Commit graph

21 commits

Author SHA1 Message Date
Lukas Reschke
becde58952
Add sudo mode to enabling and disabling apps
Otherwise an administrator could bypass sudo mode by installing an app that allows RCE by design. I've by intention excluded the update endpoint from the requirement because updating apps should be as unintruisive as possible.

Not the cleanest approach by adding this to the AJAX endpoints instead of requiring a controller but for 11 this felt safer for me. We can clean this up together later then. (also the other AJAX endpoints in this folder do have the same logic)

Ref https://github.com/nextcloud/server/issues/2487

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-05 15:12:28 +01:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Thomas Müller
682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Joas Schilling
d01cfde982 Correctly purge the cache when an app is disabled via cli 2015-04-01 15:43:38 +02:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Morris Jobke
06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Lukas Reschke
a7df23ceba Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈

Fixes https://github.com/owncloud/core/issues/14196 for core
2015-02-13 13:33:20 +01:00
Lukas Reschke
b8b4df5425 Cache responses from the AppStore server
Otherwise every time the AppStore was opened a lot of connections to the AppStore server were made which resulted in a terrible performance.

This changeset will cache the response for a sensible time so that only the first request will be somewhat slow.

Performance changes:
- Loading a category took previously more than 3 seconds on my machine. Now for every follow-up request it takes less than 200ms, resulting in a performance gain of 1950%
- Loading the category list took previously about 750ms - now it takes 154ms, a total performance gain of 395%
2015-01-09 19:49:59 +01:00
Georg Ehrke
eea501b847 various fixes as requested by pr reviewers 2014-06-02 21:39:15 +02:00
Georg Ehrke
2bcfd8e084 make it possible to update shipped apps via the appstore 2014-05-31 12:17:54 +02:00
Bart Visscher
9dddcae9ca Remove invalid characters from app id to prevent loading of invalid resources 2013-02-09 15:10:40 +01:00
Lukas Reschke
9b9f5b1a8a Remove setContentTypeHeader()
`OC_JSON::success` and `OC_JSON::error` are calling
`OC_JSON::encodedPrint`, which already sets these headers. So this two
calls are uneeded duplicates.
2013-01-11 17:09:36 +01:00
Bart Visscher
bb136b9adf Make the settings ajax calls use the router 2012-10-02 18:00:23 +02:00
Thomas Mueller
ebb28412ca no more require_once() 2012-09-05 23:28:59 +02:00
Lukas Reschke
93579d88dc CSRF checks 2012-07-20 20:39:20 +02:00
Robin Appelman
d8864d4f4b show error when installing an app has failed 2012-04-14 12:57:10 +02:00
Bart Visscher
9a5d517ec2 Add more checks for admin user 2011-09-30 23:17:30 +02:00
Bart Visscher
17e631bc5e Use OC_JSON for json responses
Create OC_JSON class, for single point of creating json responses.
No real logic change, this just cleans up the code a bit.
2011-09-25 22:19:28 +02:00
Jan-Christoph Borchardt
4a5ee765cf merged admin, help and settings to settings 2011-08-13 05:13:34 +02:00
Renamed from admin/ajax/disableapp.php (Browse further)