Tomas Polesovsky's commits on svn://svn.liferay.com/repos/public/portal/trunk. Tomas Polesovsky's commits on svn://svn.liferay.com/repos/public/portal/trunk. Revision 178547 Tomas Polesovsky 2013-12-11T05:16:59Z 2013-12-11T05:16:59Z LPS-42782 Tomas Polesovsky 2013-12-11T05:16:59Z Revision 178543 Tomas Polesovsky 2013-12-11T05:16:50Z 2013-12-11T05:16:50Z LPS-42786 Tomas Polesovsky 2013-12-11T05:16:50Z Revision 178542 Tomas Polesovsky 2013-12-11T05:16:46Z 2013-12-11T05:16:46Z LPS-40221 SF Tomas Polesovsky 2013-12-11T05:16:46Z Revision 178533 Tomas Polesovsky 2013-12-11T05:16:24Z 2013-12-11T05:16:24Z LPS-42824 Tomas Polesovsky 2013-12-11T05:16:24Z Revision 178532 Tomas Polesovsky 2013-12-11T05:16:21Z 2013-12-11T05:16:21Z LPS-42823 Tomas Polesovsky 2013-12-11T05:16:21Z Revision 178067 Tomas Polesovsky 2013-12-04T05:27:58Z 2013-12-04T05:27:58Z Remove unused code, the condition always evaluates to TRUE. This removes false-positive XSS<br />Simplify logic in control_panel.jsp - remove unused code<br /><a href="http://svn.liferay.com/changelog/portal/?cs=178067"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-42714"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-12-04T05:27:58Z Revision 178041 Tomas Polesovsky 2013-12-04T05:26:58Z 2013-12-04T05:26:58Z LPS-40221 Apply to portal code Tomas Polesovsky 2013-12-04T05:26:58Z Revision 178039 Tomas Polesovsky 2013-12-04T05:26:53Z 2013-12-04T05:26:53Z LPS-40221 Apply to <liferay-ui:logo-selector /> Tomas Polesovsky 2013-12-04T05:26:53Z Revision 178037 Tomas Polesovsky 2013-12-04T05:26:48Z 2013-12-04T05:26:48Z LPS-40221 Disable portraits enumeration Tomas Polesovsky 2013-12-04T05:26:48Z Revision 178036 Tomas Polesovsky 2013-12-04T05:26:45Z 2013-12-04T05:26:45Z LPS-40221 Add users.image.portrait.enumeration.check Tomas Polesovsky 2013-12-04T05:26:45Z Revision 178034 Tomas Polesovsky 2013-12-04T05:26:40Z 2013-12-04T05:26:40Z LPS-42682 Tomas Polesovsky 2013-12-04T05:26:40Z Revision 178032 Tomas Polesovsky 2013-12-04T05:26:37Z 2013-12-04T05:26:37Z LPS-42689 Tomas Polesovsky 2013-12-04T05:26:37Z Revision 178000 Tomas Polesovsky 2013-12-04T05:25:25Z 2013-12-04T05:25:25Z LPS-42711 Tomas Polesovsky 2013-12-04T05:25:25Z Revision 177661 Tomas Polesovsky 2013-11-27T05:05:20Z 2013-11-27T05:05:20Z LPS-42539 Fix XSS issues Tomas Polesovsky 2013-11-27T05:05:20Z Revision 177606 Tomas Polesovsky 2013-11-27T05:03:10Z 2013-11-27T05:03:10Z Regenerate<br />Add UserLocalServiceImpl#fetchUserByPortraitId<br /><a href="http://svn.liferay.com/changelog/portal/?cs=177606"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-42616"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-11-27T05:03:10Z Revision 177604 Tomas Polesovsky 2013-11-27T05:03:04Z 2013-11-27T05:03:04Z Add UserLocalServiceImpl.fetchUserByPortraitId<br />Add UserLocalServiceImpl#fetchUserByPortraitId<br /><a href="http://svn.liferay.com/changelog/portal/?cs=177604"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-42616"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-11-27T05:03:04Z Revision 176363 Tomas Polesovsky 2013-11-15T05:18:41Z 2013-11-15T05:18:41Z Portlet preferences are optional to exist<br />Could not edit a blog in search portlet context<br /><a href="http://svn.liferay.com/changelog/portal/?cs=176363"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-42095"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-11-15T05:18:41Z Revision 176066 Tomas Polesovsky 2013-11-13T04:09:27Z 2013-11-13T04:09:27Z Exchange Random with SecureRandomUtil for SecureRandom<br />Apply portal's SecureRandom where appropriate<br /><a href="http://svn.liferay.com/changelog/portal/?cs=176066"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-42186"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-11-13T04:09:27Z Revision 176002 Tomas Polesovsky 2013-11-13T04:07:00Z 2013-11-13T04:07:00Z LPS-42185 To generate passwords from provided keys use complete space Tomas Polesovsky 2013-11-13T04:07:00Z Revision 173949 Tomas Polesovsky 2013-10-26T00:47:40Z 2013-10-26T00:47:40Z Fix possible NPE<br />Upgrade from 6.1 to 6.2 fails on NPE in UpgradePortletPreferences<br /><a href="http://svn.liferay.com/changelog/portal/?cs=173949"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-41688"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-10-26T00:47:40Z Revision 173658 Tomas Polesovsky 2013-10-25T06:15:28Z 2013-10-25T06:15:28Z LPS-41427 Deny access to beanIdentifier from JSON services Tomas Polesovsky 2013-10-25T06:15:28Z Revision 173656 Tomas Polesovsky 2013-10-25T06:15:19Z 2013-10-25T06:15:19Z LPS-39799 LPS-39793 Create portlet preferences only for regularly displayed portlets. Undeployed and on-demand portlets should not register themselves to the page as embedded. Tomas Polesovsky 2013-10-25T06:15:19Z Revision 173655 Tomas Polesovsky 2013-10-25T06:15:14Z 2013-10-25T06:15:14Z LPS-41430 Force content type that was used for inline content disposition Tomas Polesovsky 2013-10-25T06:15:14Z Revision 172642 Tomas Polesovsky 2013-10-17T04:15:44Z 2013-10-17T04:15:44Z Refactor unused code<br />Users cannot view the permissions of a Blogs entry that they created<br /><a href="http://svn.liferay.com/changelog/portal/?cs=172642"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-41108"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-10-17T04:15:44Z Revision 172641 Tomas Polesovsky 2013-10-17T04:15:43Z 2013-10-17T04:15:43Z Don't create portlet preferences. EditPermissionAction use portletResource to identify an object of permissions assignment.<br />Users cannot view the permissions of a Blogs entry that they created<br /><a href="http://svn.liferay.com/changelog/portal/?cs=172641"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-41108"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-10-17T04:15:43Z Revision 172627 Tomas Polesovsky 2013-10-17T04:15:26Z 2013-10-17T04:15:26Z JSONServiceAction is a part of our web service stack, we need to check remote access<br />Remote services can be executed by unauthenticated user using JSONServiceAction<br /><a href="http://svn.liferay.com/changelog/portal/?cs=172627"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-38353"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-10-17T04:15:26Z Revision 172370 Tomas Polesovsky 2013-10-16T04:26:22Z 2013-10-16T04:26:22Z Use LayoutRevision plid to get portlets preferences in a Layout<br />CSS for Staging Bar is not loaded<br /><a href="http://svn.liferay.com/changelog/portal/?cs=172370"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-41287"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-10-16T04:26:22Z Revision 171813 Tomas Polesovsky 2013-10-11T04:24:31Z 2013-10-11T04:24:31Z LPS-41142 Fix SaveAction Tomas Polesovsky 2013-10-11T04:24:31Z Revision 171811 Tomas Polesovsky 2013-10-11T04:24:30Z 2013-10-11T04:24:30Z LPS-41037 Fix AssetPublisherImpl, it's used by several other portlet actions Tomas Polesovsky 2013-10-11T04:24:30Z Revision 171809 Tomas Polesovsky 2013-10-11T04:24:28Z 2013-10-11T04:24:28Z LPS-41036 Fix EditQuestionAction Tomas Polesovsky 2013-10-11T04:24:28Z Revision 171777 Tomas Polesovsky 2013-10-11T04:23:58Z 2013-10-11T04:23:58Z LPS-41034 Fix EditFileEntryAction Tomas Polesovsky 2013-10-11T04:23:58Z Revision 171776 Tomas Polesovsky 2013-10-11T04:23:56Z 2013-10-11T04:23:56Z LPS-41035 Fix TrackbackAction Tomas Polesovsky 2013-10-11T04:23:56Z Revision 171756 Tomas Polesovsky 2013-10-11T04:23:02Z 2013-10-11T04:23:02Z LPS-41033 Fix EditRecordSetAction Tomas Polesovsky 2013-10-11T04:23:02Z Revision 171755 Tomas Polesovsky 2013-10-11T04:23:00Z 2013-10-11T04:23:00Z LPS-41032 Fix EditArticleAction Tomas Polesovsky 2013-10-11T04:23:00Z Revision 171753 Tomas Polesovsky 2013-10-11T04:22:57Z 2013-10-11T04:22:57Z LPS-41031 Fix EditTemplateAction Tomas Polesovsky 2013-10-11T04:22:57Z Revision 171752 Tomas Polesovsky 2013-10-11T04:22:54Z 2013-10-11T04:22:54Z Use StringUtil.randomId() to generate HTML namespace or ids<br />Alloy "navs" use PwdGenerator to generate HTML ids<br /><a href="http://svn.liferay.com/changelog/portal/?cs=171752"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-41130"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-10-11T04:22:54Z Revision 171503 Tomas Polesovsky 2013-10-09T04:52:38Z 2013-10-09T04:52:38Z LPS-41030 Create StrictPortletPreferencesImpl to identify new strict preferences record Tomas Polesovsky 2013-10-09T04:52:38Z Revision 171502 Tomas Polesovsky 2013-10-09T04:52:36Z 2013-10-09T04:52:36Z LPS-41026 Check portlet configuration permissions in EditPermissionsAction Tomas Polesovsky 2013-10-09T04:52:36Z Revision 171495 Tomas Polesovsky 2013-10-09T04:52:28Z 2013-10-09T04:52:28Z LPS-38315 Fix UpdateEmailAddressAction Tomas Polesovsky 2013-10-09T04:52:28Z Revision 171465 Tomas Polesovsky 2013-10-09T04:51:48Z 2013-10-09T04:51:48Z LPS-35935 Rename CSRF context to CSRF origin Tomas Polesovsky 2013-10-09T04:51:48Z Revision 171463 Tomas Polesovsky 2013-10-09T04:51:45Z 2013-10-09T04:51:45Z LPS-35935 Extend CSRF context whitelist sensitivity for JSON API Tomas Polesovsky 2013-10-09T04:51:45Z Revision 171462 Tomas Polesovsky 2013-10-09T04:51:44Z 2013-10-09T04:51:44Z LPS-35935 CSRF context whitelist hook support Tomas Polesovsky 2013-10-09T04:51:44Z Revision 171461 Tomas Polesovsky 2013-10-09T04:51:42Z 2013-10-09T04:51:42Z LPS-35935 CSRF context whitelist implementation Tomas Polesovsky 2013-10-09T04:51:42Z Revision 171460 Tomas Polesovsky 2013-10-09T04:51:40Z 2013-10-09T04:51:40Z LPS-35935 CSRF context whitelist preparation - no change Tomas Polesovsky 2013-10-09T04:51:40Z Revision 171459 Tomas Polesovsky 2013-10-09T04:51:35Z 2013-10-09T04:51:35Z LPS-35935 Context sensitive CSRF checking - update usages Tomas Polesovsky 2013-10-09T04:51:35Z Revision 171458 Tomas Polesovsky 2013-10-09T04:51:34Z 2013-10-09T04:51:34Z LPS-35935 Context sensitive CSRF checking - impl Tomas Polesovsky 2013-10-09T04:51:34Z Revision 171457 Tomas Polesovsky 2013-10-09T04:51:32Z 2013-10-09T04:51:32Z LPS-35935 Context sensitive CSRF checking - portal-service no change Tomas Polesovsky 2013-10-09T04:51:32Z Revision 171455 Tomas Polesovsky 2013-10-09T04:51:17Z 2013-10-09T04:51:17Z LPS-39735 Check portlet configuration permission before creating portlet preferences Tomas Polesovsky 2013-10-09T04:51:17Z Revision 171454 Tomas Polesovsky 2013-10-09T04:51:15Z 2013-10-09T04:51:15Z LPS-40946 Portlets with invalid id should not be processed at all Tomas Polesovsky 2013-10-09T04:51:15Z Revision 170438 Tomas Polesovsky 2013-10-02T03:24:57Z 2013-10-02T03:24:57Z LPS-39731 Fix SourceFormatter Tomas Polesovsky 2013-10-02T03:24:57Z Revision 170437 Tomas Polesovsky 2013-10-02T03:24:56Z 2013-10-02T03:24:56Z LPS-39731 Remove unused portlet Tomas Polesovsky 2013-10-02T03:24:56Z Revision 170436 Tomas Polesovsky 2013-10-02T03:24:55Z 2013-10-02T03:24:55Z LPS-39731 RateEntryAction is invoked only from taglibs to perform the taglib cross-portlet action. Should not be bound to a specific portlet that is never used anywhere else. Tomas Polesovsky 2013-10-02T03:24:55Z Revision 170431 Tomas Polesovsky 2013-10-02T03:24:48Z 2013-10-02T03:24:48Z API for disabling browser XSS Auditor<br />Blank page after adding a Web content with Video/Audio through Web Content Display portlet<br /><a href="http://svn.liferay.com/changelog/portal/?cs=170431"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-40408"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-10-02T03:24:48Z Revision 170430 Tomas Polesovsky 2013-10-02T03:24:47Z 2013-10-02T03:24:47Z Allow X-XSS-Protection to have configurable values, use "X-XSS-Protection: 1" to keep backwards compatibility<br />Blank page after adding a Web content with Video/Audio through Web Content Display portlet<br /><a href="http://svn.liferay.com/changelog/portal/?cs=170430"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-40408"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-10-02T03:24:47Z Revision 170429 Tomas Polesovsky 2013-10-02T03:24:46Z 2013-10-02T03:24:46Z LPS-39762 Fix vulnerable portletIds Tomas Polesovsky 2013-10-02T03:24:46Z Revision 170428 Tomas Polesovsky 2013-10-02T03:24:44Z 2013-10-02T03:24:44Z LPS-39762 SecurityPortletContainerWrapper should allow to invoke only portlets with valid id (prevent XSS in <portlet:namespace />) Tomas Polesovsky 2013-10-02T03:24:44Z Revision 168005 Tomas Polesovsky 2013-09-13T17:44:15Z 2013-09-13T17:44:15Z Use HTTPS for login URL when company.security.auth.requires.https=true<br />After changing language user sign in is not redirected to https when company.security.auth.requires.https=true<br /><a href="http://svn.liferay.com/changelog/portal/?cs=168005"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-38634"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-09-13T17:44:15Z Revision 167415 Tomas Polesovsky 2013-09-10T17:54:39Z 2013-09-10T17:54:39Z LPS-39793 Disallow undeployed portlets to be invoked by portlet container Tomas Polesovsky 2013-09-10T17:54:39Z Revision 167382 Tomas Polesovsky 2013-09-10T17:53:23Z 2013-09-10T17:53:23Z LPS-35458 Tomas Polesovsky 2013-09-10T17:53:23Z Revision 167233 Tomas Polesovsky 2013-09-10T04:57:24Z 2013-09-10T04:57:24Z LPS-39057 Remove unused code Tomas Polesovsky 2013-09-10T04:57:24Z Revision 167232 Tomas Polesovsky 2013-09-10T04:57:23Z 2013-09-10T04:57:23Z LPS-39057 Use bundleId for javascript bundles cache file name Tomas Polesovsky 2013-09-10T04:57:23Z Revision 166479 Tomas Polesovsky 2013-09-04T04:12:02Z 2013-09-04T04:12:02Z Protect "remember me" cookies against attacks on WebKeys.HTTPS_INITIAL<br />Protect "remember me" cookies against attacks on WebKeys.HTTPS_INITIAL<br /><a href="http://svn.liferay.com/changelog/portal/?cs=166479"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-33780"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-09-04T04:12:02Z Revision 166335 Tomas Polesovsky 2013-09-04T04:08:53Z 2013-09-04T04:08:53Z LPS-39482 Escape backLabel Tomas Polesovsky 2013-09-04T04:08:53Z Revision 166045 Tomas Polesovsky 2013-08-30T05:04:27Z 2013-08-30T05:04:27Z LPS-38702 Limit assignment of roles per each role type Tomas Polesovsky 2013-08-30T05:04:27Z Revision 165862 Tomas Polesovsky 2013-08-29T03:43:15Z 2013-08-29T03:43:15Z LPS-39202 Support for X-XSS-Protection header Tomas Polesovsky 2013-08-29T03:43:15Z Revision 165859 Tomas Polesovsky 2013-08-29T03:43:13Z 2013-08-29T03:43:13Z LPS-39202 Support for X-Frame-Options header Tomas Polesovsky 2013-08-29T03:43:13Z Revision 165858 Tomas Polesovsky 2013-08-29T03:43:11Z 2013-08-29T03:43:11Z LPS-39202 Support for X-Content-Type-Options header Tomas Polesovsky 2013-08-29T03:43:11Z Revision 165856 Tomas Polesovsky 2013-08-29T03:43:10Z 2013-08-29T03:43:10Z LPS-39202 Rebase on master Tomas Polesovsky 2013-08-29T03:43:10Z Revision 164896 Tomas Polesovsky 2013-08-23T01:59:55Z 2013-08-23T01:59:55Z LPS-38702 Limit assignment of roles per each role type Tomas Polesovsky 2013-08-23T01:59:55Z Revision 162951 Tomas Polesovsky 2013-08-09T20:07:41Z 2013-08-09T20:07:41Z LPS-35724 Use SecureRandom for generating temp file names Tomas Polesovsky 2013-08-09T20:07:41Z Revision 162950 Tomas Polesovsky 2013-08-09T20:07:40Z 2013-08-09T20:07:40Z LPS-35724 Use StringUtil.randomString() where we don't need SecureRandom Tomas Polesovsky 2013-08-09T20:07:40Z Revision 162949 Tomas Polesovsky 2013-08-09T20:07:38Z 2013-08-09T20:07:38Z LPS-35724 Use StringUtil.randomId() for creating portlet namespaces, HTML ids etc. We don't need SecureRandom here Tomas Polesovsky 2013-08-09T20:07:38Z Revision 162947 Tomas Polesovsky 2013-08-09T20:07:36Z 2013-08-09T20:07:36Z LPS-35724 Use getPassword() instead of getSecurePassword() Tomas Polesovsky 2013-08-09T20:07:36Z Revision 162946 Tomas Polesovsky 2013-08-09T20:07:35Z 2013-08-09T20:07:35Z LPS-35724 Fix getPassword() to be secure, remove getSecurePassword() Tomas Polesovsky 2013-08-09T20:07:35Z Revision 162945 Tomas Polesovsky 2013-08-09T20:07:34Z 2013-08-09T20:07:34Z LPS-35724 New methods for generating random strings Tomas Polesovsky 2013-08-09T20:07:34Z Revision 161809 Tomas Polesovsky 2013-08-02T05:26:16Z 2013-08-02T05:26:16Z LPS-36654 SF Tomas Polesovsky 2013-08-02T05:26:16Z Revision 160643 Tomas Polesovsky 2013-07-26T03:18:50Z 2013-07-26T03:18:50Z LPS-36651 Apply headers neutralization - wrap response in InvokerFilter Tomas Polesovsky 2013-07-26T03:18:50Z Revision 160641 Tomas Polesovsky 2013-07-26T03:18:48Z 2013-07-26T03:18:48Z LPS-36651 Sanitize headers the same way as Tomcat - see org.apache.coyote.http11.AbstractOutputBuffer.write(String) Tomas Polesovsky 2013-07-26T03:18:48Z Revision 160640 Tomas Polesovsky 2013-07-26T03:18:47Z 2013-07-26T03:18:47Z LPS-36651 Rename SecureServletResponseWrapper into SecureHttpServletResponseWrapper - no change Tomas Polesovsky 2013-07-26T03:18:47Z Revision 160638 Tomas Polesovsky 2013-07-26T03:18:45Z 2013-07-26T03:18:45Z LPS-36651 Secure all methods that create HTTP headers Tomas Polesovsky 2013-07-26T03:18:45Z Revision 159202 Tomas Polesovsky 2013-07-24T19:36:02Z 2013-07-24T19:36:02Z Standard Basic auth should be forbidden for TunnelServlet<br />Remote staging doesn't work<br /><a href="http://svn.liferay.com/changelog/portal/?cs=159202"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37772"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-24T19:36:02Z Revision 159200 Tomas Polesovsky 2013-07-24T19:36:00Z 2013-07-24T19:36:00Z Log remote exceptions correctly<br />Remote staging doesn't work<br /><a href="http://svn.liferay.com/changelog/portal/?cs=159200"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37772"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-24T19:36:00Z Revision 159198 Tomas Polesovsky 2013-07-24T19:35:59Z 2013-07-24T19:35:59Z TunnelingServletAuthVerifier must be used before BasicAuthHeaderAutoLogin<br />Remote staging doesn't work<br /><a href="http://svn.liferay.com/changelog/portal/?cs=159198"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37772"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-24T19:35:59Z Revision 157350 Tomas Polesovsky 2013-07-04T20:40:42Z 2013-07-04T20:40:42Z Create tokens in session only when required<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157350"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:42Z Revision 157349 Tomas Polesovsky 2013-07-04T20:40:41Z 2013-07-04T20:40:41Z Add p_auth token only when necessary<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157349"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:41Z Revision 157348 Tomas Polesovsky 2013-07-04T20:40:40Z 2013-07-04T20:40:40Z Add p_p_auth token only when necessary<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157348"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:40Z Revision 157347 Tomas Polesovsky 2013-07-04T20:40:39Z 2013-07-04T20:40:39Z Remove unused variable - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157347"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:39Z Revision 157346 Tomas Polesovsky 2013-07-04T20:40:38Z 2013-07-04T20:40:38Z Security check for p_p_auth token - impl<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157346"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:38Z Revision 157345 Tomas Polesovsky 2013-07-04T20:40:36Z 2013-07-04T20:40:36Z Security check for p_p_auth token - portal-service - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157345"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:36Z Revision 157344 Tomas Polesovsky 2013-07-04T20:40:35Z 2013-07-04T20:40:35Z Centralize p_auth whitelist check - impl<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157344"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:35Z Revision 157343 Tomas Polesovsky 2013-07-04T20:40:34Z 2013-07-04T20:40:34Z Centralize p_auth whitelist check - portal-service - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157343"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:34Z Revision 157342 Tomas Polesovsky 2013-07-04T20:40:33Z 2013-07-04T20:40:33Z Centralize p_auth whitelist - Plugins SDK Hook support for the whitelists<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157342"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:33Z Revision 157341 Tomas Polesovsky 2013-07-04T20:40:31Z 2013-07-04T20:40:31Z Centralize p_auth whitelist - deprecate Portal.getAuthTokenIgnore*() methods - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157341"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:31Z Revision 157340 Tomas Polesovsky 2013-07-04T20:40:30Z 2013-07-04T20:40:30Z Centralize p_auth whitelist - impl<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157340"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:30Z Revision 157339 Tomas Polesovsky 2013-07-04T20:40:29Z 2013-07-04T20:40:29Z Centralize p_auth whitelist - portal-service - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157339"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:29Z Revision 157338 Tomas Polesovsky 2013-07-04T20:40:28Z 2013-07-04T20:40:28Z Centralize whitelist check for p_p_auth token - impl<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157338"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:28Z Revision 157337 Tomas Polesovsky 2013-07-04T20:40:26Z 2013-07-04T20:40:26Z Centralize whitelist check for p_p_auth token - portal-service - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157337"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:26Z Revision 157336 Tomas Polesovsky 2013-07-04T20:40:25Z 2013-07-04T20:40:25Z Rename AuthTokenWhitelist.whitelist* into AuthTokenWhitelist.portletInvocationWhitelist* - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157336"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:25Z Revision 157335 Tomas Polesovsky 2013-07-04T20:40:23Z 2013-07-04T20:40:23Z Move AuthTokenWhitelist into security.auth package - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157335"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:23Z Revision 157334 Tomas Polesovsky 2013-07-04T20:40:22Z 2013-07-04T20:40:22Z Rename PortletSecurity into AuthTokenWhitelist - no change<br />p_p_auth and p_auth tokens are unnecessarily added to URLs<br /><a href="http://svn.liferay.com/changelog/portal/?cs=157334"><img border="0" src="/social-coding-portlet/icons/svn.png" />SVN</a><br /><a href="https://issues.liferay.com/browse/LPS-37055"><img border="0" src="/social-coding-portlet/icons/jira.png" />JIRA</a> Tomas Polesovsky 2013-07-04T20:40:22Z