Commit Graph

696 Commits

Author SHA1 Message Date
Lukas Reschke 436c149fbb Prevent referer from being sent
Nice hardening for enhanced privacy. Especially useful when using embedded viewers such as files_pdfviewer.
2015-09-09 18:07:43 +02:00
Jan-Christoph Borchardt acc9fa49fc use SVG for toggle image instead of PNG, fix installation and personal settings toggle 2015-09-03 11:49:28 +02:00
Christoph Wurst ba9457264f add title attribute for the login button 2015-09-02 12:32:16 +02:00
Jan-Christoph Borchardt cea3247d49 show feedback spinner for log in process 2015-08-27 21:08:46 +02:00
Jan-Christoph Borchardt 2a935f1b47 move log in button into fields and use icon instead of text 2015-08-27 20:52:47 +02:00
Morris Jobke 40b1054530 Merge pull request #18254 from owncloud/mitigate-breach
Add mitigation against BREACH
2015-08-24 09:14:27 +02:00
Jan-Christoph Borchardt f21cf516da fix wording of update header 2015-08-20 12:59:13 +02:00
Morris Jobke 06d8edd963 Merge pull request #17434 from owncloud/update-showappnameonappupdate
Display app names in update page for app updates
2015-08-20 11:50:01 +02:00
Vincent Petry a2674b2b30 Additions to update page
Apps to update and to disable will always be shown.
Main title changes only when apps need updated, not core.
Added bullet style.
Exclude incompatible apps from updated apps list.
2015-08-20 11:14:30 +02:00
Vincent Petry b919ae96f0 Display app names in update page for app updates
Whenever the update page is displayed for apps, show app names instead
of the core update text.
2015-08-19 18:03:35 +02:00
Lukas Reschke df2ce8a075 Remove search box $_POST since it is unused 2015-08-14 01:31:32 +02:00
Jan-Christoph Borchardt e16cf0c45f more understandable 'Wrong password' feedback 2015-08-12 18:43:09 +02:00
Thomas Müller aff11d7a79 Merge pull request #17966 from owncloud/remove-mssql
Remove remainings of mssql
2015-07-29 22:59:31 +02:00
Thomas Müller 5ed38a75d6 Remove remainings of mssql 2015-07-29 18:19:31 +02:00
Jan-Christoph Borchardt 0b27bcba76 add theme-color for better Android browser integration 2015-07-29 18:16:01 +02:00
Brewal eac117fc8f Changed a p element by a div
A p element cannot contain a div element (here `<div style="clear: both;"></div>`). It should be change by a div element to fits standards.
2015-06-08 15:22:52 +02:00
Jan-Christoph Borchardt 78a0464354 replace logo-wide on share page as well with better icon + text 2015-05-22 00:04:47 +02:00
Morris Jobke 176b9674d2 Add hint about additional PHP database modules
* fixes #16391
2015-05-18 22:59:35 +02:00
Morris Jobke cd516eedcd Use OC.Notification for update notifications
* instead of a static rendering inside PHP use the
  JS OC.Notification.showTemporary to hide the
  notification after 7 seconds automatically
* fixes #14811
2015-05-03 17:26:03 +02:00
Jörn Friedrich Dreyer 8964c5068c do not disclose information, show generic error on login page
Conflicts:
	core/templates/login.php
	lib/base.php
2015-04-10 09:12:37 +02:00
Jan-Christoph Borchardt dd7e519cda add link to installation documentation to setup page 2015-04-09 11:39:46 +02:00
Lukas Reschke 0816cf9142 Add experimental applications switch
Allows administrators to disable or enabled experimental applications as well as show the trust level.
2015-04-03 13:21:24 +02:00
Volker E f4502b4670 fixing #15344 - `title` has no added value here (not on screen readers not for robots) 2015-04-01 21:10:48 +02:00
Morris Jobke 1a06f8df57 add title to entries in app menu 2015-04-01 09:10:19 +02:00
Jan-Christoph Borchardt cd88ddddaf fix accessibility of ownCloud logo and navigation entries, fix #15013g 2015-03-26 10:31:00 +01:00
Morris Jobke e07a2fd8a2 Merge pull request #15012 from Volker-E/master
fixing #15011 by adding ARIA roles where distinct
2015-03-24 12:07:26 +01:00
Volker E 599ee5ce4e fixing #15023, getting comments out of HTML output 2015-03-21 07:10:46 +01:00
Robin Appelman 2df20aaffb show exception type in debug mode 2015-03-20 03:51:21 +01:00
Volker E 0e4d52f9d2 fixing #15027, cleaning up obsolete IE5-7 workaround code 2015-03-19 09:10:58 +01:00
Volker E 0d0c73cf2b fixing #15011 by adding ARIA roles where distinct 2015-03-18 19:29:15 +01:00
Volker E 790324b313 addressing #14984 removing redundant type attributes 2015-03-18 05:33:17 +01:00
Volker E 4c46d0c46c addressing #14983 obsolete Google Chrome Frame 2015-03-18 02:11:47 +01:00
Volker E 6ad76b5cc2 addressing #14982 self-closing tags ending slash doesn't have a purpose & should be removed 2015-03-17 23:57:23 +01:00
Volker E 25b77159c4 adressing #14979 meta charset declaration should be first in head 2015-03-17 23:36:05 +01:00
Volker E e8c99a60ec addressing #14978 - remove html root classes targeting IE6/IE7 2015-03-17 23:16:42 +01:00
Volker E f3cd552797 addressing #14978 - remove html root classes targeting IE6/IE7 2015-03-17 22:35:20 +01:00
Roeland Jago Douma 1a0f9c375b Avatar controller moved to AppFrameWork
* Original avatarcontroller migrated to the appframework
* Added DataDisplayResponse that show data inline in the browser (used
  to retrun the image)
* Removed some unneeded code
* Added unit tests for the avatarcontroller
2015-03-11 16:37:42 +01:00
Joas Schilling 0f09989824 Maintenance mode message might be misleading 2015-03-02 09:51:25 +01:00
Lukas Reschke 8818165e07 Fix avatars in master 2015-02-27 12:03:58 +01:00
Jan-Christoph Borchardt 83bc951630 Merge pull request #12213 from sebomoto/add-loadfeedback
Add loadfeedback
2015-02-18 19:42:18 +01:00
Lukas Reschke 20d57c8bfe Remove Null Byte Check
This is not relevant anymore since we require PHP 5.4
2015-02-17 14:19:20 +01:00
Lukas Reschke c6705ab574 Merge pull request #13890 from owncloud/add-no-referrer
Add `rel="noreferrer"` where possible and switch to HTTPS
2015-02-16 14:36:44 +01:00
Lode Hoste 27b35500a7 Disable application-specific favicons for non-user pages 2015-02-11 20:09:03 +01:00
Joas Schilling 4172ba48d4 Deduplicate template code and do not translate the links 2015-02-09 16:01:52 +01:00
Morris Jobke b05e4e085c Merge pull request #13435 from Zillode/app-favicon
Allow application-specific favicons
2015-02-07 13:29:18 +01:00
cmeh 6abb28e2a6 Update installation.php
In line 161, "SQLite" has now the same capitalisation as in line 159.
2015-02-06 11:19:56 +01:00
Thomas Müller d748368ecb Don't highly discourage 2015-02-05 17:21:10 +01:00
Sebastian Bolt 7ffd2557ff changed image to classed div for spinner animation 2015-02-04 22:27:38 +01:00
Thomas Müller f86c73c9f6 enhance sqlite warning on admin page as well as during setup - fixes #13906 2015-02-04 20:55:54 +01:00
Lukas Reschke b432ea29c9 Add `rel="noreferrer"` where possible and switch to HTTPS
Just to follow good practise and prevent some automated scanners to complain about "Cross-domain Referer leakage".
2015-02-04 16:25:37 +01:00
Morris Jobke 5b4fd12b5b add CSS to exception page - fixes #13747 2015-01-29 20:18:08 +01:00
Morris Jobke 254a1fa12a Merge pull request #13314 from owncloud/login-hook-logout
Return false if the login is canceled in a hook
2015-01-22 23:34:19 +01:00
Robin Appelman 8a9acc5083 Allow custom error messages for the login page 2015-01-22 14:13:02 +01:00
Lode Hoste 96f81961ed Allow application-specific favicons 2015-01-18 00:19:33 +01:00
Vincent Petry 99304be4ef Read version and product name from update template
During upgrade, the config settings aren't always available due to
base.php changes. This fix makes the update info page read the product
name and version from the update template, which already had them.
2015-01-14 11:31:42 +01:00
Jan-Christoph Borchardt 6933ffbf83 remove skip to content for now, see #12999 2014-12-22 16:02:45 +01:00
Jan-Christoph Borchardt f512dbb98a change Documents default typeface from serif to sans-serif 2014-12-19 18:16:46 +01:00
Jan-Christoph Borchardt a2c2775df2 introduce first 'Skip to content' button 2014-12-19 00:35:24 +01:00
Morris Jobke 3036a8714d Merge pull request #12941 from owncloud/wave-accessibility-compliance
Wave accessibility compliance
2014-12-19 00:30:56 +01:00
Jörn Friedrich Dreyer 891474b0d6 Merge pull request #12759 from owncloud/core-reduce-js-and-css
make sure styles and scripts are only loaded once
2014-12-18 23:18:37 +01:00
Jan-Christoph Borchardt 2e6235456a fix searchbox label 2014-12-18 13:39:56 +01:00
Jan-Christoph Borchardt ea548cdaaa fix accessibility of logos 2014-12-18 10:51:41 +01:00
Jan-Christoph Borchardt 0c764bc39f add label for search field for screen readers 2014-12-17 14:49:13 +01:00
Jan-Christoph Borchardt 4eecb98b38 add empty alt text for user image 2014-12-17 11:52:45 +01:00
Thomas Müller 51a22431ee load showpassord.js conditionally in the template only if needed 2014-12-16 18:45:37 +01:00
Thomas Müller 3cc33a98a8 use script instead of \OCP\Util methods 2014-12-16 18:45:13 +01:00
Lukas Reschke be19e78e69 Add requesttoken to base template
Potentially fixes https://github.com/owncloud/core/issues/12580
2014-12-05 22:23:55 +01:00
Morris Jobke 48f00df08e move jstz to bower management 2014-12-01 10:40:31 +01:00
Jan-Christoph Borchardt 45a877c3a7 use proper tabindex order: 1. app menu, 2. search, 3. user menu 2014-11-08 01:47:46 +01:00
Jan-Christoph Borchardt 45c6ec8582 introduce h1, use either ownCloud name or current app name 2014-11-06 13:26:38 +01:00
Jan-Christoph Borchardt 764f51c976 add missing alt attribute to spinner 2014-11-06 12:09:48 +01:00
Lukas Reschke be5ae6c44f Support HTML in logo claim 2014-11-03 21:14:27 +01:00
Lukas Reschke 510d0b2cf3 Fix the "addHeader($tag, $attributes, $text)" methods to not ignore the $text parameter
Also support closing tags with no text content given

Conflicts:
	lib/private/template.php
2014-10-28 11:15:58 +01:00
Vincent Petry aee1edf6b5 Merge pull request #11708 from owncloud/fix-momentjs
Setting moment locale based on user selection
2014-10-27 10:30:47 +01:00
Morris Jobke a10b25587f add avatardiv-shown class to bring back mobile style 2014-10-23 23:51:05 +02:00
kondou 729dffed5e Load avatar in header via PHP
* fix #7484
* use UID, css, and div instead of span
2014-10-23 23:17:18 +02:00
Clark Tomlinson ca5abe5744 Setting moment locale based on user selection 2014-10-23 10:32:47 -04:00
Lukas Reschke c0ddf06dfe Merge pull request #11666 from owncloud/setup-hidesqlitemessageforautoconfig
Hide SQLite information on setup when autoconfig is used
2014-10-20 19:50:20 +02:00
Vincent Petry f52ed231b3 Hide SQLite information on setup when autoconfig is used 2014-10-20 16:20:24 +02:00
Lukas Reschke 852c7ef9da Use l10n on this string as well 2014-10-16 22:04:24 +02:00
Thomas Müller b091394a90 introduce new app page layout
filter installed and not-installed apps properly

kill unneeded file

load category 'Installed' on page load

adding documentation links

new apps mgmt: first style adjustment

apps mgmt: only show license and preview if they exist

adding buttons

new apps mgmt: fix for mobile

use app icon if available

new apps mgmt: position enable/disable toggle to the right

new apps mgmt: proper display of icons or previews

new apps mgmt: fix loading spinner

reenable group selection for apps

new apps mgmt: position enable button normally again

new apps mgmt: clarify wording from 'Installed' to 'Enabled'

reintroduce enable/disable

Move rating image path generation to client-side

Move expression outside of l10n

fix group handling

add buttons for 'More apps' and 'Add your app' again

disable changed date of app for now

adding recommended label

style 'Recommended' app tag

fixing php warning

sort by rating

adding meta-category 'Recommended'

 Only show existing documentation links

lacy loading of screenshots

making group based app activation work again

adding support to get the app icon not only by the app name but also simply by the fixed name 'app.svg'

adding app.svg for all core apps

query string '?installed' is not longer needed

update and uninstall is back + error feedback

remove unneeded parameter

fix alignment of 'recommended' label
2014-10-15 15:21:40 +02:00
Jan-Christoph Borchardt 185f442df8 for whitelabeled edition, show branding name (e.g. 'ownCloud') instead of appname in header bar 2014-09-26 15:38:35 +02:00
Lukas Reschke 75e45ac786 Merge pull request #11019 from owncloud/do-not-show-exception-to-enduser
Do not show exception to the end-user - use a proper error page instead
2014-09-23 18:36:40 +02:00
Thomas Müller bb18fe1384 send browsers timezone back tp the server on login 2014-09-22 14:01:45 +02:00
Lukas Reschke 8fc1a9f5a9 Make 404 page easier to understand
Fixes https://github.com/owncloud/core/issues/11133
2014-09-17 22:57:32 +02:00
Jan-Christoph Borchardt d66a8daf7f replace horizontal rules with whitespace 2014-09-17 13:17:53 +02:00
Lukas Reschke 6d3757f864 Do not show exception to the end-user
Log the error instead of potentially leaking sensitive information
2014-09-17 13:17:52 +02:00
Thomas Müller 1978d3d6a2 Merge pull request #11055 from owncloud/replaceprodname
replace ownCloud with placeholder
2014-09-16 14:49:50 +02:00
Morris Jobke 06eb3b62c6 Merge pull request #10109 from owncloud/issue_#9793_guestlayout
Step one, open guest layout for different styles.
2014-09-15 15:15:41 +02:00
Volkan Gezer c04346918b replace ownCloud with placeholder 2014-09-13 01:48:18 +02:00
Thomas Müller 9737ba74ce Merge pull request #11007 from owncloud/replaces-10850
Add X-UA-Compatible to all templates
2014-09-11 12:34:44 +02:00
Lukas Reschke 7d2c521b46 Step one, open guest layout for different styles.
Conflicts:
	core/templates/layout.guest.php

Step one, open guest layout for different styles.
2014-09-11 11:41:02 +02:00
Lukas Reschke bce5c2dae9 Add X-UA-Compatible to all templates
Replaces https://github.com/owncloud/core/pull/10850
2014-09-11 10:28:52 +02:00
kondou 69f2c0544e Refresh if maintenance mode is over
Using status.php for this.
I modified status.php to also show, whether we're in maintenance.

Checks every 20 seconds if maintenance is over, if yes: reload.
2014-09-09 17:26:11 +02:00
VicDeo efd485acda Merge pull request #10858 from owncloud/issue/10847
Use correct language package so the subject is correctly translated
2014-09-09 01:11:34 +03:00
Jan-Christoph Borchardt 71e10b66d9 Merge pull request #10944 from owncloud/fix-nojavascript-style
fix no-JS message, and add it to log in and shared as well cause they don’t work without JS
2014-09-08 21:58:54 +02:00
Jan-Christoph Borchardt bd56619e7a also add no-JavaScript notice to log in and sharing pages because they do not work without JS either 2014-09-08 18:07:20 +02:00
Jan-Christoph Borchardt 3db2b11435 fix styling and wording of no-JavaScript message 2014-09-08 17:55:53 +02:00
Joas Schilling 7a7e102390 Fix broken new lines in plain text mail template 2014-09-04 11:30:54 +02:00
Thomas Müller 954925eaa0 Merge pull request #10667 from pmjdebruijn/itunes-appid
defaults: add customizable defaultiTunesAppId
2014-09-03 16:26:20 +02:00
Pascal de Bruijn 73f50287ff templates: use p() for getiTunesAppId 2014-08-28 10:12:59 +02:00
Pascal de Bruijn 49da0a7943 defaults: add customizable defaultiTunesAppId 2014-08-27 14:07:39 +02:00
Lukas Reschke d26a9c3c58 Add some security utilities
This adds some security utilities to core including:
- A library for basic crypto operations (e.g. to encrypt passwords)
- A better library for cryptographic actions which allows you to specify the charset
- A library for secure string comparisions

Remove .htaccess

Remove .htaccess

Fix typo

Add public API

Use timing constant comparision

Remove CBC constant

Adjust code

Remove confusing $this
2014-08-27 00:18:04 +02:00
Clark Tomlinson e0a8321b23 Adding type to favicon 2014-08-22 16:26:39 -04:00
Lukas Reschke 97b536e3df Add a trusted domain wizard
Adds a little button to the trusted domain warning, if an admin clicks on the warning he will be redirected to ownCloud and asked whether he want to trust this domain.

By far not the cleanest code, or clean at all, but does the job and I don't see a reason to make a lot of changes for this little improvement.
2014-08-21 22:22:35 +02:00
Volker E. ec1596054f Removing `x-webkit-speech` attribute #10561
Remove obsolete (from Google Chrome 36 on) attribute due to security vulnerability
2014-08-20 22:59:55 +02:00
Morris Jobke b6d3a6a054 Add note about the term "Cheers" at end of mail
* for translators
* fixes #8689
2014-08-20 15:14:07 +02:00
Vincent Petry 8995e88e6f Added upgrade notice to avoid timeouts 2014-08-18 15:05:55 +02:00
Lukas Reschke 6fae8ae8a7 Merge pull request #10302 from owncloud/remove-logon-rejected
remove confusing 'automatic logon rejected' message, fix #8591
2014-08-09 19:01:38 +02:00
Jan-Christoph Borchardt c0fa29523c remove confusing 'automatic logon rejected' message, fix #8591 2014-08-09 01:35:02 +02:00
Thomas Müller cbe3595f64 using flush() here is pointless as we render the layout into a memory buffer and actually transmit the data later 2014-08-08 15:44:11 +02:00
Morris Jobke 6cf6c21740 fix syntax 2014-07-17 09:51:44 +02:00
Sander eb5458b837 Changed to 1 line 2014-07-08 14:13:02 +02:00
Sander c3beef30f3 Added suggestions from @jancborchardt in #9517 2014-07-08 14:03:10 +02:00
Sander 4ca74a5157 Update layout.user.php 2014-07-08 13:24:19 +02:00
Sander ec6779ced4 Add webapp support 2014-07-08 13:14:54 +02:00
Jan-Christoph Borchardt 83aca24b88 show loading feedback also when clicking 'Apps' entry in app list 2014-07-04 12:32:37 +02:00
Victor Dubiniuk 23ed038a27 Basics 2014-06-13 15:34:51 +02:00
Joas Schilling 6c0e27ac99 Fix missing caret in header menu for IE8 2014-06-12 11:01:35 +02:00
Volkan Gezer 713a1c683b wrap App text with t() to let it use locales 2014-06-06 18:31:04 +02:00
Jan-Christoph Borchardt f1ce58de3e rearrange CSS, remove duplicate code 2014-06-04 15:46:36 +02:00
Jan-Christoph Borchardt d831afc792 move 'add apps' entry into normal navigation instead of a new line 2014-06-04 15:27:46 +02:00
Jan-Christoph Borchardt 26bf64631d better loading feedback for app start, move from JS to CSS 2014-06-04 15:07:15 +02:00
Jan-Christoph Borchardt 96cfe97dae show 'Apps' as fallback label for app switcher if no app title is present (for example in Settings) 2014-06-04 14:38:25 +02:00
Jan-Christoph Borchardt 7cdd4fee9a separate home icon and menu toggle 2014-06-04 14:38:25 +02:00
Jan-Christoph Borchardt cfffd1a890 cut ownCloud text from logo when logged in, place appname there 2014-06-04 14:38:25 +02:00
Morris Jobke 190fc8adf5 drop "push" element - no sticky footer needed anymore 2014-06-04 14:38:25 +02:00
Jan-Christoph Borchardt e27a409287 show appname next to logo for better hint at navigation 2014-06-04 14:29:46 +02:00
Morris Jobke cea7d4961e move to updated version of placeholder 2014-06-03 16:18:06 +02:00
Jan-Christoph Borchardt 04aa085292 infield label removal: fix installation screen 2014-06-03 15:30:07 +02:00
Jan-Christoph Borchardt 7177d3a496 first step of infield label removal, fix login screen 2014-06-03 15:28:59 +02:00
Morris Jobke a4dd4cbb8f add info about sqlite on setup apge 2014-06-02 22:56:50 +02:00
Vincent Petry 4e957c7b18 Merge pull request #8443 from owncloud/csrf-on-login-and-logout
Add CSRF check on login and logout
2014-06-02 11:27:20 +02:00
Vincent Petry 7e055a9404 Fixed DOM elements, styling and code style issues
- Reduced number of DOM elements
- Also added mention of "config" backup.
2014-05-28 11:29:22 +02:00
Vincent Petry ca45937d84 Fixed styles in update overview page 2014-05-27 16:36:21 +02:00
Vincent Petry 02f682b156 Now showing disabled apps as upgrade status line
- Added app id in update overview.
- Added status message for disabled app for CLI upgrade and web upgrade
2014-05-27 15:20:33 +02:00
Vincent Petry 146583a98d Added update overview page 2014-05-27 14:53:08 +02:00
Thomas Müller f8cb8f4803 Merge branch 'master' into csrf-on-login-and-logout
Conflicts:
	core/templates/login.php
2014-05-19 20:40:55 +02:00
Morris Jobke db9cfaa56d Merge pull request #8592 from owncloud/login-timezone
Disable login button until the timezone is set
2014-05-19 01:14:03 +02:00
Vincent Petry 04f73275ba Now settings CSS class with appid in content DIV 2014-05-15 17:51:04 +02:00
Jan-Christoph Borchardt 60efa0f1c8 Merge pull request #8140 from owncloud/login-valign
Vertically align public layout to better fit small mobile screens
2014-05-15 15:06:52 +02:00
Vincent Petry 1de068b5cb Disable login button until the timezone is set
On slow computers it might happen that the user manages to login before
the timezone code has a chance to run, which then causes dates to appear
wrong in the UI.

This fix makes sure the login cannot happen until the timezone field is
set.

Note that it's not possible to run the timezone code outside of
document.ready() because at that time the DOM element doesn't exist yet.
2014-05-14 17:00:15 +02:00
Lukas Reschke 73b914ddbc Add CSRF check on login and logout
This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
2014-05-04 13:56:21 +02:00
Jan-Christoph Borchardt 158b870589 Merge pull request #6870 from owncloud/uncheck-remember-checkbox
do not check 'remember' log in by default
2014-04-29 10:22:02 +02:00
Thomas Müller 30168169b9 Flush the Buffer Early - right after head 2014-04-15 16:56:45 +02:00
jbtbnl b10bf72999 Vertically align public layout to better fit small mobile screens 2014-04-10 00:33:55 +02:00
Thomas Müller e3b951f412 Merge pull request #7724 from owncloud/mobile
[WIP] Mobile optimization for base layout and Files app
2014-03-28 10:27:15 +01:00
Jan-Christoph Borchardt d2de6e7a66 fix SVG replacement for logo so it works in IE8, fix #7866 2014-03-27 14:31:24 +01:00
Thomas Müller a54260b517 use minimum-scale=1.0 2014-03-25 23:35:55 +01:00
Jan-Christoph Borchardt 74eb9bea22 add 'body-public' ID to body in base layout so it can be identified via CSS 2014-03-14 11:08:16 +01:00