server

Author	SHA1	Message	Date
Lukas Reschke	63d6884e23	Sanitizing the user input to prevent a reflected XSS. Thanks to Nico Golde (ngolde.de)	2012-08-24 15:00:53 +02:00
Arthur Schiwon	eadb894eff	Fix deletion for browser that do not support onBeforeUnload, fixes oc-1534	2012-08-24 15:00:53 +02:00
Lukas Reschke	9188d2a844	Add a missing exit();	2012-08-24 15:00:53 +02:00
Lukas Reschke	4e5291c77a	Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde.	2012-08-24 15:00:53 +02:00
Lukas Reschke	1d530192b9	Disable user enumeration	2012-08-24 15:00:53 +02:00
Lukas Reschke	9917c611d3	Disable listing of all users	2012-08-24 15:00:52 +02:00
Lukas Reschke	78e8cbd52c	Check if webfinger is enabled	2012-08-24 14:58:48 +02:00
Michael Gapczynski	ffb55d5a17	Don't return file handle if the mode supports writing and the file is not writable Conflicts: apps/files_sharing/sharedstorage.php	2012-08-24 14:58:48 +02:00
Lukas Reschke	3644517b01	Missed an "echo"	2012-08-24 14:58:47 +02:00
Lukas Reschke	4f7e4c20d2	Sanitize user input	2012-08-24 14:58:47 +02:00
Georg Ehrke	2832311640	fix label for versioning in admin settings	2012-08-24 14:54:17 +02:00
Bart Visscher	5e9f92e5dd	Calendar: remove double html encoding	2012-08-24 14:54:17 +02:00
Bart Visscher	646bc1fc24	Contacts: Fix no active Addressbooks	2012-08-24 14:54:16 +02:00
Arthur Schiwon	2af7473651	LDAP: sanitize base, user and group trees. fixes oc-1302	2012-08-24 14:54:16 +02:00
Jörn Friedrich Dreyer	e13f381189	add limit support to OC_DB & OCP/DB	2012-08-01 14:59:08 +02:00
jfd	3aff7a298c	use CURRENT_TIMESTAMP in default column definitions (sqlite, mysql, postgres and oracle DO understand it), change clob columns to text (clob will give sorting and uniqueness problems and in general is not what we want)	2012-07-31 19:00:54 +02:00
jfd	727f4357fb	remove superflous index (already indexed with primary key derived from <autoincrement> by MDB2), oracle will bark on this	2012-07-31 18:54:24 +02:00
jfd	ede464f058	escape all identifiers with backticks	2012-07-31 18:53:05 +02:00
Arthur Schiwon	b523366acd	LDAP: don't die on unexpected collisions, handle empty display-name attributes properly	2012-07-30 17:30:11 +02:00
Michael Gapczynski	b9bd54bd98	Add additional error handling for emailing private links	2012-07-30 10:07:20 -04:00
Michael Gapczynski	dab708b625	Correction for 'Fix group detection for sharing in case username contains '@', fix for oc-1270'	2012-07-30 10:07:20 -04:00
Michael Gapczynski	519eb39422	Remove delete tipsy if file is deleted, fixes bug oc-958	2012-07-30 10:07:19 -04:00
Michael Gapczynski	3e183b2eea	Set filter to empty if not set by Ampache client Conflicts: apps/media/lib_ampache.php	2012-07-30 10:07:19 -04:00
Michael Gapczynski	d07b8448d1	Set the user id when authenticating user for Ampache, fixes bug oc-219	2012-07-30 10:07:19 -04:00
Michael Gapczynski	7d17c59a51	Fix group detection for sharing in case username contains '@', fix for oc-1270	2012-07-30 10:07:19 -04:00
Michael Gapczynski	f378415377	Only call mkdir() if the root folder does not exist for FTP external storage	2012-07-30 10:07:19 -04:00
Michael Gapczynski	f328f53ec1	Fix filesystem hash, no longer using basicOperation() Conflicts: lib/filesystemview.php	2012-07-30 10:07:19 -04:00
Thomas Tanghus	01f25119d5	Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4	2012-07-30 12:28:40 +02:00
Thomas Tanghus	f91783e9ab	Fix errors when no addressbook.	2012-07-30 12:28:10 +02:00
Georg Ehrke	d8aca0c78e	apply fix suggested in oc-1132 - bugfix for oc-1132	2012-07-26 18:40:12 +02:00
Georg Ehrke	8cff0d997f	convert through caldav transmitted rgba calendarcolor to rgb	2012-07-26 14:48:00 +02:00
Lukas Reschke	95936024bc	Updated packages	2012-07-26 01:12:58 +02:00
Arthur Schiwon	3c9919e475	LDAP: check if php-ldap is installed. If not, give an error output. FIX: blank Users page when the module is not installed.	2012-07-25 18:21:16 +02:00
Georg Ehrke	9b0870bb91	add some calendar sharing hooks in stable4 - bugfix for oc-1325	2012-07-25 17:02:24 +02:00
Bjoern Schiessle	73734c98e0	- remove namespace from file property name (webdav) - update script to fix broken properties in the database	2012-07-23 11:00:37 +02:00
Lukas Reschke	38271ded75	Added CSRF checks	2012-07-20 20:12:36 +02:00
Arthur Schiwon	0bd7d14b7a	Sharing: offer an option to allow sharing with everyone, i.e. do not check group memberships	2012-07-17 14:09:01 +02:00
Thomas Tanghus	9326f4f535	Added hooks for postCreateUser to add default address book and calendar. Fixes oc-1265.	2012-07-17 10:45:15 +02:00
Thomas Tanghus	f4a8c233cf	Added hook for postCreateUser. Probably fix for oc-1265. Conflicts: apps/calendar/appinfo/app.php	2012-07-17 10:35:46 +02:00
Thomas Tanghus	eb2a15d58f	Format birthday as BDAY;VALUE=DATE:YYYY-MM-DD. Fixes oc-1276.	2012-07-16 23:36:11 +02:00
Thomas Tanghus	47d50fc424	Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4	2012-07-16 21:22:07 +02:00
Thomas Tanghus	d64300251b	Corrected javascript definition.	2012-07-16 21:21:37 +02:00
Georg Ehrke	d4e2cb6e62	fix encoding fail in calendar app - bugfix for oc-1194	2012-07-16 19:53:19 +02:00
Thomas Tanghus	225726c8d9	latin1 => utf8. I thought I did this a month ago?	2012-07-16 01:41:45 +02:00
Bjoern Schiessle	50eef9a71c	update script to fix fscache	2012-07-13 15:17:36 +02:00
Michael Gapczynski	7b2ec41477	Revert santizing toaddress, because PHPMailer now throws exceptions Conflicts: apps/files_sharing/ajax/email.php	2012-07-11 19:38:57 -04:00
Michael Gapczynski	ebcf5bce3c	Sanitize toaddress for emailing private links Conflicts: apps/files_sharing/ajax/email.php	2012-07-11 19:38:56 -04:00
Lukas Reschke	d203fa2c50	Sanitizing file names	2012-07-11 19:15:11 +02:00
Robin Appelman	7f57591ef1	suppress error when using is_dir on non directory in smb backend	2012-07-10 14:20:30 +02:00
Robin Appelman	aeed130b3a	improve caching smb results a bit	2012-07-10 14:20:19 +02:00

1 2 3 4 5 ...

2405 commits