Merge master into ocs_api

diff --cc lib/app.php
index 620732f60061e763d99556c22254d89d469a1b23,c9329df91d1754923b047c7589014fb927761a76..3d2ceb1729f8302554bfc90419c00246d5448857
mode 100644,100755..100644
--- 1/lib/app.php
--- 2/lib/app.php
+++ b/lib/app.php

diff --cc lib/base.php
index 2b05fd7f9ea315d60f69d673d4163b0c4d3db985,186ed53e9808ced0932f9b83772e1afcbb47046c..d47c1d30dd0449abc4848b8fe843b3245bd163f8
--- 1/lib/base.php
--- 2/lib/base.php
+++ b/lib/base.php
@@@ -266,46 -264,33 +272,68 @@@ class OC
        }
  
        public static function initSession() {
+               // prevents javascript from accessing php session cookies
                ini_set('session.cookie_httponly', '1;');
+ 
+               // (re)-initialize session
                session_start();
+               
+               // regenerate session id periodically to avoid session fixation
+               if (!isset($_SESSION['SID_CREATED'])) {
+                       $_SESSION['SID_CREATED'] = time();
+               } else if (time() - $_SESSION['SID_CREATED'] > 900) {
+                       session_regenerate_id(true);
+                       $_SESSION['SID_CREATED'] = time();
+               }
+ 
+               // session timeout
+               if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
+                       if (isset($_COOKIE[session_name()])) {
+                               setcookie(session_name(), '', time() - 42000, '/');
+                       }
+                       session_unset();
+                       session_destroy();
+                       session_start();
+               }
+               $_SESSION['LAST_ACTIVITY'] = time();
        }
  
 -      public static function init() {
 +      public static function loadapp(){
 +              if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php')){
 +                      require_once(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/index.php');
 +              }else{
 +                      trigger_error('The requested App was not found.', E_USER_ERROR);//load default app instead?
 +              }
 +      }
 +
 +      public static function loadfile(){
 +              if(file_exists(OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . OC::$REQUESTEDFILE)){
 +                      if(substr(OC::$REQUESTEDFILE, -3) == 'css'){
 +                              $file = OC_App::getAppWebPath(OC::$REQUESTEDAPP). '/' . OC::$REQUESTEDFILE;
 +                              $minimizer = new OC_Minimizer_CSS();
 +                              $minimizer->output(array(array(OC_App::getAppPath(OC::$REQUESTEDAPP), OC_App::getAppWebPath(OC::$REQUESTEDAPP), OC::$REQUESTEDFILE)),$file);
 +                              exit;
 +                      }elseif(substr(OC::$REQUESTEDFILE, -3) == 'php'){
 +                              require_once(OC_App::getAppPath(OC::$REQUESTEDAPP). '/' . OC::$REQUESTEDFILE);
 +                      }
 +              }else{
 +                      die();
 +                      header('HTTP/1.0 404 Not Found');
 +                      exit;
 +              }
 +      }
 +
 +      public static function getRouter() {
 +              if (!isset(OC::$router)) {
 +                      OC::$router = new OC_Router();
 +                      OC::$router->loadRoutes();
 +              }
 +
 +              return OC::$router;
 +      }
 +
 +      public static function init(){
 +
                // register autoloader
                spl_autoload_register(array('OC','autoload'));
                setlocale(LC_ALL, 'en_US.UTF-8');