test files against ignore_files list on upload
fix typo and indentation
Move blacklist declaration to lib/public/Files/FileInfo.php,
Rename *ignored to *blacklisted
Mocked blacklist_files for testing
Mocked blacklist_files for testing
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.
This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
this fixes#3634
1. fixed computerFileSize to be more picky about incorrect values
2. more tests for computerFileSize
3. use computerFileSize to validate user quota
Signed-off-by: Artur Neumann <info@individual-it.net>
This commit further changes the behavior of getURLParmeter to handle
encoded parameter values and returns the decoded string and improves
behavior for parameters without value and multiple equals and other
similar cases which did not work before. See the comments at
http://stackoverflow.com/questions/1403888/get-escaped-url-parameter for
a list of the issues handled by the updated implementation.
This change does not change the general behavior of the function. Empty
or non existing parameters still return an empty string ('').
This commit changes the behavior of getURLParameter(name) to return an
empty string when the parameter is not set or has empty value. Before it
returned 'null' as string.
setupMainMenu() & setupUserMenu():
Changed click delegate to add the spinner animation only the primary mouse button was clicked without ctrl- or meta-key modifier
Adding mouseup delegate to hide the menu if the middle mouse button was clicked.
Redone #778
Whenever a user navigates away, all ajax calls will fail with the same
result like a cross-domain redirect (SSO). To distinguish these cases,
we need to detect whether the error is a result of the user navigating
away. For this, we introduce a new flag that will be set in
"beforeunload".
Additional handling was required for false positives in case "beforeunload" is
used (ex: cancelled upload) and the user cancelled the navigation.
host can contain the port (host of http://example.com:1234 is
example.com:1234) while hostname never contains a port. They can however
be similar. If you navigate to http://example.com then both host and
hostname will be example.com.
* Fixed docs
* added getHostName function
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.
Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.
Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjPhttp://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/
Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
All IE versions are not able to properly upscale SVG icons unless the
said SVG files contain a "viewBox" attribute, which is not always the
case. Also we cannot guarantee that all third party apps will have this
attribute in their icons.
So for now, app icons will not be displayed in IE instead of broken
ones.
- calculate multiselect header width to exclude scrollbar
- call FileList._onResize() when sidebar is toggled ("appresized"), this
also updates the breadcrumb width
- moved global getScrollBarWidth() to OC.Util namespace
Added hack that uses a "filter" CSS with explicit URL to fix the "New"
menu by scaling down icons and also fix the folder/filetype icon in the sidebar
by scaling it up.
If a response to a $.ajax() request returns a content type of "application/javascript"
JQuery would previously execute the response body. This is a pretty unexpected
behaviour and can result in a bypass of our Content-Security-Policy as well as
multiple unexpected XSS vectors.
Controls bar calculation needs to take the sidebar visibility into
account.
Recalculation is now triggered when sidebar is toggled, using a new
app-content event "appresized".
