Commit Graph

4577 Commits

Author SHA1 Message Date
Frank Karlitschek cd16c5e479 implement a simple request token session garbage collector 2012-06-11 12:13:08 +02:00
Thomas Tanghus 1cb1980d62 Categories: Turned the debugging down a bit. 2012-06-11 03:05:33 +02:00
Thomas Tanghus e79e18d866 Copy/paste error. 2012-06-11 02:40:55 +02:00
Lukas Reschke 3f9b967be7 Sanitizing user input 2012-06-11 00:36:58 +02:00
Lukas Reschke f8d2e21c66 Sanitize user input 2012-06-11 00:23:35 +02:00
Lukas Reschke 27d1c1bb94 Sanitize user input 2012-06-11 00:14:28 +02:00
Lukas Reschke 9f276729c2 Using POST instead of GET. 2012-06-10 23:38:26 +02:00
Lukas Reschke 380aab470f Sanitzing user input 2012-06-10 23:16:59 +02:00
Michael Gapczynski 3c57fb935b Mount personal mount points into filesystem 2012-06-10 16:34:44 -04:00
Michael Gapczynski dd8303b975 Stop AWS SDK from looking for configuration files, forgot to include lib/cachecore 2012-06-10 16:34:44 -04:00
Thomas Tanghus 40f8419fdf Contacts: 11th hour fix for invalid VCARD from CardDAV. 2012-06-10 20:56:55 +02:00
Frank Karlitschek bf4626da93 prevent XSS 2012-06-10 19:52:23 +02:00
Bartek Przybylski c11f6cc3f9 fix variable name and undefined index notice 2012-06-10 17:25:50 +02:00
Bartek Przybylski 76f20eb57c fix first time image loading error 2012-06-10 13:05:00 +02:00
Thomas Tanghus f90c8738ab Contacts: Used non-existent var. 2012-06-10 12:48:39 +02:00
Bartek Przybylski 0838b4c225 gallery: removing search provider for now 2012-06-10 09:52:33 +02:00
Frank Karlitschek 3947aa3ef7 apps paging is not yet implemented. increase pagesize to 100 as a quickfix 2012-06-09 22:00:28 +02:00
Michiel de Jong 995f9c7348 sanitize scope and host 2012-06-09 21:08:24 +02:00
Michiel de Jong 322fd51261 avoid clickjacking 2012-06-09 21:08:24 +02:00
Michael Gapczynski ab41b57f62 Add Dropbox storage backend 2012-06-09 15:02:48 -04:00
Michiel de Jong b46903fa76 sanitize when logged in as another user 2012-06-09 20:39:24 +02:00
Frank Karlitschek 897bfa8814 finally fix the updater. next is an automatic updater. but this is a bit more tricky. 2012-06-09 17:43:02 +02:00
Robin Appelman d065b2d29e prevent opening non-music files through the media ajax api 2012-06-09 17:39:14 +02:00
Robin Appelman 601bac746d use absolute path for file proxies 2012-06-09 17:34:13 +02:00
Georg Ehrke e7f6f7e452 fix another XSS 2012-06-09 16:45:37 +02:00
Georg Ehrke c9214afff8 fix XSS in Calendar 2012-06-09 16:35:35 +02:00
Thomas Tanghus b16136642b Bump version to trigger db update. 2012-06-09 16:05:21 +02:00
Robin Appelman ba1dec64c1 load all apps when loging in, needed for apps listening to login hooks 2012-06-09 15:58:30 +02:00
Georg Ehrke 9c644fe53b Merge branch 'master' of gitorious.org:owncloud/owncloud 2012-06-09 15:40:48 +02:00
Georg Ehrke 2862740674 increase height of event dialog 2012-06-09 15:38:03 +02:00
Thomas Tanghus 6e9fea341b Changed preferences configvalue to clob. Fixes several bugs e.g. oc-825 and oc-743. 2012-06-09 15:36:28 +02:00
Robin Appelman ec55eaef5b dont load apps when displaying the login page
and only load authentication apps during login
2012-06-09 15:28:57 +02:00
Bartek Przybylski 43501309e3 add function in filesystem to strip webroot 2012-06-09 15:26:26 +02:00
Bartek Przybylski 120997112c handle encrypted images files in oc_image 2012-06-09 15:22:18 +02:00
Georg Ehrke 531132d64f fix a bug in when 2012-06-09 15:15:00 +02:00
Georg Ehrke cfb9c764ca fix creation of monthly repeated events 2012-06-09 15:15:00 +02:00
Bartek Przybylski 001293a702 removing app access check, fix title for links in tiles 2012-06-09 15:12:50 +02:00
Robin Appelman cfe219fbb9 fix potential xss in multiselect 2012-06-09 15:07:16 +02:00
Frank Karlitschek 344299a074 add two csrf check calls. Review and lot´s of porting needed. 2012-06-09 15:05:14 +02:00
Thomas Tanghus 081e1874cb Contacts: Use POST instead of GET. 2012-06-09 15:00:44 +02:00
Thomas Tanghus 88341e5797 Code cleanup. 2012-06-09 15:00:44 +02:00
Georg Ehrke 28ab92ee76 make use of post instead of get 2012-06-09 14:41:26 +02:00
Bart Visscher 4aee5a7ce4 Tasks: Use POST for ajax calls that change data 2012-06-09 14:39:41 +02:00
Bart Visscher 014895aeab Check for missing path_info, also use OC_Response for 404 error 2012-06-09 14:39:41 +02:00
Robin Appelman 76de92477f fix infinite redirect during setup for windows hosts 2012-06-09 14:38:05 +02:00
Georg Ehrke bdd12df4a2 fix loading of OC::$REQUESTEDAPP if WTFE the app parameter is given but empty aka /?app 2012-06-08 22:31:44 +02:00
Bartek Przybylski 201a40a1a3 tabs for spaces, fix array key name 2012-06-08 21:55:28 +02:00
Bartek Przybylski 0c7431e57d hide share button until sharing wont be fixed 2012-06-08 21:44:33 +02:00
Bartek Przybylski 8bc22907b8 adding navigation bar to gallery 2012-06-08 21:44:33 +02:00
Bartek Przybylski 6b0a2ae60e remove old code 2012-06-08 21:44:32 +02:00