* the placeholder is in IE 8 and 9 just set as text and
styled a bit grey. If the form is then serialized without
typing something in the placeholder is sent as value
* this fixes that behaviour for the password field and
properly detects empyt passwords
* fixes#14912
Doing this in the PHP code is not the right approach for multiple reasons:
1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.
This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
Fixes new avatar selection in master half, other half will work when https://github.com/owncloud/core/pull/14266 has get merged.
Shocking to see how much places in our code do it wrong 🔫
* reason: nice to know before password change in user management
* restore is possible:
* encryption is disabled
* encryption is enabled, admin and user has checked the
restore option
* if not possible:
* highlight users row in red once the admin wants to change the password
* show also a little tipsy
* causes the first load after the initial load to hide some users in the viewport
and showing them again, but with a scrolled up viewport
* causes higher load for nearly never visible effects
* fixes#12962
add logSettingsController
add download logfile button
move getEntries to LogSettingsController
move set log level to logsettingscontroller.php
add warning if logfile is bigger than 100MB
add unit test for set log level
fix typecasting, add new line at EoF
show log and logfile download only if log_type is set to owncloud
add unit test for getFilenameForDownload
* add disableEscape parameter to disable this functionality
* drop usage of escapeHTML() that is now done inside t()
* add unit test for escaped and not escaped placeholder
* proper JSDoc
* introduced new route settings/users/{id}/mailAddress
* kept old responses
* better error messages
* dropped lostpassword.php from settings/ajax
* cleaned up the UserList.add() and hand in user object instead of
each attribute as another parameter
* check for change permission of mail address
* proper response messages
* add switch to settings to show user backend
* user classes for headers and rows to unify the show/hide statement
* add user backend to response of user create request
* proper markup in settings area