When "session_lifetime" can not be converted to a number the interval
becomes a NaN due to dividing it by 2. This NaN was "dragged" over all
the other mathematical operations and caused the heartbeat to be post
again and again due to an infinite loop with no pauses in "setInterval".
Now, the interval is set to the default value instead if the
"session_lifetime" can not be converted to a number.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
\\b matches any non-word character, including \@ and \-
In order to not detect urls in the middle of email-addresses,
we need to check for white space characters and beginning of the
message instead.
Signed-off-by: Joas Schilling <coding@schilljs.com>
The escaping of special characters was needed when the ids of the
permission checkboxes for shares were based on the "shareWith" field.
Since they are based on the "shareId" field the escaping is no longer
needed, as the "sharedId" is expected to always contain compatible
characters.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The ids of permission checkboxes for shares were generated using the
"shareWith" field of the share. The "shareWith" field can contain spaces
(as spaces are allowed, for example, in user or circle names), so this
could cause the id attribute of the HTML element to contain spaces too,
which is forbidden by the HTML specification.
It is not just a "formal" issue, though; when the list was rendered
after a permission change, if the id contained a space the selector to
get the checkbox element was wrong (as it ended being something like
"#canEdit-view1-name with spaces") and thus the updated state of the
checkbox was not properly set.
Besides that, "shareWith" can contain too single quotes, which would
even cause the jQuery selector to abort the search and leave the UI in
an invalid state.
Instead of adding more cases to the regular expression to escape special
characters and apply it too when the ids are created now the ids of
permission checkboxes for shares are based on the "shareId" field
instead of on "shareWith", as "shareId" is expected to always contain
compatible characters.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Before, the avatar for a circle share was generated using the
"share_with" field as the seed for "imageplaceholder". Due to this, when
the "share_with" field is set to the circle ID the character shown in
the avatar was just a random character instead of the first character of
the display name. Now the "share_with" is still used as the seed for the
colour, but the display name is used as the text of the avatar.
This adds support for "share_with" fields set to the circle ID while
being backwards compatible with "share_with" fields set to the circle
name.
Note that when "share_with" fields is set to the circle name the colour
of the avatar is different in the list of suggested sharees and in the
list of current sharees, but that also happened before these changes
(due to a different seed being used in each place).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixes#7106
- Echoing the current server time via a JS variable and storing the current time on page load in JS.
- Calculating the diff and taking it into account when deciding whether to show the password confirmation.
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
The avatar plugin should not change the display element, since the
avatar is always shown by default and the display value is up to the
developers
Signed-off-by: Julius Härtl <jus@bitgrid.net>
When finishing the setup of Nextcloud through the WebUI (setting admin
user and database) Firefox offers to save the username and password.
However, the password was shown in both the username and password fields
of the Firefox password manager dialog.
The problem was that the password input element (in the HTML form) is
cloned in a text input element, which is used to show the password in
plain text when clicking on the "Show password" button. As it was a text
input immediately followed by a password input Firefox seemed to assume
that it had to be the username and ignored the real username field, no
matter the value set for the "autocomplete" attribute. Now the cloned
text input is added after the password input, so Firefox no longer
thinks that the cloned text input is the username field and the password
manager dialog shows the proper username instead.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
With the new avatar endpoint there is no difference between unknown
users and errors when generating the placeholder avatar. Therefore the
avatar function will now show the old placeholder if both a user and
displayname was given as parameters.
In case there is no displayname provided we cannot build the proper
placeholder so the unknown user placeholder is shown.
The displayname is not required for the avatar anymore, so we can
get rid of the old code path for placeholders.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The js and php code differ ever so slightly. So having the placeholder
for a second and then the image is just weird.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#7574
During some refactoring the event linked to password reset got removed.
This ment that we just submitted a normal POST but without the CSRF
token. And none of the js magic to redirect afterwards.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When a Snap was disabled it stopped listening to the events, but if a
drag gesture was being performed it was kept as active. Thus, when the
Snap was enabled again move events were handled as if the Snap had never
been disabled, causing the gesture handling to continue where it was
left.
When the Snap for the navigation bar is disabled by an app it could be
as a result of a different gesture being recognized by the app (for
example, a vertical swipe) once both gestures have started. In that case
when the other gesture ends and the Snap is enabled again any pointer
movement will cause the navigation bar to slide until an "up" event is
triggered again (obviously not the desired behaviour).
Due to all this now when the Snap for the navigation bar is disabled by
an app the current drag gesture for the navigation bar is ended.
Note that this was added as a parameter to "Snap.disable()" instead of
done unconditionally to keep back-compatibility with the previous
behaviour (probably not really needed as it is unlikely that any app is
using the Snap library relying on that behaviour... but just in case).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
On narrow screens a slide gesture can be used to open or close the
navigation bar. However that gesture could conflict at times with the
gestures used by certain apps (for example, if the right sidebar is open
the user may expect to close it by dragging it to the right, but that
could open the navigation bar instead depending on how the events are
handled). This commit makes possible for apps to disallow and allow
again that slide gesture.
In any case, note that applications can only disallow the gesture,
but they can not enable it. That is, they can prevent the gesture from
being used on narrow screens, but they can not make the gesture work on
wide screens; they are always limited by the base rules set by the core.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The slide gesture is enabled or disabled depending on the width of the
browser window. In order to easily control that width the karma-viewport
plugin is now used in the unit tests.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>