Better validation when config.php does not exist
Update docs and quote password
only populate legacy vars in config_to_json
drop .travis.yml config copy
remove credentials from config.php.default
Check for existance of .env instead of config.php in python scripts
legacy credential cleanup
tiny cleanups
consistent env for artisan server and artisan dusk
Override symfony 60s execution timeout. Allows the capture page to output discovery and poller process results, if the process lasts longer than 60s.
Similar fix to commit 561e2fb6e2
* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)
Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input
* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
