Commit graph

86 commits

Author SHA1 Message Date
Bjoern Schiessle
902c649dad use new sanitize HTML function backported
Conflicts:

	lib/template.php
2012-06-20 16:59:51 +02:00
Bjoern Schiessle
0074062b53 fixed xss vulnerability 2012-06-15 16:16:00 +02:00
Thomas Tanghus
f589df7366 Redirect HTTP Auth requests to REQUEST_URI. Partial fix for http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-874 2012-06-13 18:31:36 +02:00
Michael Gapczynski
90cbc32c77 Fix redirect after login, prevent open redirects 2012-05-18 16:56:48 -04:00
Michiel de Jong
1a874b4c56 make redirect safe by restricting it to current host 2012-05-18 15:32:41 +02:00
Michiel de Jong
9b5e8a2c63 fix redirect to desired page after login 2012-05-18 15:11:01 +02:00
Georg Ehrke
b35c6b57a9 allow loading of css files even if a user isn't logged in 2012-05-17 21:56:33 +02:00
Georg Ehrke
232788396d some changes for login 2012-05-11 16:43:45 +02:00
Michael Gapczynski
051442bc76 Sanitize redirect urls 2012-05-08 17:41:50 -04:00
Bart Visscher
4dbc2093c6 Create a function for linking to remote.php 2012-05-07 21:47:14 +02:00
Georg Ehrke
e33b12a375 fix path of webdav 2012-05-07 12:07:39 +02:00
Frank Karlitschek
d2b0de614e fix an XSS bug 2012-05-06 23:06:38 +02:00
Georg Ehrke
da03d05700 create folder 'remote' for the remote services like caldav, carddav and webdav 2012-05-02 16:41:23 +02:00
Georg Ehrke
657d02371c fix login 2012-04-27 14:55:26 +02:00
Georg Ehrke
993d655aad Merge branch 'master' into movable_apps_2 2012-04-27 10:30:50 +02:00
Frank Karlitschek
74b5e22a68 some more csrf fixes 2012-04-26 23:17:46 +02:00
Georg Ehrke
3f64eb25ab some fixes fore movable apps 2012-04-26 14:52:55 +02:00
Georg Ehrke
2e85313701 optimize code 2012-04-19 22:26:36 +02:00
Georg Ehrke
85019887df add loading of files 2012-04-19 16:44:49 +02:00
Georg Ehrke
3e0e6e35f4 open app thru index.php 2012-04-18 08:20:51 +02:00
Arthur Schiwon
30d524b426 load apps before logout so that logout-hook works 2012-02-20 11:21:46 +01:00
Bart Visscher
f47444e1f7 Use separate function to make absolute urls 2012-02-17 22:07:14 +01:00
Thomas Tanghus
f3e8776dc6 Merge git://gitorious.org/owncloud/owncloud into tanghus_remote_backup 2011-12-16 17:43:06 +01:00
Robin Appelman
a862fec9a3 make remember login token also dependent on password to protect against some brute force attacks on this token 2011-12-14 13:26:34 +01:00
Thomas Olsen
21d613cbc6 Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it.
Fixed indentation in /index.php
2011-12-01 02:02:45 +01:00
Robin Appelman
b0127e3918 use OC_Log instead of error_log 2011-10-16 21:42:24 +02:00
Robin Appelman
9a5af50f32 Merge commit 'refs/merge-requests/59' of git://gitorious.org/owncloud/owncloud 2011-10-14 20:34:36 +02:00
Patrick Stricker
2cc5f5e19e made work with http authentication kind of sso login 2011-10-13 10:04:39 +02:00
Thomas Schmidt
e710bcb6d3 add owncloud autosetup option 2011-10-10 11:48:58 +02:00
Marvin Thomas Rabe
4bcb6f5346 remeber cookie bug fixed 2011-10-04 19:41:00 +02:00
Marvin Thomas Rabe
33f24a42b8 redirect url fixed 2011-10-04 19:27:57 +02:00
Marvin Thomas Rabe
6d8985ceb2 added infield labels. readded fade in of login button. updated label on install page. 2011-10-03 14:41:55 +02:00
Marvin Thomas Rabe
481a37fcf3 Show database only in advanced 2011-10-03 13:32:16 +02:00
Marvin Thomas Rabe
c943f48547 fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 11:08:49 +02:00
Bart Visscher
21a88613a1 Merge branch 'lostpassword'
Conflicts:
	core/templates/login.php
	index.php
	lib/util.php
2011-09-30 23:48:20 +02:00
Marvin Thomas Rabe
ccfa2dd24c Error when only oc_remember_login cookie set fixed.
Filled username field when oc_username is set repaired.
Problems with "advanced settings" button in installation wizard fixed.
CSS improved - login and installation now looks more clean.
Request password link removed (email feature not implemented yet).
Database radio button bugs removed.
It is possible to have an empty database password, now ownCloud will support this "security issue".
Ignore Mac OS X ".DSstore" files.
Fade in/out of login button and remember checkbox removed due to some display errors.
2011-09-30 18:25:34 +02:00
Frank Karlitschek
bf3248bee9 remove warning by check cookie before accessing it. 2011-09-27 15:31:30 +02:00
Bart Visscher
950d4e1da4 Move lostpassword code to own app 2011-09-26 21:17:26 +02:00
Bart Visscher
aae6881494 Move display of login page to function in OC_Util 2011-09-26 21:17:17 +02:00
Robin Appelman
3bccebacbc prevent people from triggering the setup manually 2011-09-24 19:06:08 +02:00
Florian Pritz
8648e3c43c only call error_log() if DEBUG is true
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-09-24 18:41:47 +02:00
Bart Visscher
e990ef3542 Move some common code to OC_Util
Created the following function:
 - checkLoggedIn
 - checkAdminUser
 - redirectToDefaultPage
2011-09-18 21:31:56 +02:00
Bart Visscher
8966ed5a00 Cleanup lib/base.php 2011-09-18 20:57:05 +02:00
Bart Visscher
82c7598861 Remove global vars and use the OC static version.
Removed global vars are DOCUMENTROOT, SERVERROOT, SUBURI, WEBROOT and CONFIG_DATADIRECTORY
2011-09-18 19:37:54 +02:00
Bartek Przybylski
94696ea7de remember changed not to store password in cookie 2011-09-18 15:05:53 +02:00
Bartek Przybylski
68e7666293 Changed behaviour of remember checkbox 2011-09-18 09:15:30 +02:00
Michael Gapczynski
1c955606a1 Initial work on resetting forgotten passwords. It works, but still need to email a token to allow reset 2011-08-29 14:37:18 -04:00
Serge Martin
7c254dd94d Exit after call to setup 2011-08-07 15:39:01 +02:00
Robin Appelman
01cecc8388 redirect index.php to files/webdav.php for webdav (PROPFIND) requests 2011-08-04 20:06:33 +02:00
Jakob Sack
bafd684eb6 Renaming classes :-) 2011-07-29 21:36:03 +02:00