Florian Scholz
03aa86d8a6
- xframe restriction configurable now
2013-04-24 14:45:40 +02:00
Lukas Reschke
cfb10dc58c
Add warning about sanitization
2013-03-06 13:05:22 +01:00
Lukas Reschke
a97006144e
Only send the standard headers
...
Fixes https://github.com/owncloud/apps/issues/675
2013-03-04 20:35:58 +01:00
Lukas Reschke
dee16deacd
Merge master
2013-02-28 20:03:06 +01:00
Lukas Reschke
cef6131ea8
Sanitize HTML in html_select_options
2013-02-28 17:19:04 +01:00
Lukas Reschke
229c907a57
[core] From echo to p
2013-02-27 22:55:39 +01:00
Lukas Reschke
470fc3817f
Remove the template autoescaping
...
Ref #1963
2013-02-27 20:53:52 +01:00
Lukas Reschke
6735701c1e
Merge pull request #1837 from owncloud/fix-user-template
...
Remove unneeded code for user layout template
2013-02-25 13:41:32 -08:00
Bart Visscher
15f5325078
Don't use routes when displaying error page
2013-02-22 21:39:44 +01:00
Bart Visscher
bf0b9bac8b
Remove unneeded code for user layout template
2013-02-22 00:22:43 +01:00
Robin Appelman
b8e2454f68
Fix strict standard warning in user template
2013-02-15 16:10:06 +01:00
Bart Visscher
ffae6f4b84
Style-fix: Breakup long lines
2013-02-14 08:38:37 +01:00
Lukas Reschke
5fcb35efd6
Also allow local files
2013-02-04 18:43:26 +01:00
Lukas Reschke
bb90b0ee6e
Allow the loading of local font files embedded via data:
2013-02-04 18:38:16 +01:00
Lukas Reschke
8de0f96a24
Allow loading of external fonts
...
Required by several applications like our pdf viewer
2013-02-04 17:51:52 +01:00
Lukas Reschke
a65410f23c
Remove the CSP header for Firefox
...
https://bugzilla.mozilla.org/show_bug.cgi?id=737064 *gnarf*
2013-01-25 21:57:51 +01:00
Lukas Reschke
e5cc5a0a2d
Allow the loading of external images
2013-01-25 14:26:14 +01:00
Lukas Reschke
293e7bdcf0
Notice about changing the standard policy
2013-01-23 13:44:43 +01:00
Lukas Reschke
0517465f4d
Allow admins to change the CSP policy in the config file
2013-01-23 13:42:52 +01:00
Lukas Reschke
351d206dd3
Allow eval() and send headers for legacy browsers
...
The blocking of eval() seems to have problems with JQuery 1.7.2 - let's allow it for now and disable it in the future.
2013-01-22 08:09:01 +01:00
Lukas Reschke
3ffbaf4795
Allow iframes to external domains
2013-01-22 00:30:09 +01:00
Lukas Reschke
0c59074eeb
Correct copy paste fail
2013-01-21 20:46:42 +01:00
Lukas Reschke
af8c193605
Disallow inline JS
2013-01-20 23:30:16 +01:00
Lukas Reschke
967b7947a1
Add the default-src
2013-01-20 12:19:09 +01:00
Lukas Reschke
c82d6e5153
Add CSP header
2013-01-20 12:06:33 +01:00
Bart Visscher
a8f963d9cf
Spaces to tabs
2013-01-16 18:09:16 +01:00
Thomas Mueller
44e5c052b3
handling proper display of files/folders with negative size
...
refs #1162
2013-01-14 23:39:31 +01:00
Brice Maron
a310dcb0ff
Fix a dirty function preventing showing errors
2012-12-03 22:53:06 +00:00
Frank Karlitschek
0f61816278
A new function to create nice error page. And use it for fatal db errors
2012-11-24 18:07:26 +01:00
Alessandro Cosentino
7d01342bab
fix translation issues with previous commit
2012-11-13 19:32:26 -05:00
Alessandro Cosentino
aa917cfb18
uncomment hours entries in relative date functions
2012-11-13 19:18:26 -05:00
Felix Moeller
0e70ea9d8b
Checkstyle: Fix the last 25 NoSpaceAfterComma
2012-11-04 18:28:29 +01:00
Thomas Müller
8ac3849a95
Merge pull request #238 from fmms/checkstyle04
...
Checkstyle fixes
2012-11-04 08:59:45 -08:00
Lukas Reschke
8c4c74b23f
Merge pull request #178 from owncloud/JustOneCSRFTokenPerSession
...
Just one CSRF token per session
2012-11-04 05:54:02 -08:00
Felix Moeller
30d7993e01
Checkstyle fixes: NoSpaceAfterComma
2012-11-04 11:10:46 +01:00
Felix Moeller
f8d1d7787e
Checkstyle fixes for SpaceBeforeOpenBrace
2012-11-04 10:46:32 +01:00
Felix Moeller
afadf93d31
Checkstyle: many fixes
2012-11-02 19:53:02 +01:00
Lukas Reschke
7a7f12a0c1
Create only one CSRF token per session
...
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)
With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
2012-10-31 18:37:59 +01:00
Bernhard Posselt
bf3dac05d1
added functions for printing escaped and unescaped values
2012-10-28 13:28:22 +01:00
Felix Moeller
03581ef463
Correct a first issue Checkstyle is complaining about ...
...
This is BracketsNotRequired
2012-10-22 21:40:33 +02:00
Lukas Reschke
d525654fcd
Correct indentation
2012-10-10 19:01:32 +02:00
Björn Schießle
f493e97f5d
always generate access token, also for forms shown to anonymous users (e.g. public shares)
2012-10-05 10:32:38 +02:00
Christian Reiner
71454b1bca
Fix to preserve backward compatibility for apps creating static links containing the request token (currently the contacts app and maybe some 3rd party implementations)
2012-09-28 18:57:20 +02:00
Christian Reiner
743826bbf3
Reimplementation of CSRF protection including autorefresh
2012-09-28 13:30:44 +02:00
Robin Appelman
4131b205d4
fix some more phpdoc
2012-09-23 02:40:03 +02:00
scambra
e48811017d
fix translation for core/lostpassword
2012-09-21 11:54:47 +02:00
Thomas Mueller
3829460ab8
adding space between) and {
2012-09-07 15:22:01 +02:00
Bart Visscher
1a46192433
Add args parameter to linkTo(Absolute) function, to append the args automaticly
2012-09-03 21:51:32 +02:00
Thomas Mueller
58b1e841f1
fix translations within subfolder /lib
2012-08-30 23:51:44 +02:00
Bart Visscher
db18218a1b
Space before tab fixes
2012-08-29 20:34:44 +02:00