Thomas Müller
8ac3849a95
Merge pull request #238 from fmms/checkstyle04
...
Checkstyle fixes
2012-11-04 08:59:45 -08:00
Lukas Reschke
8c4c74b23f
Merge pull request #178 from owncloud/JustOneCSRFTokenPerSession
...
Just one CSRF token per session
2012-11-04 05:54:02 -08:00
Felix Moeller
30d7993e01
Checkstyle fixes: NoSpaceAfterComma
2012-11-04 11:10:46 +01:00
Felix Moeller
afadf93d31
Checkstyle: many fixes
2012-11-02 19:53:02 +01:00
Lukas Reschke
7a7f12a0c1
Create only one CSRF token per session
...
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)
With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
2012-10-31 18:37:59 +01:00
Lukas Reschke
ac784baef6
Generate only one CSRF token
2012-10-29 16:35:29 +01:00
Lukas Reschke
4d61eb3e4c
Fix a typo
2012-10-29 16:33:39 +01:00
Felix Moeller
b7a02f0c93
NoSpaceAfterComma
...
first in new branch
2012-10-28 18:12:31 +01:00
Arthur Schiwon
be215a097a
check if RUNTIME_NOAPPS is set before using it
2012-10-28 15:10:22 +01:00
Arthur Schiwon
b8a48b55a3
make sure all filesystem apps are loaded when setupFS is proceeded, to make sure the emmited setup-hook is received. Fixes #89
2012-10-28 13:48:08 +01:00
Arthur Schiwon
5b9ba2e033
remove whitespaces, no code change
2012-10-28 13:48:08 +01:00
Robin Appelman
ad720c4c17
possible fix for bombarding the server with the htaccess test during setup
2012-10-26 18:24:06 +02:00
Lukas Reschke
228a05a792
Check for iconv
2012-10-25 16:49:55 +02:00
Felix Moeller
e73b817a38
Checkstyle: NoSpaceAfterComma
2012-10-23 22:53:54 +02:00
Felix Moeller
2d61f03452
More Checkstyle cleanup
...
This is for all LowerCaseConstant warnings
2012-10-23 08:01:09 +02:00
Felix Moeller
03581ef463
Correct a first issue Checkstyle is complaining about ...
...
This is BracketsNotRequired
2012-10-22 21:40:33 +02:00
Lukas Reschke
65619af05b
Disable enhancedauth by default
...
Admins can still enable it via config.php
2012-10-22 23:04:39 +02:00
Björn Schießle
d68b89cae4
add parameter to specify user for which OC_Filesystem should be initialized.
...
(needed to share files via public links where no user is logged in)
2012-10-22 14:55:53 +02:00
Björn Schießle
2499c24b8b
load system wide configured mount points before accessing shared files
2012-10-18 17:15:30 +02:00
Björn Schießle
00ed2e87c9
check for mount points if file was shared from a different user
2012-10-18 17:15:30 +02:00
scambra
ec253f1354
Use strftime to format date with translated month names
2012-10-16 20:19:35 +02:00
Lukas Reschke
e299c241df
Make enhanced auth configurable
2012-10-16 01:08:05 +02:00
Lukas Reschke
5c0407306c
Set a standard value for enhanced auth time
2012-10-16 01:04:20 +02:00
Lukas Reschke
6f2e8788ca
Make enhanced auth time configurable
2012-10-16 01:02:03 +02:00
Lukas Reschke
f4142bd2a8
Move isUserVerified to OC_Util
2012-10-16 00:47:38 +02:00
Lukas Reschke
1a187d1ca5
Fix PHP notice
2012-10-16 00:47:38 +02:00
Lukas Reschke
fa71e51e67
Use /dev/urandom instead of /dev/random
...
The usage of /dev/urandom is enough secure
2012-10-15 19:21:37 +02:00
Lukas Reschke
6e045b9ea1
Check if $_Post
2012-10-15 17:42:38 +02:00
Lukas Reschke
d33bec09fe
Verify password page for users
2012-10-15 17:42:38 +02:00
Lukas Reschke
f08ff3b6e6
Correct formatting
2012-10-15 15:25:40 +03:00
Lukas Reschke
c930ac9f88
Merge pull request #30 from visit1985/logonpage
...
extend logon page to display multiple error messages
2012-10-15 03:52:11 -07:00
Bart Visscher
4af5b016cc
Whitespace cleanup
2012-10-14 21:04:08 +02:00
Michael Göhler
7095b3a083
extend logon page to display multiple error messages
2012-10-14 19:57:24 +02:00
Lukas Reschke
2c427f050e
Show a warning in the installer if no secure RNG is available
2012-10-14 17:18:30 +02:00
Lukas Reschke
d6c4b83f13
Fallback to /dev/random if openssl_random_pseudo_bytes not available
2012-10-14 16:14:45 +02:00
Björn Schießle
cb91e27ab3
check if directory already exist before executing mkdir
2012-10-12 16:31:03 +02:00
Bart Visscher
351f724193
whitespace fixes
2012-10-12 15:47:41 +02:00
Frank Karlitschek
fe5b4d2fba
marks as 5.0 pre alpha
2012-10-10 15:35:19 +02:00
Frank Karlitschek
8e0676a66b
4.5 final
2012-10-09 16:02:01 +02:00
Frank Karlitschek
67a4aa7cf0
RC 3
2012-10-08 23:58:17 +02:00
Frank Karlitschek
5eaf95eedd
check for SimpleXML which seems to bw non default on Free BSD
2012-10-06 17:37:38 +02:00
Frank Karlitschek
2d86258fc3
RC2
2012-10-03 12:39:48 +02:00
Frank Karlitschek
3fdebaa5dc
automatically remove and prevent installation of apps with a require version less than the current one. We check now the first ad second part of the version number.
...
Also increase the require tags of the core apps to 4.9 Please note that 4.9 is the internal versionnumber of the upcoming 4.5 release.
You have to pu a <require>4.9</require> into the info.xml of your app to make it as compatible with 4.5
2012-10-02 12:10:45 +02:00
Robin Appelman
91d12a2f3d
update the filecache by setting mtimes to 0 when the mount configuration has changed instead of clearing the cache
2012-09-30 16:12:16 +02:00
Lukas Reschke
ef57e9294b
Fallback for systems without openssl
2012-09-29 16:44:02 +02:00
Lukas Reschke
578aa4e425
Removed sectoken
...
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:18:38 +02:00
Lukas Reschke
bd804b74c4
mt_rand() is not secure from a security point of view and predictable. Let's use openssl_random_pseudo_bytes() instead.
...
Before: 26 bits entropy
After: 72 bits entropy
2012-09-29 15:03:09 +02:00
Bart Visscher
22d22d19c0
Do urlencoding in linkTo functions
2012-09-28 22:27:52 +02:00
Christian Reiner
4dbd4c35c5
Merge branch 'master' of git://github.com/owncloud/core
2012-09-28 13:31:01 +02:00
Christian Reiner
743826bbf3
Reimplementation of CSRF protection including autorefresh
2012-09-28 13:30:44 +02:00