Doing this in the PHP code is not the right approach for multiple reasons:
1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.
This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
Fixes new avatar selection in master half, other half will work when https://github.com/owncloud/core/pull/14266 has get merged.
Shocking to see how much places in our code do it wrong 🔫
* reason: nice to know before password change in user management
* restore is possible:
* encryption is disabled
* encryption is enabled, admin and user has checked the
restore option
* if not possible:
* highlight users row in red once the admin wants to change the password
* show also a little tipsy
* causes the first load after the initial load to hide some users in the viewport
and showing them again, but with a scrolled up viewport
* causes higher load for nearly never visible effects
* fixes#12962
add logSettingsController
add download logfile button
move getEntries to LogSettingsController
move set log level to logsettingscontroller.php
add warning if logfile is bigger than 100MB
add unit test for set log level
fix typecasting, add new line at EoF
show log and logfile download only if log_type is set to owncloud
add unit test for getFilenameForDownload
* add disableEscape parameter to disable this functionality
* drop usage of escapeHTML() that is now done inside t()
* add unit test for escaped and not escaped placeholder
* proper JSDoc
* introduced new route settings/users/{id}/mailAddress
* kept old responses
* better error messages
* dropped lostpassword.php from settings/ajax
* cleaned up the UserList.add() and hand in user object instead of
each attribute as another parameter
* check for change permission of mail address
* proper response messages
* add switch to settings to show user backend
* user classes for headers and rows to unify the show/hide statement
* add user backend to response of user create request
* proper markup in settings area
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.
For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
filter installed and not-installed apps properly
kill unneeded file
load category 'Installed' on page load
adding documentation links
new apps mgmt: first style adjustment
apps mgmt: only show license and preview if they exist
adding buttons
new apps mgmt: fix for mobile
use app icon if available
new apps mgmt: position enable/disable toggle to the right
new apps mgmt: proper display of icons or previews
new apps mgmt: fix loading spinner
reenable group selection for apps
new apps mgmt: position enable button normally again
new apps mgmt: clarify wording from 'Installed' to 'Enabled'
reintroduce enable/disable
Move rating image path generation to client-side
Move expression outside of l10n
fix group handling
add buttons for 'More apps' and 'Add your app' again
disable changed date of app for now
adding recommended label
style 'Recommended' app tag
fixing php warning
sort by rating
adding meta-category 'Recommended'
Only show existing documentation links
lacy loading of screenshots
making group based app activation work again
adding support to get the app icon not only by the app name but also simply by the fixed name 'app.svg'
adding app.svg for all core apps
query string '?installed' is not longer needed
update and uninstall is back + error feedback
remove unneeded parameter
fix alignment of 'recommended' label
- Added setup checks in JavaScript
- Moved isWebDAVWorking to JS using SetupChecks
- Moved internet connection checks to an ajax call that goes through the
server
Added timeout in DeleteHandler to auto-delete after a delay.
Fixed issue where OC.Notification.hide() was called twice in a row when
deleting multiple entries, causing the second notification to disappear.
Fixed issue where "undo" click event handler was registered multiple
times when calling setNotifications() twice.
Added JS unit tests for the DeleteHandler class.
Refix undo users, groups feature
Timeout is now cleared in cancel().
Fixed click handler name for "undo" to be able to work with multiple
DeleteHandler instances (in our case one for users and one for groups)
so that there is no conflict.
To avoid making a server request every time the dropdown opens, the
whole list of groups are cached (from the last request):
Whenever the user types in a search term it will still send server
requests.
Adds a little button to the trusted domain warning, if an admin clicks on the warning he will be redirected to ownCloud and asked whether he want to trust this domain.
By far not the cleanest code, or clean at all, but does the job and I don't see a reason to make a lot of changes for this little improvement.
The default quota settings field is initially hidden which makes it
impossible for singleSelect() to make its width measurements.
This fix uses the app navigation slide "show" event to defer the
singleSelect() initialization on the default quota field.
Refactored setQuota() into UserList._updateQuota().
Refactored duplicate event handler code into UserList.onQuotaSelect().
Now using a natural sort algorithm that is more consistent between JS
and PHP (although not perfect in some corner cases)
- added OC.Util.naturalSortComparator that uses the same algo that was
used for the user list
- changed user list and files list to use OC.Util.naturalSortComparator
- removed toLowerCase() and changed the comparator to use
String.localeCompare()
- added unit tests
- added OC_NaturalSort that is used by OCP\Util::naturalSortCompare()
- Renamed "delete" to "deleteEntry" to make IE8 happy.
- Added missing "svg" class for the "+" button
- Added height to "+" button but was unable to properly align it