improvements: added an 'access' column to the users-table to
keep track of the user's last access. In turn, this allowed me to:
1. Optimize the "Who's online" block. On drupal.org, the "Who's online"
block requires 32 SQL queries. With this patch, only 2 queries are
left (eliminated 30 SQL queries), and one of the two remaining queries
became appr. 20 times faster.
2. Correct the "Last access" column in the user administration overview
table. The presented data was not accurate, which led to the column
being removed. You can now sort users by 'last access'.
- Patch #19298 by Jeremy: loose caching! Drupal's existing caching mechanism doesn't perform well on highly dynamic websites in which the cache is flushed frequently. One example is a site that is under attack by a spambot that is posting spam comments every few seconds, causing all cached pages to be flushed every few seconds. Loose caching immediately flushes the cache only for specific users who have modified cached data (whether or not they are logged in), delaying the flushing of data for other users by several minutes. (I rewrote the help text a bit and made minor changes to the code comments.)
- Simplified the session code (PostgreSQL update).
- Missing '>' (reported by Goba)
#17747: PGSQL improvements
- Patch #15399 by adschar: fixed PHP5 error when a new session is inserted into the session table. (Better fix.)
- Patch #15399 by adschar: fixed PHP5 error when a new session is inserted into the session table.
- Patch #15399 by adschar: fixed PHP5 error when a new session is inserted into the session table.
- Performance improvement: made 'sid' the primary key of the sessions table. That should improve performance of session handling as well improve performance of the "Who's online"-block. Drupal.org's sessions table contains appr. 40.000 sessions on a slow day and rendering the "Who's online"-block became a performance bottleneck. This change has yet to be tested on a busy site so things might go wrong.
- Patch by JonBob: for consistency and readability, add brief descriptions of each source file inside the @file comment block at the head of the file. This helps with Doxygen indexing, and also allows neophytes to see what a file does immediately on opening the source, regardless of the organization of the hooks.
- Added support for multiple user roles. Patch by Jim Hriggs.
- Fixed bug in session query that prevented sessions to work on PostgreSQL. Patch by Adrian.
- Patch 4859: new drupal_unpack() consolidates duplicate code and makes it easy to show avatars next to nodes and comments. Patch by Moshe. As a showcase, maybe Xtemplate should have an option to enable/disable avatars?
- Fixed bug 4745: undefined warning in sess_read().
- Fixed race condition in session handler. Patch by Kjartan.
- Fixes bug #4100: First visit to site results in 'access denied' page. - Fixed sess_write(). - Removed dead code in index.php.
- Improved module loading when serving cached pages. Moshe's bootstrap patch. - Used legend and fieldset tags for the configuration page.
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, select a symbolic revision name using the selection box, or choose 'Use Text Field' and enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.2 |