wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4698 commits 157 branches 562 tags 714 MiB
Commit graph

2405 commits

Author SHA1 Message Date
Robin Appelman
9ba467d629 fix encryption for binary files 2012-06-20 20:18:42 +02:00
Robin Appelman
0f2600e9ea add binary test case for encryption 2012-06-20 20:18:41 +02:00
Robin Appelman
e3f1507374 use absolute path for file proxies 2012-06-20 20:18:41 +02:00
Arthur Schiwon
d0dbc8beab make bookmarks bookmarklet work again, kudos to Victor Dubiniuk 2012-06-20 20:04:41 +02:00
Bjoern Schiessle
5cc75ad818 Merge branch 'stable4' of gitorious.org:owncloud/owncloud into stable4 2012-06-20 17:08:48 +02:00
Bjoern Schiessle
8e427d80d3 use sanitizeHTML() function 2012-06-20 17:00:55 +02:00
Bjoern Schiessle
0e61b5457b use new sanitizeHTML() function 2012-06-20 17:00:33 +02:00
Arthur Schiwon
a7f0811829 bookmarks: make read later-button draggable again, fixes oc-944 2012-06-20 16:31:22 +02:00
Arthur Schiwon
0289f442a8 forgotten $, incorrect subtract 2012-06-20 12:41:30 +02:00
Bart Visscher
311c2bc0d3 Calendar: Write-close session to enable parallel events.php requests 2012-06-19 23:18:26 +02:00
Bart Visscher
c260db0e9a Tasks: Fix resizing of the content part 2012-06-19 23:17:14 +02:00
Bart Visscher
0d43d6402d Tasks: Use POST for ajax calls that change data 2012-06-19 23:17:00 +02:00
Bart Visscher
cff1b6e699 Don't use substr to get first char of string 2012-06-19 23:16:17 +02:00
Arthur Schiwon
244920aeb0 LDAP: only map users within the User Base Tree 2012-06-19 01:15:58 +02:00
Thomas Tanghus
d8048414aa Removed erroneous value attributes. Partial fix for oc-1029. 2012-06-18 00:39:38 +02:00
Tom Needham
8d67ca09b5 user_migrate: remove old code 2012-06-17 12:07:16 +00:00
Thomas Tanghus
33ab91710f PDF Viewer: Double encode link. 2012-06-16 19:49:57 +02:00
Thomas Tanghus
707660b35f files_imageviewer: Double encode paths. Fixes oc-1016. 2012-06-16 18:57:51 +02:00
Georg Ehrke
fc632b5795 fix merge conflicts 2012-06-16 09:48:07 +02:00
Georg Ehrke
cbe5449f47 remove a closing php tag in calendar 2012-06-16 09:40:32 +02:00
Michael Gapczynski
ec3033a5dd Check for '\' as well when searching for parent folders, because Windows returns '\' for dirname() 2012-06-15 19:34:25 -04:00
Tom Needham
c1744d2eb6 Move user import to personal settings. Fix user migration between servers. 2012-06-15 23:17:31 +00:00
Thomas Tanghus
5c6a7172ca Files: Double encode download links. Fix for oc-1016. 2012-06-15 15:58:10 +02:00
Bjoern Schiessle
f9c34942e1 applied merge request #128: fixed some sorting and display issues with gallery app. 
This also fix bug #872 for the new gallery
 2012-06-15 10:46:29 +02:00
Arthur Schiwon
b025ff8de3 reverting 8c7fa15aaf, differs between OC3 and 4 2012-06-14 18:33:00 +02:00
Thomas Tanghus
3b58c7a407 Remove debug statements. 2012-06-14 18:03:50 +02:00
Thomas Tanghus
b6ee4c458b Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 2012-06-14 18:00:45 +02:00
Thomas Tanghus
5b1a14f9ea Contacts: Implement CSRF prevention. 2012-06-14 18:00:13 +02:00
Bjoern Schiessle
60bd2562d8 fixed bug #996: first picture in folder is repeated in the last position behaving like a directory 2012-06-14 15:16:13 +02:00
Bjoern Schiessle
df4737f52a prevent xss attacks also if some javascript ends up in the alt-tag 2012-06-14 14:19:12 +02:00
Bjoern Schiessle
cd759aee00 fixed xss vulnerability in un-packed version of jquery.fancybox and repack it 2012-06-14 13:45:33 +02:00
Bjoern Schiessle
544f97f034 debugging output removed 2012-06-14 13:19:11 +02:00
Bjoern Schiessle
4a47fa255d xss vulnerability fixed for fancybox image viewer 2012-06-14 13:18:59 +02:00
Georg Ehrke
f9af0ef703 fix another ui bug of calendar 2012-06-13 22:21:23 +02:00
Georg Ehrke
92a11011b1 another ui fix 2012-06-13 22:15:12 +02:00
Georg Ehrke
4ff11308a3 fix a ui bug for calendar sharing 2012-06-13 22:13:24 +02:00
Georg Ehrke
e543ec6eb6 show username of the body who shares in the summary 2012-06-13 22:07:30 +02:00
Thomas Tanghus
3e339f3d66 Remove check for encryption. 2012-06-13 19:04:47 +02:00
Michael Gapczynski
7868b25dcc Fix incorrect creation of filesystem for user@group in data folder during shares 2012-06-12 21:34:35 -04:00
Georg Ehrke
48116cf9ab increase version of calendar app to force db upgrade 2012-06-12 19:54:07 +02:00
Georg Ehrke
d54fc6dfd4 increase possible size of uri in database - fix oc-140 2012-06-12 19:54:07 +02:00
Bjoern Schiessle
635a2f8ec9 Label the delete operation "unshare" for files in the "Shared" folder to reduce 
confusion about the operation.
 2012-06-12 16:32:00 +02:00
Bjoern Schiessle
ef6b6ac230 block slashes only for new files and new folders but not for file upload from url (bug #964) 2012-06-12 14:16:09 +02:00
Thomas Tanghus
cee9d400c0 Contacts: Final (for now) fix to encoding probs on import. 2012-06-12 12:33:37 +02:00
Arthur Schiwon
b70226b493 Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 2012-06-12 11:57:36 +02:00
Bjoern Schiessle
4501407283 committed patch (bug #967) to add missing translations for file actions 2012-06-12 11:41:13 +02:00
Thomas Tanghus
210b71502b Fix copy/paste error. 2012-06-11 22:18:14 +02:00
Thomas Tanghus
e0a5e3e992 Fix js for missing address fields. 2012-06-11 22:15:56 +02:00
Thomas Tanghus
c75a7966de Contacts: Fix encoding errors, import errors, developer headache, paint cute kittens and pink clouds ;-) 2012-06-11 22:15:31 +02:00
Arthur Schiwon
266c5238c9 LDAP: offer config option for Group Display Name attribute 2012-06-11 16:50:54 +02:00
Thomas Tanghus
74eece2620 Contacts: Fix NOTE also on add, not just save. 2012-06-11 12:56:41 +02:00
Arthur Schiwon
c110308c1e Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 2012-06-11 12:14:10 +02:00
Arthur Schiwon
7f5e8e39c4 ldap: check array for emptiness, not nullness 2012-06-11 12:13:55 +02:00
Lukas Reschke
6da717b644 Merge branch 'stable4' of gitorious.org:owncloud/owncloud into stable4 
Backport for sanitized user data.
 2012-06-11 11:57:36 +02:00
Lukas Reschke
d294373f47 Sanitzing user input 2012-06-11 11:56:54 +02:00
Lukas Reschke
f8337c9d72 Using POST instead of GET. 2012-06-11 11:56:11 +02:00
Lukas Reschke
cc653a8a40 Sanitize user input 2012-06-11 11:54:45 +02:00
Lukas Reschke
8f09299e24 Sanitizing user input 2012-06-11 11:54:03 +02:00
Bart Visscher
f2216dc9d2 Gallery: Fix database creation on update, also only from version less then 0.5 2012-06-11 11:20:51 +02:00
Thomas Tanghus
c898a8a6c9 Contacts: 11th hour fix for invalid VCARD from CardDAV. 2012-06-10 20:54:52 +02:00
Thomas Tanghus
cdac0eae46 Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 2012-06-10 20:47:35 +02:00
Frank Karlitschek
6a44d02898 XSS-- 2012-06-10 19:54:04 +02:00
Bartek Przybylski
3970be3d7f fix variable name and undefined index notice 2012-06-10 17:25:19 +02:00
Bartek Przybylski
31d48d4ba4 adding missing file 2012-06-10 13:20:49 +02:00
Bartek Przybylski
de6b683b50 fix first time image loading error 2012-06-10 13:19:22 +02:00
Bartek Przybylski
2dca0926b0 gallery: removing search provider for now 2012-06-10 13:19:17 +02:00
Bartek Przybylski
7ee722e0da removing app access check, fix title for links in tiles 2012-06-10 13:18:55 +02:00
Bartek Przybylski
e073cd756c tabs for spaces, fix array key name 2012-06-10 13:18:47 +02:00
Bartek Przybylski
f6c07094c2 hide share button until sharing wont be fixed 2012-06-10 13:18:41 +02:00
Bartek Przybylski
1853a83874 adding navigation bar to gallery 2012-06-10 13:18:36 +02:00
Bartek Przybylski
fe64e625ff remove old code 2012-06-10 13:18:30 +02:00
Bartek Przybylski
f0f9269161 adding missing file 2012-06-10 13:18:17 +02:00
Bartek Przybylski
6682c60866 pictures: update script and removal some all stuff 2012-06-10 13:17:23 +02:00
Bartek Przybylski
9c1cc15c8d adding title when fancybox is displayed 2012-06-10 13:16:19 +02:00
Bartek Przybylski
c932f93a40 replace spaces with tabs, use const and linkTo instead of static path 2012-06-10 13:16:12 +02:00
Bartek Przybylski
276aefba81 hack for file download 2012-06-10 13:16:06 +02:00
Bartek Przybylski
71b4cddd52 removing test image 2012-06-10 13:16:00 +02:00
Bartek Przybylski
c67de113c6 aviod incorrect image size returning in gallery listing 2012-06-10 13:15:51 +02:00
Bartek Przybylski
63c02fd595 use fancybox to display image preview 2012-06-10 13:15:45 +02:00
Bartek Przybylski
7aff5eae6c navigate on galleries 2012-06-10 13:15:39 +02:00
Bartek Przybylski
2b80102909 new db scheme 2012-06-10 13:15:32 +02:00
Bartek Przybylski
9b2b5e0f6d git status 2012-06-10 13:15:23 +02:00
Thomas Tanghus
746994c2be Fixed merge conflict. 2012-06-10 12:59:36 +02:00
Frank Karlitschek
be6848a549 let´s put the files_odfviewer application into the stable4 branch for convinience. We release it as part of ownCloud 4.0.x anyways. 2012-06-09 23:18:56 +02:00
Georg Ehrke
642e7ce110 fix another XSS 2012-06-09 16:44:48 +02:00
Georg Ehrke
f955f6a685 fix XSS in Calendar 2012-06-09 16:36:01 +02:00
Georg Ehrke
ff4b175622 increase height of event dialog 2012-06-09 15:40:27 +02:00
Georg Ehrke
009fbd89b4 fix creation of monthly repeated events 2012-06-09 15:40:27 +02:00
Thomas Tanghus
0f454215e7 Code cleanup. 2012-06-09 15:04:08 +02:00
Thomas Tanghus
59d16c5f9a Contacts: Use POST instead of GET. 2012-06-09 15:02:23 +02:00
Thomas Tanghus
23533a763a Don't fix bugs not present in this branch ;-) 2012-06-08 20:44:58 +02:00
Thomas Tanghus
5eb5d23ac1 Contacts: Closed stupid XSS hole. Thanks AnybodyElse ;-) 
Conflicts:

	apps/contacts/ajax/uploadphoto.php
 2012-06-08 20:43:42 +02:00
Bjoern Schiessle
eb192ff4f3 code cleanup from previous commit 2012-06-08 16:31:12 +02:00
Bjoern Schiessle
cf1430df45 Merge branch 'stable4' of gitorious.org:owncloud/owncloud into stable4 2012-06-08 16:27:07 +02:00
Bjoern Schiessle
0722ff6e32 fix for bug #872: Folders not holding any images are ignored, even if they hold subfolders with images 2012-06-08 16:24:31 +02:00
Arthur Schiwon
0dc371f579 typo in var 2012-06-08 14:58:07 +02:00
Arthur Schiwon
8c7fa15aaf Sharing, fix: connect to hooks from the correct classes 2012-06-08 11:58:00 +02:00
Arthur Schiwon
0f68276921 LDAP: cache the results, reduce LDAP searches 2012-06-07 18:56:06 +02:00
Arthur Schiwon
4beabe23e7 ldap: enable the destructor 2012-06-07 18:15:11 +02:00
Arthur Schiwon
f3f3c791ba ldap: correct query condition and determining of success 2012-06-07 13:40:26 +02:00
Arthur Schiwon
691f00eb39 ldap: check index carefully, can be 0 2012-06-07 13:40:16 +02:00
Thomas Tanghus
9266f4da99 Migration: Fixed wrong download URL: http://forum.owncloud.org/viewtopic.php?f=4&t=2511 2012-06-07 13:10:19 +02:00
Thomas Tanghus
de6d550cce Calendar: Added more explicit sync links and fixed indentation. 2012-06-07 12:22:25 +02:00
Thomas Tanghus
3d48bf18d3 Contacts: Import upload button was obscured on Android browser. 2012-06-07 10:58:15 +02:00
Bjoern Schiessle
bb07c20bf4 fixed var name, $filename should be $foldername 2012-06-06 18:11:23 +02:00
Arthur Schiwon
48ccfa42d3 LDPA: don't drop legal whitespaces when sanitizing DN. Fixes oc-914 2012-06-06 12:31:22 +02:00
Thomas Tanghus
517bd28940 Corrected typos. 2012-06-06 11:49:45 +02:00
Robin Appelman
f1b10fcc93 update translations 2012-06-06 00:29:44 +02:00
Robin Appelman
063c9accb6 prevent creating files with a / the name 2012-06-06 00:04:02 +02:00
Bjoern Schiessle
3a5076d646 show pictures in folder with special characters, e.g. '+' 2012-06-05 17:58:23 +02:00
Arthur Schiwon
769d94ab26 linkTo instead of hard links in Files and Files_Archive. Hope that makes sense. 2012-06-05 14:14:26 +02:00
Bjoern Schiessle
44260a552c xss vulnerability fixed 2012-06-05 10:49:36 +02:00
Bjoern Schiessle
e817504569 xss vulnerability fixed 2012-06-05 10:49:26 +02:00
Bjoern Schiessle
4bc88ef59d prevent xss attacks by manipulating image file names 2012-06-04 18:11:17 +02:00
Bjoern Schiessle
d5566d0267 prevent xss attacks by manipulating text file names 2012-06-04 18:11:08 +02:00
Bjoern Schiessle
c8f670dfab Don't allow user to delete, rename and re-share the "Shared" directory 2012-06-04 14:00:35 +02:00
Arthur Schiwon
8983c6dd6b commited a bit too much before 2012-06-04 13:27:55 +02:00
Thomas Tanghus
d657263403 Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 2012-06-04 13:13:53 +02:00
Thomas Tanghus
74ac2ac63a Contacts: When editing photo on a newly created contact the name in the contact list was cleared. 2012-06-04 13:13:43 +02:00
Arthur Schiwon
b48228ae3d LDAP: link to documentation on settings page 2012-06-04 13:04:18 +02:00
Arthur Schiwon
34464b1f8b LDAP group backend: Set configured true when it is... fixe oc-887 2012-06-01 16:02:04 +02:00
Arthur Schiwon
86279bc192 LDAP group backend: If a group filter is not configured, do not do anything. Fixes oc-867 2012-06-01 14:05:08 +02:00
Frank Karlitschek
e44f9ab46e correctly detect https 2012-06-01 11:47:14 +02:00
Frank Karlitschek
8ed13e627e don´t do warnings. 
Not sure if this start_session call is really needed here.
 2012-06-01 11:08:40 +02:00
Frank Karlitschek
670022cc8a fix the breadcrumb 2012-05-31 21:43:07 +02:00
Frank Karlitschek
c3ccdbaa79 more fixes 2012-05-31 21:14:46 +02:00
Frank Karlitschek
d56966f14f someone broke this completely. Hope it works again. Please check your apache error log and turn php notices on if you work on ajax call 2012-05-31 20:45:39 +02:00
Frank Karlitschek
739c5488a5 Merge branch 'stable4' of gitorious.org:owncloud/owncloud into stable4 2012-05-31 20:17:30 +02:00
Frank Karlitschek
5d425a9f79 use our own serverHost call so that ownCloud works with reverse proxy servers 2012-05-31 20:16:44 +02:00
Georg Ehrke
0059535140 fix potential XSS 2012-05-31 20:03:15 +02:00
Arthur Schiwon
7ec3e37199 LDAP: make queries compatible also with PostgreSQL 2012-05-31 13:06:27 +02:00
Arthur Schiwon
449b9b92f0 LDAP: fix wrong value for input type 2012-05-30 22:37:00 +02:00
Arthur Schiwon
93849916bb LDAP: support for 'member' as group-member-association 2012-05-30 22:36:48 +02:00
Frank Karlitschek
4dc7ed139b don´t hardcode /tmp 2012-05-30 14:18:47 +02:00
Thomas Tanghus
6515c5c1e7 Contacts: NOTE wasn't saved properly. 2012-05-29 16:45:52 +02:00
Georg Ehrke
1c1ed52867 fix status 
of timezone detection
 2012-05-29 13:14:36 +02:00
Brice Maron
d1f0261b5d Correct typo in last_insert_id for calendar and pg fix #oc-731 2012-05-28 20:57:52 +00:00
Thomas Tanghus
cf113409ad Contacts: Fix XSS. 2012-05-28 14:41:48 +02:00
Thomas Tanghus
53da328aa1 Contacts: Double check XSS. 2012-05-28 12:56:56 +02:00
Thomas Tanghus
8bd6d862b8 Please don't tell me I did that :-P 2012-05-28 12:52:18 +02:00
Georg Ehrke
5b7ef90d3a add urlencode for caldav link 2012-05-28 10:50:10 +02:00
Robin Appelman
3db5fb891c allow longer paths for gallery 2012-05-26 21:54:49 +02:00
Georg Ehrke
1645f77aad fix share for users with a point within their name 2012-05-26 15:41:32 +02:00
Brice Maron
2774ff1ad8 Add HEAD request management for files ajax/download.php 2012-05-25 11:19:38 +02:00
Michael Gapczynski
d8ca4f78cf Fix private link sharing via email, fix for bug oc-750 2012-05-23 19:36:39 -04:00
Brice Maron
20e9903396 Correct small style problem with task app fix #oc-689 2012-05-23 22:36:36 +00:00
Frank Karlitschek
647888eea2 add a ldap encryption warning 2012-05-22 12:35:28 +02:00
Thomas Tanghus
54a3717005 Contacts: Backport XSS fix. 2012-05-21 21:49:35 +02:00
Frank Karlitschek
d7c09d8bb5 add a warning 2012-05-20 10:59:37 +02:00
Michael Gapczynski
5a48ade933 Make sure sharing and versions dropdowns come down in the same location for all files 2012-05-19 11:24:23 -04:00