Lukas Reschke
|
ef57e9294b
|
Fallback for systems without openssl
|
2012-09-29 16:44:02 +02:00 |
|
Lukas Reschke
|
578aa4e425
|
Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
|
2012-09-29 15:18:38 +02:00 |
|
Lukas Reschke
|
bd804b74c4
|
mt_rand() is not secure from a security point of view and predictable. Let's use openssl_random_pseudo_bytes() instead.
Before: 26 bits entropy
After: 72 bits entropy
|
2012-09-29 15:03:09 +02:00 |
|
Bart Visscher
|
22d22d19c0
|
Do urlencoding in linkTo functions
|
2012-09-28 22:27:52 +02:00 |
|
Christian Reiner
|
4dbd4c35c5
|
Merge branch 'master' of git://github.com/owncloud/core
|
2012-09-28 13:31:01 +02:00 |
|
Christian Reiner
|
743826bbf3
|
Reimplementation of CSRF protection including autorefresh
|
2012-09-28 13:30:44 +02:00 |
|
Robin Appelman
|
e8df2eeefc
|
some more sane column sizes for appconfig and preferences
|
2012-09-27 22:49:01 +02:00 |
|
Frank Karlitschek
|
cf14ad2f7d
|
RC 1
|
2012-09-27 04:10:19 +02:00 |
|
Robin Appelman
|
93292516d9
|
Merge branch 'master' into filesystem
|
2012-09-22 14:28:14 +02:00 |
|
Robin Appelman
|
74ec2765b3
|
db indexes for appconfig and preferences
|
2012-09-20 01:36:52 +02:00 |
|
Frank Karlitschek
|
fe7288b65a
|
beta 4
|
2012-09-19 16:32:40 +02:00 |
|
Arthur Schiwon
|
93d0defe9a
|
set configuvalue in table appconfig back to clob. Likely to break LDAP settings, probably responsible for some bugs with it. Might also cause damage in other apps. That's why it was once already set to clob
|
2012-09-19 12:55:07 +02:00 |
|
Frank Karlitschek
|
a3718ca036
|
i just learned that we also have to check if directories are readable. it seams that is_readable also checks for 'x' right.
|
2012-09-16 22:49:03 +02:00 |
|
Frank Karlitschek
|
5a149dcfab
|
mark as an updated beta 3 with some more fixes
|
2012-09-13 11:39:26 +02:00 |
|
Frank Karlitschek
|
f31264a0c2
|
this is now 4.5 beta 3
|
2012-09-12 12:12:23 +02:00 |
|
Michael Gapczynski
|
60feaf9abf
|
Merge branch 'master' into share_expiration
Conflicts:
core/js/share.js
lib/util.php
|
2012-09-12 01:06:57 -04:00 |
|
Michael Gapczynski
|
b194ac3dde
|
Add expiration column to share table and bump version number
|
2012-09-12 01:01:45 -04:00 |
|
Thomas Mueller
|
5c1a79210f
|
added hint to restart the web server in case recetly installed php modules are still not available
|
2012-09-11 23:51:12 +02:00 |
|
Robin Appelman
|
bd83422095
|
put filestorages in a namespace
|
2012-09-07 18:30:48 +02:00 |
|
Thomas Mueller
|
3829460ab8
|
adding space between) and {
|
2012-09-07 15:22:01 +02:00 |
|
Frank Karlitschek
|
294cff27a7
|
add check for zlib
|
2012-09-07 01:39:11 +02:00 |
|
Robin Appelman
|
d4fd47d43f
|
clear user filecache after the user mount configuration has changed
|
2012-09-06 23:14:43 +02:00 |
|
Bart Visscher
|
5153b8b293
|
Add url-params to url with new parameter in linkTo function
|
2012-09-03 21:51:32 +02:00 |
|
Frank Karlitschek
|
bb65e173d4
|
4.5 beta 2
|
2012-09-03 20:38:50 +02:00 |
|
Bart Visscher
|
c958d5ba80
|
Fix filesystem setup for shared public link with logged in user
|
2012-08-29 21:35:55 +02:00 |
|
Michael Gapczynski
|
8d490b9880
|
Fix shared storage working with user backend defined data directories
|
2012-08-29 14:39:13 -04:00 |
|
Bart Visscher
|
db18218a1b
|
Space before tab fixes
|
2012-08-29 20:34:44 +02:00 |
|
Bart Visscher
|
52f2e7112e
|
Whitespace fixes in lib
|
2012-08-29 20:28:45 +02:00 |
|
Michael Gapczynski
|
fd2ca21fc2
|
Allow share_with column to be null for links
|
2012-08-28 09:51:00 -04:00 |
|
Frank Karlitschek
|
70b71338cd
|
beta 1
|
2012-08-28 07:22:31 +02:00 |
|
Georg Ehrke
|
ead7de6bff
|
only mount every single homefolder when using sharing app
|
2012-08-27 16:10:37 +02:00 |
|
Georg Ehrke
|
b56a46bdea
|
fix filesharing for multiple data directories
|
2012-08-27 15:55:46 +02:00 |
|
Georg Ehrke
|
045c94ec3e
|
enable user backends to define their own place where to store the data
|
2012-08-26 22:04:31 +02:00 |
|
Frank Karlitschek
|
1d7018158e
|
4.5 alpha 1
|
2012-08-21 18:47:26 +02:00 |
|
Michael Gapczynski
|
cb0464ca4e
|
Bump version number for Share API
|
2012-08-19 22:36:19 -04:00 |
|
Jakob Sack
|
1d7e3071e0
|
bump version to reate new tables
|
2012-08-11 17:32:17 +02:00 |
|
Bart Visscher
|
667cd318fe
|
Use OC_Util::displayLoginPage and cleanup the function
|
2012-08-10 11:43:04 +02:00 |
|
Bart Visscher
|
c4f1a1de5b
|
Added function to make url absolute
|
2012-08-07 20:43:00 +02:00 |
|
Bart Visscher
|
fe6450002d
|
Change hardcoded urls to use linkTo function
|
2012-08-06 18:51:41 +02:00 |
|
Georg Ehrke
|
e1d14ab461
|
Merge branch 'master' into subadmin
|
2012-07-26 16:47:05 +02:00 |
|
Robin Appelman
|
856d9c0b54
|
some indention fixes
|
2012-07-24 00:39:59 +02:00 |
|
Georg Ehrke
|
5508a95065
|
Merge branch 'master' into subadmin
|
2012-07-21 13:14:52 +02:00 |
|
Robin Appelman
|
48306a3c4f
|
fix unused variables
|
2012-07-20 17:58:05 +02:00 |
|
Georg Ehrke
|
e707e94857
|
subadmins can now add users
|
2012-07-15 16:31:28 +02:00 |
|
Georg Ehrke
|
d0b625352c
|
some work on subadmins
|
2012-07-09 21:51:19 +02:00 |
|
Bart Visscher
|
280c59e914
|
More helpfull debug msg for redirectToDefaultPage
|
2012-07-04 17:51:07 +02:00 |
|
Bart Visscher
|
432aa58bab
|
Spelling fixes
|
2012-06-22 17:21:56 +02:00 |
|
Brice Maron
|
115c30bdb4
|
Enhance hint about writable app directory
|
2012-06-22 13:57:54 +02:00 |
|
Brice Maron
|
84b9ac2678
|
Correct writable check for app dir
|
2012-06-21 19:35:34 +00:00 |
|
Frank Karlitschek
|
e95055b2bd
|
check if the data directory is accessible via http. Show a big security warning if yes
|
2012-06-21 14:07:04 +02:00 |
|
Bart Visscher
|
7a3d606cac
|
Prefer requested app before redirecting to default page
|
2012-06-20 17:10:49 +02:00 |
|
Bart Visscher
|
6404476bec
|
Delay setup of FS until OC_Filesystem is used
|
2012-06-20 17:10:49 +02:00 |
|
Bart Visscher
|
5c8e774cea
|
Small code reorder
|
2012-06-20 17:10:48 +02:00 |
|
Bart Visscher
|
f54ef5a464
|
Remove OC::$CONFIG_DATADIRECTORY, not used
|
2012-06-19 22:54:14 +02:00 |
|
Bart Visscher
|
d8b32c2f0e
|
Move check code from setupFS to checkServer
|
2012-06-19 22:54:13 +02:00 |
|
Bjoern Schiessle
|
d2936bd90c
|
introducing a sanitize HTML function for the internal and the public API. This
allows to easily convert strings to HTML before displaying them on the web page
to reduce the risk of xss vulnerabilities.
|
2012-06-19 17:20:19 +02:00 |
|
Thomas Tanghus
|
89464721c7
|
Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.
|
2012-06-13 17:33:19 +02:00 |
|
Frank Karlitschek
|
9e9c40eabd
|
fix time call
|
2012-06-13 17:27:49 +02:00 |
|
Thomas Tanghus
|
2ee809fd86
|
Allow same host redirects (/somepath).
|
2012-06-11 15:21:37 +02:00 |
|
Frank Karlitschek
|
cd16c5e479
|
implement a simple request token session garbage collector
|
2012-06-11 12:13:08 +02:00 |
|
Michael Gapczynski
|
3c57fb935b
|
Mount personal mount points into filesystem
|
2012-06-10 16:34:44 -04:00 |
|
Thomas Tanghus
|
b16136642b
|
Bump version to trigger db update.
|
2012-06-09 16:05:21 +02:00 |
|
Frank Karlitschek
|
344299a074
|
add two csrf check calls. Review and lot´s of porting needed.
|
2012-06-09 15:05:14 +02:00 |
|
Robin Appelman
|
dcf1eed816
|
add unique instance id
|
2012-06-05 19:32:48 +02:00 |
|
Bart Visscher
|
9d936976a9
|
Make check for writable apps dir configurable
|
2012-06-05 17:51:52 +02:00 |
|
Bart Visscher
|
4a5973662c
|
Merge branch 'unstable'
Conflicts:
apps/files_external/tests/config.php
apps/files_versions/ajax/getVersions.php
apps/files_versions/appinfo/app.php
apps/files_versions/history.php
apps/files_versions/js/versions.js
apps/files_versions/templates/history.php
apps/files_versions/versions.php
lib/base.php
|
2012-06-04 23:02:05 +02:00 |
|
Frank Karlitschek
|
4aa96de537
|
add a check for pdo
|
2012-06-01 20:00:33 +02:00 |
|
Frank Karlitschek
|
07e1e3a945
|
check if apps folder is writable
|
2012-06-01 19:54:07 +02:00 |
|
Frank Karlitschek
|
c0db603d29
|
this is 5 pre alpha now
|
2012-05-19 18:21:33 +02:00 |
|
Michael Gapczynski
|
90cbc32c77
|
Fix redirect after login, prevent open redirects
|
2012-05-18 16:56:48 -04:00 |
|
Frank Karlitschek
|
2d3c709163
|
Merge branch 'master' of gitorious.org:owncloud/owncloud
|
2012-05-18 15:56:15 +02:00 |
|
Frank Karlitschek
|
2e9115efe0
|
increase to RC2
|
2012-05-18 15:54:17 +02:00 |
|
Michiel de Jong
|
a6ff909911
|
this code looks wrong to me but i'm putting it back while we find out what the right code should look like
|
2012-05-18 15:39:28 +02:00 |
|
Michiel de Jong
|
1a874b4c56
|
make redirect safe by restricting it to current host
|
2012-05-18 15:32:41 +02:00 |
|
Michiel de Jong
|
9b5e8a2c63
|
fix redirect to desired page after login
|
2012-05-18 15:11:01 +02:00 |
|
Bart Visscher
|
ce1e4425c2
|
Combine and minimize core and default app js files
|
2012-05-16 18:53:46 +02:00 |
|
Bart Visscher
|
f71fec8cdc
|
Combine and minimize core and default app css files
|
2012-05-16 18:53:46 +02:00 |
|
Frank Karlitschek
|
af77ce9a9b
|
This is RC now
|
2012-05-13 05:11:10 +02:00 |
|
Bart Visscher
|
b022ccb863
|
Whitespace fixes
|
2012-05-10 09:14:26 +02:00 |
|
Michael Gapczynski
|
051442bc76
|
Sanitize redirect urls
|
2012-05-08 17:41:50 -04:00 |
|
Frank Karlitschek
|
43978abd80
|
increase to 4 beta
|
2012-05-07 22:58:22 +02:00 |
|
Frank Karlitschek
|
e2fb094693
|
some more porting
|
2012-05-01 21:07:08 +02:00 |
|
Marvin Thomas Rabe
|
7ded9cf520
|
Checks if config folder is writable on begin of the installation.
|
2012-05-01 16:35:46 +02:00 |
|
Frank Karlitschek
|
e1268cd5f4
|
we require php 5.3 now. so please notify the user if an old version is in use
|
2012-04-30 13:28:31 +02:00 |
|
Georg Ehrke
|
993d655aad
|
Merge branch 'master' into movable_apps_2
|
2012-04-27 10:30:50 +02:00 |
|
Frank Karlitschek
|
74b5e22a68
|
some more csrf fixes
|
2012-04-26 23:17:46 +02:00 |
|
Georg Ehrke
|
eb29c577c2
|
Merge branch 'master' into movable_apps
|
2012-04-18 12:20:09 +02:00 |
|
Georg Ehrke
|
3e0e6e35f4
|
open app thru index.php
|
2012-04-18 08:20:51 +02:00 |
|
Arthur Schiwon
|
57b8ff890c
|
check if PHP mod GD is installed
|
2012-04-17 19:09:41 +02:00 |
|
Arthur Schiwon
|
d24abc3b9d
|
check if PHP mod JSON is installed
|
2012-04-17 19:06:45 +02:00 |
|
Robin Appelman
|
5720bd296d
|
merge log into admin
|
2012-04-16 12:21:48 +02:00 |
|
Jan-Christoph Borchardt
|
f16cfbab5e
|
improved installation instructions
|
2012-04-14 18:44:32 +02:00 |
|
Frank Karlitschek
|
637db92e60
|
increase version to show that we are not the same as stable
|
2012-04-11 09:20:28 +02:00 |
|
Frank Karlitschek
|
6545e48787
|
Show the different editions to the user. Used in the status call, on the personal settings page and in the updater to update to the next available version from the same edition.
|
2012-04-01 11:20:12 +02:00 |
|
Robin Appelman
|
7552390031
|
add path_hash to the filesystem cache
|
2012-03-30 18:12:33 +02:00 |
|
Robin Appelman
|
d4d09b06f8
|
merge master into encryption
|
2012-02-26 14:21:06 +01:00 |
|
Robin Appelman
|
dda79a90cf
|
don't limit ourselfs to 32bit integers
|
2012-02-25 16:51:59 +01:00 |
|
Robin Appelman
|
ea8f71a19c
|
Merge branch 'master' into encryption
|
2012-02-25 16:36:58 +01:00 |
|
Arthur Schiwon
|
ca874a3ad7
|
remove limit from configvalue for long config values
|
2012-02-24 14:18:09 +01:00 |
|
Robin Appelman
|
6658f51098
|
provide early file system when using webdav
|
2012-02-21 20:48:48 +01:00 |
|