Commit graph

138 commits

Author SHA1 Message Date
icewind1991
3b576c5f77 Merge pull request #3111 from owncloud/csp-audio
Allow loading of external media ressources
2013-04-24 08:17:42 -07:00
Lukas Reschke
a34350c803 Merge pull request #3106 from IMM0rtalis/xframe_restriction_config
- xframe restriction configurable now
2013-04-24 08:02:12 -07:00
Lukas Reschke
4f96d7fb85 Allow loading of external media ressources 2013-04-24 16:45:51 +02:00
Florian Scholz
03aa86d8a6 - xframe restriction configurable now 2013-04-24 14:45:40 +02:00
Bernhard Posselt
b98b56e4a8 check if there is a default/ folder in the theme directory if no theme exists 2013-04-24 13:45:40 +02:00
Lukas Reschke
cfb10dc58c Add warning about sanitization 2013-03-06 13:05:22 +01:00
Lukas Reschke
a97006144e Only send the standard headers
Fixes https://github.com/owncloud/apps/issues/675
2013-03-04 20:35:58 +01:00
Lukas Reschke
dee16deacd Merge master 2013-02-28 20:03:06 +01:00
Lukas Reschke
cef6131ea8 Sanitize HTML in html_select_options 2013-02-28 17:19:04 +01:00
Lukas Reschke
229c907a57 [core] From echo to p 2013-02-27 22:55:39 +01:00
Lukas Reschke
470fc3817f Remove the template autoescaping
Ref #1963
2013-02-27 20:53:52 +01:00
Lukas Reschke
6735701c1e Merge pull request #1837 from owncloud/fix-user-template
Remove unneeded code for user layout template
2013-02-25 13:41:32 -08:00
Bart Visscher
15f5325078 Don't use routes when displaying error page 2013-02-22 21:39:44 +01:00
Bart Visscher
bf0b9bac8b Remove unneeded code for user layout template 2013-02-22 00:22:43 +01:00
Robin Appelman
b8e2454f68 Fix strict standard warning in user template 2013-02-15 16:10:06 +01:00
Bart Visscher
ffae6f4b84 Style-fix: Breakup long lines 2013-02-14 08:38:37 +01:00
Lukas Reschke
5fcb35efd6 Also allow local files 2013-02-04 18:43:26 +01:00
Lukas Reschke
bb90b0ee6e Allow the loading of local font files embedded via data: 2013-02-04 18:38:16 +01:00
Lukas Reschke
8de0f96a24 Allow loading of external fonts
Required by several applications like our pdf viewer
2013-02-04 17:51:52 +01:00
Lukas Reschke
a65410f23c Remove the CSP header for Firefox
https://bugzilla.mozilla.org/show_bug.cgi?id=737064 *gnarf*
2013-01-25 21:57:51 +01:00
Lukas Reschke
e5cc5a0a2d Allow the loading of external images 2013-01-25 14:26:14 +01:00
Lukas Reschke
293e7bdcf0 Notice about changing the standard policy 2013-01-23 13:44:43 +01:00
Lukas Reschke
0517465f4d Allow admins to change the CSP policy in the config file 2013-01-23 13:42:52 +01:00
Lukas Reschke
351d206dd3 Allow eval() and send headers for legacy browsers
The blocking of eval() seems to have problems with JQuery 1.7.2 - let's allow it for now and disable it in the future.
2013-01-22 08:09:01 +01:00
Lukas Reschke
3ffbaf4795 Allow iframes to external domains 2013-01-22 00:30:09 +01:00
Lukas Reschke
0c59074eeb Correct copy paste fail 2013-01-21 20:46:42 +01:00
Lukas Reschke
af8c193605 Disallow inline JS 2013-01-20 23:30:16 +01:00
Lukas Reschke
967b7947a1 Add the default-src 2013-01-20 12:19:09 +01:00
Lukas Reschke
c82d6e5153 Add CSP header 2013-01-20 12:06:33 +01:00
Bart Visscher
a8f963d9cf Spaces to tabs 2013-01-16 18:09:16 +01:00
Thomas Mueller
44e5c052b3 handling proper display of files/folders with negative size
refs #1162
2013-01-14 23:39:31 +01:00
Brice Maron
a310dcb0ff Fix a dirty function preventing showing errors 2012-12-03 22:53:06 +00:00
Frank Karlitschek
0f61816278 A new function to create nice error page. And use it for fatal db errors 2012-11-24 18:07:26 +01:00
Alessandro Cosentino
7d01342bab fix translation issues with previous commit 2012-11-13 19:32:26 -05:00
Alessandro Cosentino
aa917cfb18 uncomment hours entries in relative date functions 2012-11-13 19:18:26 -05:00
Felix Moeller
0e70ea9d8b Checkstyle: Fix the last 25 NoSpaceAfterComma 2012-11-04 18:28:29 +01:00
Thomas Müller
8ac3849a95 Merge pull request #238 from fmms/checkstyle04
Checkstyle fixes
2012-11-04 08:59:45 -08:00
Lukas Reschke
8c4c74b23f Merge pull request #178 from owncloud/JustOneCSRFTokenPerSession
Just one CSRF token per session
2012-11-04 05:54:02 -08:00
Felix Moeller
30d7993e01 Checkstyle fixes: NoSpaceAfterComma 2012-11-04 11:10:46 +01:00
Felix Moeller
f8d1d7787e Checkstyle fixes for SpaceBeforeOpenBrace 2012-11-04 10:46:32 +01:00
Felix Moeller
afadf93d31 Checkstyle: many fixes 2012-11-02 19:53:02 +01:00
Lukas Reschke
7a7f12a0c1 Create only one CSRF token per session
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)

With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
2012-10-31 18:37:59 +01:00
Bernhard Posselt
bf3dac05d1 added functions for printing escaped and unescaped values 2012-10-28 13:28:22 +01:00
Felix Moeller
03581ef463 Correct a first issue Checkstyle is complaining about ...
This is BracketsNotRequired
2012-10-22 21:40:33 +02:00
Lukas Reschke
d525654fcd Correct indentation 2012-10-10 19:01:32 +02:00
Björn Schießle
f493e97f5d always generate access token, also for forms shown to anonymous users (e.g. public shares) 2012-10-05 10:32:38 +02:00
Christian Reiner
71454b1bca Fix to preserve backward compatibility for apps creating static links containing the request token (currently the contacts app and maybe some 3rd party implementations) 2012-09-28 18:57:20 +02:00
Christian Reiner
743826bbf3 Reimplementation of CSRF protection including autorefresh 2012-09-28 13:30:44 +02:00
Robin Appelman
4131b205d4 fix some more phpdoc 2012-09-23 02:40:03 +02:00
scambra
e48811017d fix translation for core/lostpassword 2012-09-21 11:54:47 +02:00