Commit graph

7152 commits

Author SHA1 Message Date
Lukas Reschke
f5fe95a131 Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:15:35 +02:00
Lukas Reschke
bd804b74c4 mt_rand() is not secure from a security point of view and predictable. Let's use openssl_random_pseudo_bytes() instead.
Before: 26 bits entropy
After: 72 bits entropy
2012-09-29 15:03:09 +02:00
Jenkins for ownCloud
dc66e94ee3 [tx-robot] updated from transifex 2012-09-29 02:04:55 +02:00
Jenkins for ownCloud
27bd9df027 [tx-robot] updated from transifex 2012-09-28 23:36:09 +02:00
Thomas Müller
7f6a984e57 Merge pull request #20 from scambra/undo-l10n
undo interpolation in js for 4.5
2012-09-28 14:32:44 -07:00
Bart Visscher
22d22d19c0 Do urlencoding in linkTo functions 2012-09-28 22:27:52 +02:00
Bart Visscher
fed34aecfa Fix syntax error in removeETagHook 2012-09-28 21:30:06 +02:00
Bart Visscher
9c4c79346c After selecting a search result, hide the results 2012-09-28 21:18:20 +02:00
Bart Visscher
24bb7d16b7 urlencode filename in search result, fixes problems with & in name 2012-09-28 21:18:20 +02:00
Bart Visscher
366ae6661d Simplify generating file search results 2012-09-28 21:18:20 +02:00
Bart Visscher
4e2f575938 Correctly fix oc-1016 and fix downloading of files 2012-09-28 21:18:20 +02:00
Lukas Reschke
cfc9839812 Merge pull request #19 from arkascha/master
Reimplementation of CSRF protection strategy
2012-09-28 10:54:11 -07:00
scambra
8f27881770 undo interpolation in js for 4.5 2012-09-28 19:53:18 +02:00
Christian Reiner
71454b1bca Fix to preserve backward compatibility for apps creating static links containing the request token (currently the contacts app and maybe some 3rd party implementations) 2012-09-28 18:57:20 +02:00
Björn Schießle
35357f3afb etag has to be removed after version rollback to enable the sync client to detect the changes (bug #1829) 2012-09-28 18:50:36 +02:00
Björn Schießle
f8f73e2675 move back to "lastmodified" property since "getlastmodified" is protected by webdav 2012-09-28 18:50:36 +02:00
Christian Reiner
cd399f9c77 Added name to AUTHORS file, since mentioned in file headers. 2012-09-28 16:38:25 +02:00
Christian Reiner
4dbd4c35c5 Merge branch 'master' of git://github.com/owncloud/core 2012-09-28 13:31:01 +02:00
Christian Reiner
743826bbf3 Reimplementation of CSRF protection including autorefresh 2012-09-28 13:30:44 +02:00
Jenkins for ownCloud
5144d26088 [tx-robot] updated from transifex 2012-09-28 02:06:03 +02:00
Robin Appelman
e8df2eeefc some more sane column sizes for appconfig and preferences 2012-09-27 22:49:01 +02:00
Lukas Reschke
232936b99a This .gitkeep is unneeded 2012-09-27 22:24:56 +02:00
Arthur Schiwon
3fa4b34a69 LDAP: comparison, not assignment. Thanks to Manuel Delgado 2012-09-27 19:52:52 +02:00
Björn Schießle
aa9ffd119a check if file really exist before add/remove it 2012-09-27 12:37:23 +02:00
Björn Schießle
a56f2ec183 only upload valid ssl root certificates 2012-09-27 11:21:29 +02:00
Frank Karlitschek
cf14ad2f7d RC 1 2012-09-27 04:10:19 +02:00
Jenkins for ownCloud
09aa95586a [tx-robot] updated from transifex 2012-09-27 02:03:09 +02:00
Björn Schießle
21c6cc45e6 take '\' on windows systems into account to prevent file deletion above upload direectory 2012-09-26 23:08:40 +02:00
Björn Schießle
9ab887fed5 fix security issue, don't allow to go back in the path 2012-09-26 21:35:14 +02:00
Björn Schießle
a7292e897a The mtime in the file cache has to be updated after version rollback (copy from outside of the regular files root) (fixes bug #1720) 2012-09-26 17:03:54 +02:00
Robin Appelman
cfbca40fbe fix sharing for newly uploaded or created files 2012-09-26 13:25:11 +02:00
Jenkins for ownCloud
2c00f8c850 [tx-robot] updated from transifex 2012-09-26 13:22:37 +02:00
Thomas Müller
b57cc67f60 Python language setting on gettext
gettext with language setting 'Python' gives better results than 'Perl'
2012-09-26 14:17:12 +03:00
Björn Schießle
50d7cfbbe7 prepare server for move of property name "lastmodified" to "getlastmodified" according to RFC4918.
Depreciated const can be removed after sync client update and release
2012-09-26 13:06:43 +02:00
Arthur Schiwon
0192d920f0 Sharing: write update errors to logfile; do not die on errors 2012-09-26 12:27:43 +02:00
Björn Schießle
fcd70246db Merge branch 'master' of github.com:owncloud/core 2012-09-26 10:50:06 +02:00
Björn Schießle
c3c6e52104 - take webdav namespace for properties into account
- change update routine to add the namesapce to all stored properties
2012-09-26 10:48:30 +02:00
Michael Gapczynski
b4e40b1c21 Fix unsetting share expiration date 2012-09-26 00:09:35 -04:00
Michael Gapczynski
00103d730f Show share expiration date set for shared item 2012-09-26 00:04:27 -04:00
Michael Gapczynski
f967bfc956 Properly format the share expiration time for the database, fixes bug oc-1779 2012-09-25 23:54:46 -04:00
Michael Gapczynski
2bdf89f4d4 Stop autocomplete selection event propogration so share dropdown doesn't disappear, fixes bug oc-1773 2012-09-25 23:18:36 -04:00
Jenkins for ownCloud
5855355faa [tx-robot] updated from transifex 2012-09-26 02:06:37 +02:00
Bart Visscher
737a6730db Add OC_Files::searchByMime function
Include shared files in result
2012-09-25 21:15:01 +02:00
Lukas Reschke
c4fc291fa7 Passwords containing a ":" don't work with this explode
Thanks to mETz
2012-09-25 19:57:40 +02:00
Arthur Schiwon
7b8c7aaf0d Add missing Sharing permission 2012-09-25 18:01:56 +02:00
Arthur Schiwon
80fde2d8d1 Sharing update: take over reshares and thus don't fail 2012-09-25 12:14:20 +02:00
Björn Schießle
25499644e3 Merge branch 'master' of github.com:owncloud/core 2012-09-25 12:02:02 +02:00
Björn Schießle
90a1bd5721 seperate the form to set up the mount points and the form to upload ssl certificates 2012-09-25 12:01:09 +02:00
Arthur Schiwon
15e02726d7 Fix files_sharing update script, by making filesystem and users available 2012-09-25 11:47:53 +02:00
Arthur Schiwon
a8ff1505d6 backwards compat to older xcache versions, don't fail when trying to clear cache by prefix 2012-09-25 11:47:53 +02:00