wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/lib/private
History
Lukas Reschke f3e9106864 Don't trust update server 
In case the update server may deliver malicious content this would allow an adversary to inject arbitrary HTML into the response. So very bad stuff.

While signing the response would be better and something we can also do in the future (considering the code signing work), this is already a good first start.
2015-11-28 12:21:53 +01:00
..
activity update licence headers via script 2015-10-05 21:15:52 +02:00
app Always installed apps includes the hardcoded ones from shipped.json 2015-11-19 09:11:14 +01:00
appframework Merge pull request #20782 from mitar/better-https 2015-11-27 14:24:23 +01:00
archive Fix #19181: Support .bz2 app archives 2015-10-20 21:56:24 +02:00
backgroundjob deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
cache Allow storage wrappers to through a forbidden exception with retry information 2015-11-17 10:39:52 +01:00
command
console Update license headers 2015-10-26 14:04:01 +01:00
contacts
db Merge pull request #20393 from owncloud/querybuilder-select-with-alias 2015-11-26 16:19:20 +01:00
diagnostics
encryption cache result from parent folders 2015-11-04 09:27:29 +01:00
files also log exception 2015-11-27 14:28:15 +01:00
group Adjust PHPDoc as suggested 2015-11-20 14:38:29 +01:00
hooks update license headers and authors 2015-06-25 14:13:49 +02:00
http/client update licence headers via script 2015-10-05 21:15:52 +02:00
l10n update licence headers via script 2015-10-05 21:15:52 +02:00
legacy Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
lock Update license headers 2015-10-26 14:04:01 +01:00
log fixes #20538 2015-11-16 16:29:21 +01:00
mail Setup sendmail transport 2015-10-08 16:48:18 +02:00
memcache Handle errors on memcached level - fixes #17397 2015-11-10 15:58:17 +01:00
notification Make sure that object id can be a string 2015-11-23 14:18:15 +01:00
ocs Add a new core capability which tells the clients which url to use 2015-11-03 14:27:36 +01:00
preview deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
route deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
search
security Use native CSPRNG if available 2015-11-09 15:04:22 +01:00
session Delete cookie instead of emptying value 2015-10-19 19:54:12 +02:00
setup Update license headers 2015-10-26 14:04:01 +01:00
share use hooks to auto add server to the list of trusted servers once a federated share was created 2015-11-24 11:34:38 +01:00
share20 [Sharing 2.0] Fix phpdoc etc 2015-11-24 10:26:36 +01:00
tagging
template Untangle the linkToDocs method in OC_Helper 2015-11-26 13:58:43 +01:00
user Introduce \OCP\IUser::getEMailAddress() 2015-11-25 22:23:34 +01:00
activitymanager.php update licence headers via script 2015-10-05 21:15:52 +02:00
allconfig.php Move the filtering of sensitive data to the config class 2015-09-25 11:08:33 +02:00
api.php Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
app.php Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
appconfig.php update licence headers via script 2015-10-05 21:15:52 +02:00
apphelper.php update license headers and authors 2015-06-25 14:13:49 +02:00
archive.php Use actual mimetype detection instead of extension 2015-10-31 00:55:37 +01:00
avatar.php Update license headers 2015-10-26 14:04:01 +01:00
avatarmanager.php Update license headers 2015-10-26 14:04:01 +01:00
capabilitiesmanager.php Update license headers 2015-10-26 14:04:01 +01:00
config.php Untangle the linkToDocs method in OC_Helper 2015-11-26 13:58:43 +01:00
contactsmanager.php
databaseexception.php
databasesetupexception.php
datetimeformatter.php
datetimezone.php
db.php Remove remainings of mssql 2015-07-29 18:19:31 +02:00
defaults.php Revert "make knowledge base url configurable" 2015-08-11 14:20:25 +02:00
eventsource.php update licence headers via script 2015-10-05 21:15:52 +02:00
filechunking.php work directly on storages when doing a chunked upload assembly 2015-09-14 20:35:33 +02:00
files.php Allow storage wrappers to through a forbidden exception with retry information 2015-11-17 10:39:52 +01:00
forbiddenexception.php
group.php Adjust PHPDoc as suggested 2015-11-20 14:38:29 +01:00
helper.php Untangle the linkToDocs method in OC_Helper 2015-11-26 13:58:43 +01:00
hintexception.php
hook.php Update license headers 2015-10-26 14:04:01 +01:00
httphelper.php
image.php Update license headers 2015-10-26 14:04:01 +01:00
installer.php Remove last occurences of OC_Helper::getMimeType() 2015-11-26 10:18:32 +01:00
json.php Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
l10n.php Add warning for broken l10n json files 2015-10-30 09:10:16 +01:00
largefilehelper.php
log.php update licence headers via script 2015-10-05 21:15:52 +02:00
naturalsort.php update licence headers via script 2015-10-05 21:15:52 +02:00
naturalsort_defaultcollator.php
navigationmanager.php
needsupdateexception.php
notsquareexception.php
ocs.php update licence headers via script 2015-10-05 21:15:52 +02:00
ocsclient.php Disable app store for EE by default 2015-10-08 14:52:52 +02:00
preview.php Add tests 2015-10-01 13:17:22 +02:00
previewmanager.php update license headers and authors 2015-06-25 14:13:49 +02:00
repair.php Add a repair step that checks for group membership on shares 2015-10-29 09:26:26 +01:00
repairexception.php
repairstep.php update license headers and authors 2015-06-25 14:13:49 +02:00
response.php Use getHttpProtocol instead of $_SERVER 2015-10-30 18:05:30 +01:00
search.php
server.php Update license headers 2015-10-26 14:04:01 +01:00
servernotavailableexception.php update license headers and authors 2015-06-25 14:13:49 +02:00
serviceunavailableexception.php
setup.php Check for PDO instead of removed function for PHP 7 compatibility 2015-07-30 12:32:22 +02:00
streamer.php Update license headers 2015-10-26 14:04:01 +01:00
subadmin.php subadmin methods should not return any null user or group 2015-11-05 11:50:57 +01:00
systemconfig.php Deduplicate constant 2015-09-25 13:17:23 +02:00
tagmanager.php
tags.php
template.php Now using IE8 workaround of davclient.js for all IE versions 2015-11-22 16:05:52 +01:00
templatelayout.php Don't trust update server 2015-11-28 12:21:53 +01:00
tempmanager.php deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
updater.php Update license headers 2015-10-26 14:04:01 +01:00
urlgenerator.php
user.php Update license headers 2015-10-26 14:04:01 +01:00
util.php Untangle the linkToDocs method in OC_Helper 2015-11-26 13:58:43 +01:00