Commit Graph

2343 Commits

Author SHA1 Message Date
Daniel Peukert b2dfcb5a18 Check if the X-XSS-Protection header contains the required fields
Signed-off-by: Daniel Peukert <dan.peukert@gmail.com>
2018-10-17 14:28:51 +02:00
Julius Härtl 0b4ea70995
Tests: Remove spacing from html before comparing the template
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-10-16 10:49:34 +02:00
Roeland Jago Douma 0a4a23f015
Move jquery.contactsmenu.js to compiled handlebars
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-16 09:51:36 +02:00
Roeland Jago Douma 056a74e323
Fix plural function to be hardcoded
No more weird eval to construct a plural function.
We just use the plural function from symfony.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-14 20:45:36 +02:00
Christoph Wurst 365f68372f
Use jQuery.getScript to dynamically load script
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-14 20:45:36 +02:00
Moritz Beck b68661ed6e
Allow "same-origin" as "Referrer-Policy"
Fixes #11531

Although "same-origin" is more strict than e.g. strict-origin it showed up a warning in setupcheck
Based on https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Signed-off-by: Moritz Beck <git@birkenstab.de>
2018-10-11 13:17:26 +02:00
Morris Jobke fe45db6ae2
Merge pull request #11744 from burned42/fix_percent_sign_breaking_all_files_view
Remove duplicate call to decodeURIComponent
2018-10-11 12:20:07 +02:00
Daniel Calviño Sánchez c2916b62d3 Ignore "session_lifetime" if it can not be converted to a number
When "session_lifetime" can not be converted to a number the interval
becomes a NaN due to dividing it by 2. This NaN was "dragged" over all
the other mathematical operations and caused the csrftoken to be got
again and again due to an infinite loop with no pauses in "setInterval".
Now, the interval is set to the default value instead if the
"session_lifetime" can not be converted to a number.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-11 10:53:25 +02:00
Bernd Stellwag 0f030d885b Remove duplicate call to decodeURIComponent
Signed-off-by: Bernd Stellwag <burned@zerties.org>
2018-10-11 08:00:28 +02:00
Morris Jobke b8d54bd53a
Fix a misleading setup check for .well-known/caldav & carddav
The problem is that the version without the slash is the correct one.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-10 10:41:02 +02:00
Christoph Wurst 9af69ca2a5
Fix usage of deprecated OC.webroot
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-09 13:53:59 +02:00
Morris Jobke 43ed8bb91a
Merge pull request #11693 from nextcloud/refactor/remove-legacy-sharemodel-areavatarsenabled
Remove deprecated and unused legacy ShareConfigModel.areAvatarsEnabled()
2018-10-09 09:09:35 +02:00
Christoph Wurst 47f0447ce0
Remove deprecated and unused legacy ShareConfigModel.areAvatarsEnabled()
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-09 07:58:06 +02:00
Christoph Wurst e836a1457c
Remove deprecated and noop APIs from OC.AppConfig
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-09 07:54:34 +02:00
Morris Jobke 6994a2a87d
Merge pull request #11679 from nextcloud/refactor/remove-ie8-apis
Remove IE8 APIs
2018-10-08 18:36:07 +02:00
Morris Jobke 3330600dc5
Merge pull request #11682 from nextcloud/refactor/remove-deprecated-unused-fileDownloadPath
Remove deprecated and unused fileDownloadPath
2018-10-08 18:04:08 +02:00
Morris Jobke 8acd503975
Merge pull request #11681 from nextcloud/refactor/remove-deprecated-getScrollBarWidth
Remove deprecated window.getScrollBarWidth
2018-10-08 17:43:10 +02:00
Christoph Wurst 576e44f890
Remove deprecated and unused fileDownloadPath
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-08 16:46:36 +02:00
Christoph Wurst a0499f4404
Remove deprecated window.getScrollBarWidth
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-08 16:41:33 +02:00
Christoph Wurst dccb3ab5b2
Remove deprecated SVG helpers for old IEs
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-08 16:33:41 +02:00
Christoph Wurst d9783af7bd
Remove outdated comment
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-08 16:21:31 +02:00
Christoph Wurst d5b53d0ede
Remove OC.isIE8
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-08 16:18:51 +02:00
Christoph Wurst dd459bbb7a
Remove OC.scaleFixForIE8
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-08 16:17:16 +02:00
Roeland Jago Douma 8932a51b91
Extract translated strings of compiled handlebars
Follow up to #11615

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-05 12:32:48 +02:00
Roeland Jago Douma 363ec1d3c3
Remove leftover '
Followup to #11583

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-04 16:02:09 +02:00
Roeland Jago Douma b0fd31496b
Move OC.Share to compiled handlebars
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-04 09:53:45 +02:00
Roeland Jago Douma cd7c17482e
Move systemtags to compiled handlebars
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-04 09:53:44 +02:00
Morris Jobke c8e617b07c
Set nonce for loading the zxcvbn
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-03 17:05:01 +02:00
Morris Jobke 48f483a352
Add missing compiled mimetype list - see #10135
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-01 15:54:02 +02:00
Jan-Christoph Borchardt 9b8e884b19
Change wording of 'Copy URL' to more understandable 'Copy link'
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2018-10-01 11:02:12 +02:00
Roeland Jago Douma 7e5b7f75ba
Bump templates to handlebars 4.0.12
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-28 21:17:08 +02:00
Morris Jobke d867f9f091
Merge pull request #11037 from nextcloud/trash-webui-dav
Use trashbin dav endpoint to list trash in webui
2018-09-28 16:03:24 +02:00
Roeland Jago Douma c9e93b8084
Compile contactmenu handlebars templates
Fixes #11029
For https://github.com/orgs/nextcloud/projects/18

Ship the compiled handlebars templates. This makes it possible to have a
scricter CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-27 20:33:58 +02:00
Robin Appelman 073fddcc28
fix trashbin infoparsers interfering with other dav clients
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-09-20 17:03:56 +02:00
Robin Appelman 91066954a8
pass existing data to info parsers
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-09-20 17:03:30 +02:00
Joas Schilling dda0dfd5f1
Merge pull request #11171 from nextcloud/bugfix/noid/shared-by-info-for-room-shares-without-names
Better shared-by info for conversations without names
2018-09-19 13:45:31 +02:00
Joas Schilling a2c8b3f00b
Merge pull request #11151 from nextcloud/davclient-js-decode
fix js files client for user names with spaces
2018-09-13 11:17:29 +02:00
Joas Schilling d062c8687b
Merge pull request #11036 from nextcloud/fix/10903/users-undefined-maxautocompleteresults
fix check for more users  in sharing dialogue
2018-09-13 09:49:43 +02:00
Joas Schilling a1c969a170
Merge pull request #10840 from webfoersterei/refactor/5530-urandom-check
Refactor secure randomness check
2018-09-13 09:29:42 +02:00
Arthur Schiwon b628ec4701
adjust and extend js unit tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-09-12 17:49:48 +02:00
Joas Schilling 7f0de11bd5
Better shared-by info for conversations without names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-09-11 12:57:36 +02:00
Arthur Schiwon 4893e1765f
don't user a higher paging size than max autocomplete entries are set
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-09-10 23:15:46 +02:00
Arthur Schiwon e7b0f8b001
fix check for more users
after a refactor users et al were undefined. The check condition was moved.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-09-10 23:15:42 +02:00
Robin Appelman 4491a41a72
fix js files client for user names with spaces
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-09-10 22:37:01 +02:00
Daniel Calviño Sánchez c14c6e5ccf Make possible to pick both files and folders
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-08-30 14:40:12 +02:00
Daniel Calviño Sánchez f080fa55ac Store the mime type filter always as an array
This will make easier to check if both directories and files should be
pickable.

This also removes an unused assignment to the mime type.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-08-30 14:23:47 +02:00
Daniel Calviño Sánchez 66f2b155ce Fix empty mime type filter
When the mime type is an empty array no filter should be applied.
However, the filter was loosely compared to an empty array, but as
arrays are objects then it became an implicit strict equality comparison
which always failed due to being different objects. Now the length of
the array is compared instead, and also moved outside the loop as it is
not needed to check it for each file.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-08-30 14:02:50 +02:00
Daniel Calviño Sánchez 4508a12188 Prevent default action from being executed when the button is disabled
When "enter" is pressed in the file picker a "click" event is triggered
on the primary action button. However, in some cases, like when the file
picker is in "Choose" mode and the current directory in the file picker
is the root folder, the primary action button is disabled. In those
cases pressing enter should not trigger a click action on the button and
be ignored instead.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-08-30 10:25:09 +02:00
Joas Schilling 1edf345d4d
Use empty alt tag for avatars since there is always the name next to it
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-08-26 18:29:02 +02:00
Timo Förster 006e150c87 Change check if secure randomness is possible.
Signed-off-by: Timo Förster <tfoerster@webfoersterei.de>
2018-08-24 23:12:02 +02:00