Lukas Reschke
148e7abb51
Harden JS by disabling jQuery eval
...
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.
This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:03:02 +01:00
Lukas Reschke
c4fe36cc02
Merge pull request #3862 from nextcloud/dont-set-the-status-twice
...
Don't set the HTTP status twice
2017-03-16 22:05:47 +01:00
Lukas Reschke
d134dea508
Don't call function in constructor
...
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 21:59:47 +01:00
Lukas Reschke
9e957d0ac9
Adjust integration test
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 20:51:40 +01:00
Morris Jobke
cd4ebe2777
Merge pull request #3008 from nextcloud/appmenu-experiment
...
Show apps in header
2017-03-16 13:03:41 -06:00
Lukas Reschke
5f8f29508f
Adjust tests to include base-uri
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 18:12:10 +01:00
Roeland Jago Douma
2a9d1a7147
Merge pull request #3863 from nextcloud/additional-hardening-of-t
...
Harden t() with DOMPurify
2017-03-16 15:54:04 +01:00
Lukas Reschke
adfd1e63f6
Add base-uri to CSP policy
...
As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 15:16:20 +01:00
Lukas Reschke
6c8d48b0f6
Harden t() with DOMPurify
...
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 14:17:42 +01:00
Lukas Reschke
793d7d1bd7
Merge pull request #3860 from nextcloud/fix_master_after_3802
...
Fix unit tests of master
2017-03-16 14:08:32 +01:00
Joas Schilling
3a53784f80
Don't set the HTTP status twice
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 13:35:41 +01:00
Roeland Jago Douma
bb2ec51bbb
Fix unit tests of master
...
Follow up to #3802
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-16 12:46:02 +01:00
Roeland Jago Douma
57c1be8633
Merge pull request #3802 from Ko-/master
...
Check that set_time_limit is not disabled before calling it
2017-03-16 12:27:26 +01:00
Joas Schilling
7ca2f5f137
Merge pull request #3857 from nextcloud/issue-3901-legacy-caldav-endpoint-email-invitations
...
Fix scheduling plugin on legacy caldav endpoint
2017-03-16 12:14:32 +01:00
Julius Haertl
b8ef616455
Fix html formating issues
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
780400302c
Rebuild menu to keep order of icons correct
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
25e18b840b
Reduce device width and hide app name when menu is open
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
1d6fba03f4
Make enabling/disabling apps work with the new menu
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
efc681dcfe
Fix positioning of popovermenu
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
f58f8f6f47
Fix popover positioning after window resize
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
267b89f5c7
Cleanup SCSS for app menu and fix mobile view
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
7eae6690ad
Make app management icon act like a normal app icon
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl
61dc78e6dc
Fix menu issues
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl
a630e4629f
Generate seperate menu list for header bar
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl
e3e4cb3e67
Move active app to the first slot
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl
42feab59d5
Show app icons in the header
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Ko-
786ee72146
Add warning on admin screen when set_time_limit is unavailable
2017-03-16 11:48:28 +01:00
Joas Schilling
652ee8a605
Fix scheduling plugin on legacy caldav endpoint
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 09:55:15 +01:00
Roeland Jago Douma
4d207680f2
Merge pull request #3624 from marncz/master
...
Update.js: countdown feedback before redirect
2017-03-16 07:56:51 +01:00
Nextcloud bot
2fafdb39ac
[tx-robot] updated from transifex
2017-03-16 01:07:36 +00:00
Lukas Reschke
085891a15d
Escape like parameters in database user backend
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-15 22:46:40 +01:00
Roeland Jago Douma
93c9a06761
Merge pull request #3788 from nextcloud/fed-share-modify
...
Add api to change the remote of an incoming federated share
2017-03-15 17:32:35 +01:00
Joas Schilling
f2d3704e97
Merge pull request #3843 from nextcloud/encryption-fix-mail-share
...
take share by mail into consideration if we calculate the access list
2017-03-15 15:23:17 +01:00
Roeland Jago Douma
5ed45fc8e6
Merge pull request #3848 from nextcloud/remove-single-quotes-around-search-query
...
Remove single quotes around search query like in user search
2017-03-15 15:05:15 +01:00
Joas Schilling
0fe45966a0
Remove single quotes around search query like in user search
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-15 12:53:44 +01:00
Björn Schießle
5a998da206
Merge pull request #3841 from nextcloud/encyryption-trash-bin
...
Delete files on encryption error
2017-03-15 09:07:07 +01:00
Marcin Czarnecki
1a3617cdd6
Spacing
...
Signed-off-by: marncz <M.Czarnecki1@uni.brighton.ac.uk>
2017-03-15 06:35:40 +00:00
Morris Jobke
13aae43d89
Fix layout of sharing buttons
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-14 22:52:28 -06:00
Nextcloud bot
4da6b7e796
[tx-robot] updated from transifex
2017-03-15 01:07:49 +00:00
Marcin Czarnecki
df2670ca3c
Update: feedback before redirect
...
Signed-off-by: marncz <M.Czarnecki1@uni.brighton.ac.uk>
2017-03-14 20:36:17 +00:00
Roeland Jago Douma
67faf7edc4
Merge pull request #3838 from Xuanwo/basename-fix
...
[OC/Files/Cache]: Fix wrong usage of basename
2017-03-14 21:00:24 +01:00
Roeland Jago Douma
562c45d925
Merge pull request #3829 from nextcloud/reshares-in-folder
...
switch reshares to true (display reshares in the folder/filelist)
2017-03-14 20:13:09 +01:00
Maxence Lange
16e1c21fcc
fix mock
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-14 19:27:20 +01:00
Maxence Lange
1b9ed81cb6
switch reshares to true
...
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
2017-03-14 19:27:07 +01:00
Roeland Jago Douma
25553172f4
Merge pull request #3836 from nextcloud/do-not-double-check-app-update
...
Do not check for app update twice
2017-03-14 19:26:01 +01:00
Bjoern Schiessle
8f92808caf
take share by mail into consideration if we calculate the access list
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-03-14 17:40:42 +01:00
Roeland Jago Douma
6565533d3b
Merge pull request #3600 from coletivoEITA/master
...
added method needsPartFile() in Storage
2017-03-14 15:14:59 +01:00
Roeland Jago Douma
3c2312fb09
Merge pull request #3783 from andrius-kulbis/master
...
Fix deleted objectstore shares
2017-03-14 15:14:39 +01:00
Robin Appelman
8217b16cfe
Merge pull request #3824 from nextcloud/dav-search-getlastmodified
...
fix searching and ordering on getlastmodified
2017-03-14 14:42:57 +01:00
Robin Appelman
e392d02d80
safer casting of datetime
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-14 14:12:40 +01:00