mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4,698 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

4698 Commits

Author SHA1 Message Date
jfd 0c0ae928dc escape all identifiers with backticks 2012-08-24 15:08:57 +02:00
Lukas Reschke 63d6884e23 Sanitizing the user input to prevent a reflected XSS. Thanks to Nico Golde (ngolde.de) 2012-08-24 15:00:53 +02:00
Arthur Schiwon eadb894eff Fix deletion for browser that do not support onBeforeUnload, fixes oc-1534 2012-08-24 15:00:53 +02:00
Lukas Reschke 9188d2a844 Add a missing exit(); 2012-08-24 15:00:53 +02:00
Lukas Reschke 4e5291c77a Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde. 2012-08-24 15:00:53 +02:00
Georg Ehrke 4d3c45a826 backport 1bccc80996 2012-08-24 15:00:53 +02:00
Frank Karlitschek f86f4c8bfd 4.0.7 
and remove some ^M while at it
 2012-08-24 15:00:53 +02:00
Lukas Reschke 1d530192b9 Disable user enumeration 2012-08-24 15:00:53 +02:00
Michael Gapczynski 12df81fe0b Check blacklist when renaming files 2012-08-24 15:00:52 +02:00
Lukas Reschke 5cb2d58c9f Also check some other files 2012-08-24 15:00:52 +02:00
Lukas Reschke 9917c611d3 Disable listing of all users 2012-08-24 15:00:52 +02:00
Jakob Sack 1dfa6f3d8f Fix OC_Connector_Sabre_Locks for SQLite 2012-08-24 15:00:52 +02:00
Lukas Reschke 78e8cbd52c Check if webfinger is enabled 2012-08-24 14:58:48 +02:00
Michael Gapczynski ffb55d5a17 Don't return file handle if the mode supports writing and the file is not writable 
Conflicts:
	apps/files_sharing/sharedstorage.php
 2012-08-24 14:58:48 +02:00
Lukas Reschke 360c22fd28 Validate cookie to prevent auth bypasses. 2012-08-24 14:58:48 +02:00
Lukas Reschke 76e0ca785b Added XSRF check 2012-08-24 14:58:48 +02:00
Lukas Reschke 3644517b01 Missed an "echo" 2012-08-24 14:58:47 +02:00
Lukas Reschke 4f7e4c20d2 Sanitize user input 2012-08-24 14:58:47 +02:00
Thomas Tanghus cb736b42e3 Fix for broken Mail App in OSX Mountain Lion. https://mail.kde.org/pipermail/owncloud/2012-August/004649.html 2012-08-24 14:58:47 +02:00
Bjoern Schiessle 0ac8434670 fix for bug 879 - add parent directory to file cache if it does not exist yet. 
For example this can happen if the sync client is used before the user created the root directory (e.g. through web login).
 2012-08-24 14:58:47 +02:00
Georg Ehrke 2832311640 fix label for versioning in admin settings 2012-08-24 14:54:17 +02:00
Bart Visscher 5e9f92e5dd Calendar: remove double html encoding 2012-08-24 14:54:17 +02:00
Bart Visscher 646bc1fc24 Contacts: Fix no active Addressbooks 2012-08-24 14:54:16 +02:00
Arthur Schiwon 2af7473651 LDAP: sanitize base, user and group trees. fixes oc-1302 2012-08-24 14:54:16 +02:00
Arthur Schiwon a3b4cb205c Show Login-Button when user+pw are autocompleted, fixes oc-1068 2012-08-24 14:54:16 +02:00
Jörn Friedrich Dreyer 14c5d08a3f reorder code for readability 2012-08-01 22:38:27 +02:00
Jörn Friedrich Dreyer 417bebd9b7 dix php strict warnings in mdb2 oci8 2012-08-01 22:37:57 +02:00
Jörn Friedrich Dreyer c7be0db853 use dbname for non privileged user 2012-08-01 15:00:54 +02:00
Jörn Friedrich Dreyer ab976863ae fix sql 2012-08-01 15:00:07 +02:00
Jörn Friedrich Dreyer e13f381189 add limit support to OC_DB & OCP/DB 2012-08-01 14:59:08 +02:00
Jörn Friedrich Dreyer 795e78809f add oracle to install & setup 2012-07-31 19:34:30 +02:00
jfd 3aff7a298c use CURRENT_TIMESTAMP in default column definitions (sqlite, mysql, postgres and oracle DO understand it), change clob columns to text (clob will give sorting and uniqueness problems and in general is not what we want) 2012-07-31 19:00:54 +02:00
jfd 727f4357fb remove superflous index (already indexed with primary key derived from <autoincrement> by MDB2), oracle will bark on this 2012-07-31 18:54:24 +02:00
jfd ede464f058 escape all identifiers with backticks 2012-07-31 18:53:05 +02:00
Jörn Friedrich Dreyer 3c5670b662 comment extra timestamp quotation for oci8. Oracle can handle CURRENT_TIMESTAMP pretty well 2012-07-31 17:49:49 +02:00
Jörn Friedrich Dreyer c03daca712 add oci8 to MDB2 2012-07-31 17:42:36 +02:00
Frank Karlitschek aa60771736 4.0.6 2012-07-31 10:13:10 +02:00
Arthur Schiwon b523366acd LDAP: don't die on unexpected collisions, handle empty display-name attributes properly 2012-07-30 17:30:11 +02:00
Michael Gapczynski b9bd54bd98 Add additional error handling for emailing private links 2012-07-30 10:07:20 -04:00
Michael Gapczynski dab708b625 Correction for 'Fix group detection for sharing in case username contains '@', fix for oc-1270' 2012-07-30 10:07:20 -04:00
Michael Gapczynski 519eb39422 Remove delete tipsy if file is deleted, fixes bug oc-958 2012-07-30 10:07:19 -04:00
Michael Gapczynski 3e183b2eea Set filter to empty if not set by Ampache client 
Conflicts:
	apps/media/lib_ampache.php
 2012-07-30 10:07:19 -04:00
Michael Gapczynski d07b8448d1 Set the user id when authenticating user for Ampache, fixes bug oc-219 2012-07-30 10:07:19 -04:00
Michael Gapczynski 7d17c59a51 Fix group detection for sharing in case username contains '@', fix for oc-1270 2012-07-30 10:07:19 -04:00
Michael Gapczynski f378415377 Only call mkdir() if the root folder does not exist for FTP external storage 2012-07-30 10:07:19 -04:00
Michael Gapczynski 6b83470c96 Fix incorrect copy/paste for file_put_contents() 2012-07-30 10:07:19 -04:00
Michael Gapczynski 93c75f46e5 Forgot data parameter for file_put_contents() streams pre proxies 2012-07-30 10:07:19 -04:00
Michael Gapczynski ea18d70c60 Run pre and post proxies for file_put_contents() streams 
Conflicts:
	lib/filesystemview.php
 2012-07-30 10:07:19 -04:00
Michael Gapczynski 41a74e3dd2 Check if size isset, try to fix used space calculation again, fixs bug oc-1331 
Conflicts:
	settings/personal.php
 2012-07-30 10:07:19 -04:00
Michael Gapczynski 164fc1c981 Fix used space calculation if shared folder does not exist, fixes bug oc-1331 
Conflicts:
	settings/personal.php
 2012-07-30 10:07:19 -04:00