Commits · 5fc563e3153f4a21a443f48e9e23c27e88b81ed9 · docker / osticket

Sep 11, 2013
- Add random string generator to Crypto lib to replace Crypt_Random which uses · f6371942
  Peter Rotich authored 11 years ago
```
and restarts PHP SESSION
```
  f6371942
Aug 30, 2013

Don't log the user out after changing account info · 75c80484

Jared Hancock authored 11 years ago

Also include
  * username validation -- no spaces or weird chars
  * no longer base64 encoded sha1-hex hash for CSRF token
  * refresh login page every two hours to keep session active

75c80484

Feb 19, 2013
- Update copyright (c) to 2013! · 252c9ca7
  Peter Rotich authored 12 years ago
  
  252c9ca7
Jul 20, 2012
- make lint tool happy · abbb268e
  Peter Rotich authored 12 years ago
  
  abbb268e
- Add real class to handle CSRF protection · 50258951
  Peter Rotich authored 12 years ago
  
  50258951
Jun 23, 2012
- Don't forget the staff login and emailtest pages · 821d7b0e
  Jared Hancock authored 12 years ago
  
  821d7b0e
Jun 20, 2012

Implement simple CSRF protection scheme · ff1d8b9e

Jared Hancock authored 12 years ago

Protect againts cross-site request forgery attacks by requiring a special
form-field or header to be sent with requests that modify ticket system
data.

This meant a slight change to the AJAX ticket locking mechanism. It was
defined to lock with a GET request; however, GET requests are defined as
safe methods and should not modify backend data (such as a lock
acquisition). Therefore, the the lock acquire AJAX method was changed to
require a POST method.

Also remove old, no-longer-used staff panel include files

ff1d8b9e