wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/apps/files
History
Lukas Reschke 6eeb905871 Do only follow HTTP and HTTPS redirects 
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

Get final redirect manually using get_headers()

Migrate to HTTPHelper class and add unit tests
2014-09-22 20:02:32 +02:00
..
ajax Do only follow HTTP and HTTPS redirects 2014-09-22 20:02:32 +02:00
appinfo Match more URL fragments 2014-09-18 23:18:07 +02:00
command Use bigger transactions when doing explicit file system scans 2014-09-08 14:15:41 +02:00
controller Route for thumbnail generation 2014-09-16 15:00:58 +02:00
css Highlight every uploaded files and scroll down to the last one 2014-09-03 09:59:01 -04:00
js Merge pull request #10902 from owncloud/fix-ellepsis 2014-09-16 21:09:47 +02:00
l10n [tx-robot] updated from transifex 2014-09-20 01:54:34 -04:00
lib Merge pull request #7254 from owncloud/core-sortalgo 2014-09-16 17:29:03 +02:00
templates fix HTML structure by rmv. obsolete input end tag 2014-08-20 22:36:58 +02:00
tests Tentative fix for legacy file actions unit test side effect 2014-09-16 15:38:44 +02:00
admin.php drop allowZIPdownload and maxZIPSize as options 2014-06-02 16:29:03 +02:00
download.php Use secure mimetype for content delivery 2014-09-08 15:57:39 +02:00
index.php set "allow users to send mail notification for shared files default" setting to "no" now that we have the activity app 2014-06-03 11:29:28 +02:00
list.php drop allowZIPdownload and maxZIPSize as options 2014-06-02 16:29:03 +02:00
settings.php merge master into filesystem 2013-01-28 19:37:58 +01:00
triggerupdate.php $owner is not defined here 2014-05-11 15:34:54 +02:00