Commit graph

227 commits

Author SHA1 Message Date
Lukas Reschke
f4142bd2a8 Move isUserVerified to OC_Util 2012-10-16 00:47:38 +02:00
Lukas Reschke
1a187d1ca5 Fix PHP notice 2012-10-16 00:47:38 +02:00
Lukas Reschke
fa71e51e67 Use /dev/urandom instead of /dev/random
The usage of /dev/urandom is enough secure
2012-10-15 19:21:37 +02:00
Lukas Reschke
6e045b9ea1 Check if $_Post 2012-10-15 17:42:38 +02:00
Lukas Reschke
d33bec09fe Verify password page for users 2012-10-15 17:42:38 +02:00
Lukas Reschke
f08ff3b6e6 Correct formatting 2012-10-15 15:25:40 +03:00
Lukas Reschke
c930ac9f88 Merge pull request #30 from visit1985/logonpage
extend logon page to display multiple error messages
2012-10-15 03:52:11 -07:00
Bart Visscher
4af5b016cc Whitespace cleanup 2012-10-14 21:04:08 +02:00
Michael Göhler
7095b3a083 extend logon page to display multiple error messages 2012-10-14 19:57:24 +02:00
Lukas Reschke
2c427f050e Show a warning in the installer if no secure RNG is available 2012-10-14 17:18:30 +02:00
Lukas Reschke
d6c4b83f13 Fallback to /dev/random if openssl_random_pseudo_bytes not available 2012-10-14 16:14:45 +02:00
Björn Schießle
cb91e27ab3 check if directory already exist before executing mkdir 2012-10-12 16:31:03 +02:00
Bart Visscher
351f724193 whitespace fixes 2012-10-12 15:47:41 +02:00
Frank Karlitschek
fe5b4d2fba marks as 5.0 pre alpha 2012-10-10 15:35:19 +02:00
Frank Karlitschek
8e0676a66b 4.5 final 2012-10-09 16:02:01 +02:00
Frank Karlitschek
67a4aa7cf0 RC 3 2012-10-08 23:58:17 +02:00
Frank Karlitschek
5eaf95eedd check for SimpleXML which seems to bw non default on Free BSD 2012-10-06 17:37:38 +02:00
Frank Karlitschek
2d86258fc3 RC2 2012-10-03 12:39:48 +02:00
Frank Karlitschek
3fdebaa5dc automatically remove and prevent installation of apps with a require version less than the current one. We check now the first ad second part of the version number.
Also increase the require tags of the core apps to 4.9 Please note that 4.9 is the internal versionnumber of the upcoming 4.5 release.
You have to pu a <require>4.9</require> into the info.xml of your app to make it as compatible with 4.5
2012-10-02 12:10:45 +02:00
Robin Appelman
91d12a2f3d update the filecache by setting mtimes to 0 when the mount configuration has changed instead of clearing the cache 2012-09-30 16:12:16 +02:00
Lukas Reschke
ef57e9294b Fallback for systems without openssl 2012-09-29 16:44:02 +02:00
Lukas Reschke
578aa4e425 Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:18:38 +02:00
Lukas Reschke
bd804b74c4 mt_rand() is not secure from a security point of view and predictable. Let's use openssl_random_pseudo_bytes() instead.
Before: 26 bits entropy
After: 72 bits entropy
2012-09-29 15:03:09 +02:00
Bart Visscher
22d22d19c0 Do urlencoding in linkTo functions 2012-09-28 22:27:52 +02:00
Christian Reiner
4dbd4c35c5 Merge branch 'master' of git://github.com/owncloud/core 2012-09-28 13:31:01 +02:00
Christian Reiner
743826bbf3 Reimplementation of CSRF protection including autorefresh 2012-09-28 13:30:44 +02:00
Robin Appelman
e8df2eeefc some more sane column sizes for appconfig and preferences 2012-09-27 22:49:01 +02:00
Frank Karlitschek
cf14ad2f7d RC 1 2012-09-27 04:10:19 +02:00
Robin Appelman
74ec2765b3 db indexes for appconfig and preferences 2012-09-20 01:36:52 +02:00
Frank Karlitschek
fe7288b65a beta 4 2012-09-19 16:32:40 +02:00
Arthur Schiwon
93d0defe9a set configuvalue in table appconfig back to clob. Likely to break LDAP settings, probably responsible for some bugs with it. Might also cause damage in other apps. That's why it was once already set to clob 2012-09-19 12:55:07 +02:00
Frank Karlitschek
a3718ca036 i just learned that we also have to check if directories are readable. it seams that is_readable also checks for 'x' right. 2012-09-16 22:49:03 +02:00
Frank Karlitschek
5a149dcfab mark as an updated beta 3 with some more fixes 2012-09-13 11:39:26 +02:00
Frank Karlitschek
f31264a0c2 this is now 4.5 beta 3 2012-09-12 12:12:23 +02:00
Michael Gapczynski
60feaf9abf Merge branch 'master' into share_expiration
Conflicts:
	core/js/share.js
	lib/util.php
2012-09-12 01:06:57 -04:00
Michael Gapczynski
b194ac3dde Add expiration column to share table and bump version number 2012-09-12 01:01:45 -04:00
Thomas Mueller
5c1a79210f added hint to restart the web server in case recetly installed php modules are still not available 2012-09-11 23:51:12 +02:00
Thomas Mueller
3829460ab8 adding space between) and { 2012-09-07 15:22:01 +02:00
Frank Karlitschek
294cff27a7 add check for zlib 2012-09-07 01:39:11 +02:00
Robin Appelman
d4fd47d43f clear user filecache after the user mount configuration has changed 2012-09-06 23:14:43 +02:00
Bart Visscher
5153b8b293 Add url-params to url with new parameter in linkTo function 2012-09-03 21:51:32 +02:00
Frank Karlitschek
bb65e173d4 4.5 beta 2 2012-09-03 20:38:50 +02:00
Bart Visscher
c958d5ba80 Fix filesystem setup for shared public link with logged in user 2012-08-29 21:35:55 +02:00
Michael Gapczynski
8d490b9880 Fix shared storage working with user backend defined data directories 2012-08-29 14:39:13 -04:00
Bart Visscher
db18218a1b Space before tab fixes 2012-08-29 20:34:44 +02:00
Bart Visscher
52f2e7112e Whitespace fixes in lib 2012-08-29 20:28:45 +02:00
Michael Gapczynski
fd2ca21fc2 Allow share_with column to be null for links 2012-08-28 09:51:00 -04:00
Frank Karlitschek
70b71338cd beta 1 2012-08-28 07:22:31 +02:00
Georg Ehrke
ead7de6bff only mount every single homefolder when using sharing app 2012-08-27 16:10:37 +02:00
Georg Ehrke
b56a46bdea fix filesharing for multiple data directories 2012-08-27 15:55:46 +02:00
Georg Ehrke
045c94ec3e enable user backends to define their own place where to store the data 2012-08-26 22:04:31 +02:00
Frank Karlitschek
1d7018158e 4.5 alpha 1 2012-08-21 18:47:26 +02:00
Michael Gapczynski
cb0464ca4e Bump version number for Share API 2012-08-19 22:36:19 -04:00
Jakob Sack
1d7e3071e0 bump version to reate new tables 2012-08-11 17:32:17 +02:00
Bart Visscher
667cd318fe Use OC_Util::displayLoginPage and cleanup the function 2012-08-10 11:43:04 +02:00
Bart Visscher
c4f1a1de5b Added function to make url absolute 2012-08-07 20:43:00 +02:00
Bart Visscher
fe6450002d Change hardcoded urls to use linkTo function 2012-08-06 18:51:41 +02:00
Georg Ehrke
e1d14ab461 Merge branch 'master' into subadmin 2012-07-26 16:47:05 +02:00
Robin Appelman
856d9c0b54 some indention fixes 2012-07-24 00:39:59 +02:00
Georg Ehrke
5508a95065 Merge branch 'master' into subadmin 2012-07-21 13:14:52 +02:00
Robin Appelman
48306a3c4f fix unused variables 2012-07-20 17:58:05 +02:00
Georg Ehrke
e707e94857 subadmins can now add users 2012-07-15 16:31:28 +02:00
Georg Ehrke
d0b625352c some work on subadmins 2012-07-09 21:51:19 +02:00
Bart Visscher
280c59e914 More helpfull debug msg for redirectToDefaultPage 2012-07-04 17:51:07 +02:00
Bart Visscher
432aa58bab Spelling fixes 2012-06-22 17:21:56 +02:00
Brice Maron
115c30bdb4 Enhance hint about writable app directory 2012-06-22 13:57:54 +02:00
Brice Maron
84b9ac2678 Correct writable check for app dir 2012-06-21 19:35:34 +00:00
Frank Karlitschek
e95055b2bd check if the data directory is accessible via http. Show a big security warning if yes 2012-06-21 14:07:04 +02:00
Bart Visscher
7a3d606cac Prefer requested app before redirecting to default page 2012-06-20 17:10:49 +02:00
Bart Visscher
6404476bec Delay setup of FS until OC_Filesystem is used 2012-06-20 17:10:49 +02:00
Bart Visscher
5c8e774cea Small code reorder 2012-06-20 17:10:48 +02:00
Bart Visscher
f54ef5a464 Remove OC::$CONFIG_DATADIRECTORY, not used 2012-06-19 22:54:14 +02:00
Bart Visscher
d8b32c2f0e Move check code from setupFS to checkServer 2012-06-19 22:54:13 +02:00
Bjoern Schiessle
d2936bd90c introducing a sanitize HTML function for the internal and the public API. This
allows to easily convert strings to HTML before displaying them on the web page
to reduce the risk of xss vulnerabilities.
2012-06-19 17:20:19 +02:00
Thomas Tanghus
89464721c7 Added JSON methods for CSRF prevention. Make request token accessible from template and add js var. 2012-06-13 17:33:19 +02:00
Frank Karlitschek
9e9c40eabd fix time call 2012-06-13 17:27:49 +02:00
Thomas Tanghus
2ee809fd86 Allow same host redirects (/somepath). 2012-06-11 15:21:37 +02:00
Frank Karlitschek
cd16c5e479 implement a simple request token session garbage collector 2012-06-11 12:13:08 +02:00
Michael Gapczynski
3c57fb935b Mount personal mount points into filesystem 2012-06-10 16:34:44 -04:00
Thomas Tanghus
b16136642b Bump version to trigger db update. 2012-06-09 16:05:21 +02:00
Frank Karlitschek
344299a074 add two csrf check calls. Review and lot´s of porting needed. 2012-06-09 15:05:14 +02:00
Robin Appelman
dcf1eed816 add unique instance id 2012-06-05 19:32:48 +02:00
Bart Visscher
9d936976a9 Make check for writable apps dir configurable 2012-06-05 17:51:52 +02:00
Bart Visscher
4a5973662c Merge branch 'unstable'
Conflicts:
	apps/files_external/tests/config.php
	apps/files_versions/ajax/getVersions.php
	apps/files_versions/appinfo/app.php
	apps/files_versions/history.php
	apps/files_versions/js/versions.js
	apps/files_versions/templates/history.php
	apps/files_versions/versions.php
	lib/base.php
2012-06-04 23:02:05 +02:00
Frank Karlitschek
4aa96de537 add a check for pdo 2012-06-01 20:00:33 +02:00
Frank Karlitschek
07e1e3a945 check if apps folder is writable 2012-06-01 19:54:07 +02:00
Frank Karlitschek
c0db603d29 this is 5 pre alpha now 2012-05-19 18:21:33 +02:00
Michael Gapczynski
90cbc32c77 Fix redirect after login, prevent open redirects 2012-05-18 16:56:48 -04:00
Frank Karlitschek
2d3c709163 Merge branch 'master' of gitorious.org:owncloud/owncloud 2012-05-18 15:56:15 +02:00
Frank Karlitschek
2e9115efe0 increase to RC2 2012-05-18 15:54:17 +02:00
Michiel de Jong
a6ff909911 this code looks wrong to me but i'm putting it back while we find out what the right code should look like 2012-05-18 15:39:28 +02:00
Michiel de Jong
1a874b4c56 make redirect safe by restricting it to current host 2012-05-18 15:32:41 +02:00
Michiel de Jong
9b5e8a2c63 fix redirect to desired page after login 2012-05-18 15:11:01 +02:00
Bart Visscher
ce1e4425c2 Combine and minimize core and default app js files 2012-05-16 18:53:46 +02:00
Bart Visscher
f71fec8cdc Combine and minimize core and default app css files 2012-05-16 18:53:46 +02:00
Frank Karlitschek
af77ce9a9b This is RC now 2012-05-13 05:11:10 +02:00
Bart Visscher
b022ccb863 Whitespace fixes 2012-05-10 09:14:26 +02:00
Michael Gapczynski
051442bc76 Sanitize redirect urls 2012-05-08 17:41:50 -04:00
Frank Karlitschek
43978abd80 increase to 4 beta 2012-05-07 22:58:22 +02:00
Frank Karlitschek
e2fb094693 some more porting 2012-05-01 21:07:08 +02:00