Commit Graph

4364 Commits

Author SHA1 Message Date
Frank Karlitschek d3bb01b598 more reliable host detection for reverse proxy scenarios 2012-06-05 12:53:48 +02:00
Bjoern Schiessle 44260a552c xss vulnerability fixed 2012-06-05 10:49:36 +02:00
Bjoern Schiessle e817504569 xss vulnerability fixed 2012-06-05 10:49:26 +02:00
Arthur Schiwon ae2bcf968d Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 2012-06-04 21:33:02 +02:00
Arthur Schiwon 454f81fb15 load authentication apps before checking wether user exists. fixes oc-910 2012-06-04 21:31:35 +02:00
Arthur Schiwon 773f3cf973 make it possible to load apps seperately. needed to fix oc-910 without breaking oc-863 2012-06-04 21:30:58 +02:00
Tom Needham daa4d2cd84 Validate email on save 2012-06-04 18:44:55 +00:00
Robin Appelman b117a1e3ec update file paths in filecache when the parent is renamed 2012-06-04 18:12:25 +02:00
Bjoern Schiessle 4bc88ef59d prevent xss attacks by manipulating image file names 2012-06-04 18:11:17 +02:00
Bjoern Schiessle d5566d0267 prevent xss attacks by manipulating text file names 2012-06-04 18:11:08 +02:00
Bjoern Schiessle ca64a4080f don't allow user to delete Shared dir via webdav and sync client (bug #774) 2012-06-04 18:08:51 +02:00
Bjoern Schiessle 7fbe306990 no move (rename) operation for "Shared" directory 2012-06-04 14:00:35 +02:00
Bjoern Schiessle c8f670dfab Don't allow user to delete, rename and re-share the "Shared" directory 2012-06-04 14:00:35 +02:00
Arthur Schiwon 8983c6dd6b commited a bit too much before 2012-06-04 13:27:55 +02:00
Thomas Tanghus d657263403 Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 2012-06-04 13:13:53 +02:00
Thomas Tanghus 74ac2ac63a Contacts: When editing photo on a newly created contact the name in the contact list was cleared. 2012-06-04 13:13:43 +02:00
Arthur Schiwon 8554525ebe Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 2012-06-04 13:04:37 +02:00
Arthur Schiwon b48228ae3d LDAP: link to documentation on settings page 2012-06-04 13:04:18 +02:00
Frank Karlitschek 64fe06710a add deprecated warning 2012-06-04 12:49:33 +02:00
Frank Karlitschek 300f6894e0 4.0.1 2012-06-03 21:06:07 +02:00
Michael Gapczynski 0145c65bf3 Verify user exists when checking if logged in, fix for bug oc-863 2012-06-02 20:09:44 -04:00
Michael Gapczynski 4db5481ad5 Improve efficiency of retrieving log file entries 2012-06-01 14:42:14 -04:00
Frank Karlitschek 52b3305892 add a pdo check 2012-06-01 20:01:23 +02:00
Frank Karlitschek 3ef944521e add check if apps folder is writable. needed to install 3rd party apps 2012-06-01 19:52:45 +02:00
Frank Karlitschek 60b8e172d5 prevent a division by zero problem 2012-06-01 16:49:14 +02:00
Frank Karlitschek 2c97f4788b Merge branch 'stable4' of gitorious.org:owncloud/owncloud into stable4 2012-06-01 16:34:52 +02:00
Frank Karlitschek aa9824d35b fix proper error reporting 2012-06-01 16:33:24 +02:00
Arthur Schiwon 34464b1f8b LDAP group backend: Set configured true when it is... fixe oc-887 2012-06-01 16:02:04 +02:00
Frank Karlitschek aa88ec81c7 sort users and groups. fixes oc-779 2012-06-01 14:21:24 +02:00
Arthur Schiwon 86279bc192 LDAP group backend: If a group filter is not configured, do not do anything. Fixes oc-867 2012-06-01 14:05:08 +02:00
Frank Karlitschek 0468f53f73 switch magic quotes off.
they are evil and deprecated
2012-06-01 12:42:50 +02:00
Frank Karlitschek 1b34bda76b fix oc-874 2012-06-01 12:16:04 +02:00
Frank Karlitschek e44f9ab46e correctly detect https 2012-06-01 11:47:14 +02:00
Frank Karlitschek 8ed13e627e don´t do warnings.
Not sure if this start_session call is really needed here.
2012-06-01 11:08:40 +02:00
Frank Karlitschek 0d2d613f59 added a serverProtocol function that correctly returns the used protocol even if the ssl connection is terminated at a reverse_proxy or at a load balancer 2012-06-01 11:06:49 +02:00
Frank Karlitschek 670022cc8a fix the breadcrumb 2012-05-31 21:43:07 +02:00
Frank Karlitschek 3a6341c880 fix oc-780 2012-05-31 21:27:46 +02:00
Frank Karlitschek c3ccdbaa79 more fixes 2012-05-31 21:14:46 +02:00
Frank Karlitschek d56966f14f someone broke this completely. Hope it works again. Please check your apache error log and turn php notices on if you work on ajax call 2012-05-31 20:45:39 +02:00
Frank Karlitschek 739c5488a5 Merge branch 'stable4' of gitorious.org:owncloud/owncloud into stable4 2012-05-31 20:17:30 +02:00
Frank Karlitschek 5d425a9f79 use our own serverHost call so that ownCloud works with reverse proxy servers 2012-05-31 20:16:44 +02:00
Georg Ehrke 0059535140 fix potential XSS 2012-05-31 20:03:15 +02:00
Arthur Schiwon 7ec3e37199 LDAP: make queries compatible also with PostgreSQL 2012-05-31 13:06:27 +02:00
Robin Appelman f4577bf00c fix for pgsql database migration 2012-05-31 00:01:03 +02:00
Arthur Schiwon 449b9b92f0 LDAP: fix wrong value for input type 2012-05-30 22:37:00 +02:00
Arthur Schiwon 93849916bb LDAP: support for 'member' as group-member-association 2012-05-30 22:36:48 +02:00
Frank Karlitschek 4dc7ed139b don´t hardcode /tmp 2012-05-30 14:18:47 +02:00
Frank Karlitschek c1f7d320e8 mark as 4.0.1 pre 2012-05-29 22:18:07 +02:00
Michael Gapczynski 1d983c28aa Restrict requested app to apps directory 2012-05-29 12:35:52 -04:00
Thomas Tanghus 6515c5c1e7 Contacts: NOTE wasn't saved properly. 2012-05-29 16:45:52 +02:00