90cbc32c77
Fix redirect after login, prevent open redirects
2012-05-18 16:56:48 -04:00
16224e5e8b
"fopen(" interferes with our own classes.
...
remove it for now and let´s fix this later
2012-05-18 18:22:37 +02:00
2d3c709163
Merge branch 'master' of gitorious.org:owncloud/owncloud
2012-05-18 15:56:15 +02:00
db77dc91bc
only try to install apps that are compatible with oC4
2012-05-18 15:54:36 +02:00
2e9115efe0
increase to RC2
2012-05-18 15:54:17 +02:00
a6ff909911
this code looks wrong to me but i'm putting it back while we find out what the right code should look like
2012-05-18 15:39:28 +02:00
1a874b4c56
make redirect safe by restricting it to current host
2012-05-18 15:32:41 +02:00
9b5e8a2c63
fix redirect to desired page after login
2012-05-18 15:11:01 +02:00
48505c5626
improve tar archive backend
2012-05-18 01:54:59 +02:00
c1ba4deb72
when scanning a folder that is a mountpoint, use the root of the mount for checking if a folder is writable instead of the folder
2012-05-17 01:47:58 +02:00
aac9629e88
add support for custom ports for mysql/pgsql by adding :portnumber to the database host
2012-05-17 01:06:22 +02:00
5fe7200a7f
update documentation of oc_user::checkpassword
2012-05-17 00:57:43 +02:00
2c99924f7d
make sure the group exists in the backend before adding a user to it
2012-05-17 00:47:43 +02:00
22dd155e4d
Merge branch 'unstable' of gitorious.org:owncloud/owncloud into unstable
2012-05-16 18:30:35 +01:00
9acd1065b0
made initial testing version of expireAll for version control \ngave some old vars new camelcase names
2012-05-16 18:30:26 +01:00
c645a7d0f8
Fix empty jsfiles and cssfiles in layout template
2012-05-16 18:53:46 +02:00
ce1e4425c2
Combine and minimize core and default app js files
2012-05-16 18:53:46 +02:00
f71fec8cdc
Combine and minimize core and default app css files
2012-05-16 18:53:46 +02:00
2faae817f1
Template: Fix var name
2012-05-16 18:53:46 +02:00
6d20fe4012
Template: Make getFormFactorExtension function public
2012-05-16 18:53:46 +02:00
b39f01fce6
Comment spelling fix
2012-05-16 18:52:40 +02:00
5d72681d10
Better place to check caching headers
2012-05-16 18:52:40 +02:00
01b366df80
avoid corrupt ZIP files on lighttpd, should fix oc-467
2012-05-15 11:57:24 +02:00
583dce5276
removing executable bit - again
2012-05-15 00:52:00 +02:00
6779f28af4
cache app types during install or update
2012-05-14 22:49:31 +02:00
bda2dbec1f
Prevent Clickjacking by adding additional headers:
...
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
Thanks to Lukas Reschke for reporting this issue (and many more).
2012-05-14 15:34:28 +02:00
e7c106d91e
selective app loading for remote/public
2012-05-14 00:28:28 +02:00
a332c39472
Check if path_info is empty as well, fixes bug oc-632. Thanks to die3lustigen2.
2012-05-13 15:26:30 -04:00
8d475debe0
additional logging when db upgrade fails
2012-05-13 21:21:39 +02:00
1a2ab2ef68
prevent user creation with empty password
2012-05-13 20:53:56 +02:00
3926e2d4f3
VCategories: Made a small check for categories that seems to resolv the problems in Calender. Also reverts the changes from 9e6221b229.
2012-05-13 15:07:07 +02:00
9e6221b229
VCategories: Suppress error messages stemming from import from file app.
2012-05-13 09:16:53 +02:00
af77ce9a9b
This is RC now
2012-05-13 05:11:10 +02:00
9eb91a111d
update to jquery 1.7.2
2012-05-12 00:37:19 +02:00
5b7c69f978
Change sqlite escaping of identifier to double quote. Fixing some issues
2012-05-11 19:45:53 +00:00
919681f3e6
Make processed css files cachable
2012-05-11 21:33:02 +02:00
97233b77cd
Remove DOCUMENTROOT static var, and make SUBURI var private
2012-05-11 21:31:51 +02:00
847832ae77
also set remote/public paths on installing apps
2012-05-11 20:58:23 +02:00
d12021e3c4
fix sqlite3 driver against updated MDB2
2012-05-11 20:56:02 +02:00
cf3940425f
don't do the initial scanning of the users home folder trough the update system
2012-05-11 20:49:19 +02:00
0622fa79ba
add temporary filestorage backend for testing purposed
2012-05-11 20:33:56 +02:00
b40f9670ae
allow clearing hooks and fileproxies
2012-05-11 20:33:56 +02:00
736739bbbd
load remote and public paths from info.xml during upgrade instead of setting them every time
2012-05-11 20:33:56 +02:00
c99d7dd94f
the ',last' breaks all other rewrite rules and is also not there in the committed .htaccess, so removing it. anybody know why it was there?
2012-05-11 17:59:21 +02:00
347ce2aafa
match setup script to .htaccess from repo
2012-05-11 17:30:27 +02:00
4462b26160
oops, typo in lib/setup.php
2012-05-11 17:09:10 +02:00
2dff357a4e
add new htaccess things into setup script too
2012-05-11 17:06:04 +02:00
8f2217ca2e
make default app choosable
2012-05-11 13:56:52 +02:00
709b0a1ddc
Check if app is enabled before exporting its data
2012-05-10 23:06:53 +00:00
de95bf62a2
Prevent any null bytes related exploits, thanks to Lukas Reschke
2012-05-10 11:44:06 -04:00
d9fbdae758
Prevent XSS exploit by checking if path-info is set, thanks to Lukas Reschke
2012-05-10 10:26:12 -04:00
b055ebc1fc
added documentation to OCP namespace
2012-05-10 14:19:17 +01:00
c2230580c1
Remove unused OC static variable CONFIG_DATADIRECTORY_ROOT
2012-05-10 09:14:27 +02:00
b022ccb863
Whitespace fixes
2012-05-10 09:14:26 +02:00
e77ba0280a
Implement default functions in OC_Group backend
...
Simplifies calling these functions, and makes code simpler
functions:
inGroup
getUserGroups
getGroups
usersInGroup
2012-05-10 09:14:26 +02:00
ac2e0cd6e4
Implement default functions in OC_User backend
...
Simplifies calling these functions, and makes code simpler
functions:
deleteUser
getUsers
userExists
2012-05-10 09:14:26 +02:00
a9d7c67bf2
The log message is not always shown in html
...
The log message can also be logged with syslog, here we don't want to have html-entities. Also the log messages through json are displayed as text not html.
2012-05-10 09:13:09 +02:00
798e6aa40b
Merge commit 'refs/merge-requests/100' of git://gitorious.org/owncloud/owncloud into merge-requests/100
2012-05-09 17:50:14 -04:00
03f66c6351
also scan new folders when checking for updates
...
it might cause long load times but seems the best for now
2012-05-09 20:35:12 +02:00
bc60b8d87a
fix bug in public api
2012-05-09 18:33:40 +02:00
bba434ca37
fixed typo in lib/public/util.php:106 (varname to )
2012-05-09 15:17:40 +02:00
051442bc76
Sanitize redirect urls
2012-05-08 17:41:50 -04:00
9c47346373
Protect admin from evil log messages
2012-05-08 19:41:31 +00:00
52717d2a1b
remove comments
2012-05-08 17:07:50 +02:00
9921ca11b5
Add protection for non-authorized char in installation form
2012-05-07 22:12:30 +00:00
43978abd80
increase to 4 beta
2012-05-07 22:58:22 +02:00
10d291d6b3
Merge branch 'master' of gitorious.org:owncloud/owncloud
2012-05-07 22:56:34 +02:00
40b823bc8b
some more docu fixes
2012-05-07 22:55:44 +02:00
4dbc2093c6
Create a function for linking to remote.php
2012-05-07 21:47:14 +02:00
5b7cefb1e5
make ampache work with remote.php
2012-05-07 20:26:09 +02:00
d032345191
fix validation of getfile parameter - i hate this bloody merge conflicts
2012-05-07 13:23:55 +02:00
cde60dba0f
Fix typo.
2012-05-07 04:46:09 +02:00
aa0c3ddcfe
Fix updateFolder() in OC_FileCache
2012-05-06 20:11:10 -04:00
e0db22cc07
Provide feedback when user creation fails
2012-05-06 18:04:48 -04:00
1945cd6946
ported the oc_template class
2012-05-06 23:00:36 +02:00
5d55c709dd
some more documentation cleanups. much more is needed.
...
And greeting from the Atlanta airport. ;-)
2012-05-06 22:02:16 +02:00
2edf59c026
first part of documentation update. lot´s more to come
2012-05-06 21:46:39 +02:00
35177e00c0
Merge commit 'refs/merge-requests/109' of git://gitorious.org/owncloud/owncloud into merge-requests/109
2012-05-06 16:13:13 +02:00
e459309511
Fixed escaping of filename when determining MIME type
2012-04-25 10:33:52 +02:00
f991948a71
Fix loading by apptype in webdav
2012-05-05 21:58:10 +02:00
d46bea8867
fixing file headers with copy right
2012-05-05 18:13:40 +02:00
c0e67fa24a
fix opening encrypted files from the browser
2012-05-05 16:49:48 +02:00
9bcc5c11a8
porting the hooks and starting with the templates
2012-05-05 10:18:45 +02:00
4a89eb77c1
Escape strings for DB and User creation at setup. Fix oc-124
2012-05-04 22:54:55 +00:00
eab4a05d78
implement missing getusers call
2012-05-04 11:13:07 +02:00
a22a79cddd
fix filecache for postgresql
2012-05-03 23:17:03 +02:00
9e03ea4a28
ensure the files app is always loaded
2012-05-03 20:47:18 +02:00
97a8af7f25
ported oc_db
2012-05-03 13:06:08 +02:00
43caa3b3b9
ported oc_json
2012-05-03 12:23:29 +02:00
351740601a
port oc_response
2012-05-03 10:46:27 +02:00
e5ef3e1340
move archive library to core so we can properly depend on it
2012-05-02 23:48:23 +02:00
31d623f426
Fix log viewing bug
2012-05-02 15:26:42 -04:00
10bbbc8cd2
new checkAppEnabled call
2012-05-02 18:54:31 +02:00
da03d05700
create folder 'remote' for the remote services like caldav, carddav and webdav
2012-05-02 16:41:23 +02:00
82a61e2e1a
port oc_preferences
2012-05-02 15:54:34 +02:00
ff66600bc0
port appconfig
2012-05-02 14:11:29 +02:00
8e99475886
first part of the config stuff
2012-05-02 13:28:56 +02:00
8c7f854671
move all the files stuff into a files class
2012-05-02 12:54:31 +02:00
6750998984
files is not internal any more, part II
2012-05-02 11:26:22 +02:00
d71600213a
files is not internal any more
2012-05-02 11:14:11 +02:00
c9eaffd336
send downloadfile piece by piece. saves RAM and is better suited for large files.
2012-05-02 11:02:13 +02:00
2fe646dcec
ported the oc_app calls
2012-05-02 00:50:26 +02:00
93b63cf375
ported the rest of the OC_Helper calls
2012-05-02 00:20:45 +02:00
e48f511606
port linkto and serverHost
2012-05-01 23:19:39 +02:00
31e32e3c10
ported checkLoggedIn and checkAdmin
2012-05-01 22:59:38 +02:00
e2fb094693
some more porting
2012-05-01 21:07:08 +02:00
d0554bef06
finish porting of the LOG calls or the apps to the public api
2012-05-01 17:38:27 +02:00
7ded9cf520
Checks if config folder is writable on begin of the installation.
2012-05-01 16:35:46 +02:00
d3ce2cacd6
OC_User: handle success properly
2012-05-01 14:40:56 +02:00
8a69116e94
OC_User: don't say password changed when it is not true
2012-05-01 13:40:01 +02:00
0195d5b439
some more work on the public API
2012-05-01 09:39:12 +02:00
04c6582af1
load the files app in a way that doesn´t break oC3 configurations
2012-04-30 13:58:48 +02:00
e1268cd5f4
we require php 5.3 now. so please notify the user if an old version is in use
2012-04-30 13:28:31 +02:00
f0701f75a9
tiny typo
2012-04-30 13:08:08 +02:00
07f2e316e4
removing executable bit from various files
2012-04-30 12:05:57 +02:00
c7e7767f58
don´t hardcode files app. we have no a standard info.xml in files
2012-04-29 21:27:02 +02:00
4d3ef9a824
improve rescanning folders
2012-04-29 16:11:17 +02:00
e3adbcb7d5
remove non existing files from the cache when rescanning a folder
2012-04-29 15:09:47 +02:00
09a5c59cca
only install shipped apps on setup that should be enabled by default
2012-04-29 14:38:56 +02:00
3aedbc5f95
remove debug message
2012-04-27 22:22:58 +02:00
06e9ac8591
fix parsing of app parameter and fix external app
2012-04-27 22:22:03 +02:00
993d655aad
Merge branch 'master' into movable_apps_2
2012-04-27 10:30:50 +02:00
ee0cb68f5e
some csrf fixes. needs testing
2012-04-27 01:18:21 +02:00
74b5e22a68
some more csrf fixes
2012-04-26 23:17:46 +02:00
5483c1be42
hide fails
2012-04-26 21:58:43 +02:00
5fda0e4b3b
make *DAV work with movable apps
2012-04-26 21:56:29 +02:00
2b10371bde
fix merge conflicts
2012-04-26 18:08:49 +02:00
40f95ffdf3
fix security check for the path of the requested file
2012-04-26 17:55:00 +02:00
ebcaa46482
fix loading of css files that are core related
2012-04-26 15:19:27 +02:00
3f64eb25ab
some fixes fore movable apps
2012-04-26 14:52:55 +02:00
d76552a009
Merge branch 'sabredav_1.6'
2012-04-25 10:39:31 +02:00
476043ecb9
add a proper 404
2012-04-25 10:17:20 +02:00
cc2bfd313d
minor filecache improvements
2012-04-25 00:12:12 +02:00
9015c46e31
emit the correct hooks for file_put_contents and some readfile improvements
2012-04-25 00:12:12 +02:00
60b924c954
initial mount configuration work
2012-04-25 00:12:12 +02:00
f17eea506a
fix merge conflicts
2012-04-24 21:59:56 +02:00
fb84d0aff8
fix php fail
2012-04-24 21:37:19 +02:00
9b29bc96de
remove debug message
2012-04-24 21:36:54 +02:00
0b06eff3a0
another fix for linkto function
2012-04-24 20:17:00 +02:00
29b9e27078
fix linkto function in OC_Helper
2012-04-24 20:14:42 +02:00
6848b069c9
OC_App::getStorage() failed if app dir didn't exist.
2012-04-24 01:44:07 +02:00
95c220a246
remove debug code in lib base
2012-04-23 20:31:03 +02:00
19109afa79
fix bug in lib base
2012-04-23 20:11:21 +02:00
42a570788b
Merge branch 'master' into movable_apps
2012-04-23 19:56:07 +02:00
6d92ebca45
use native functions of php to parse the string into the Var
2012-04-23 17:09:28 +02:00
9226cb7a6a
rename var file to getfile to prevent fails in files app
2012-04-23 16:36:24 +02:00
aaedb23f05
fix bug in lib/helper.php and fix file upload
2012-04-23 16:28:37 +02:00
f5c9fe9ece
first step to an public api of ownCloud for the apps. In the future they shouldn´t call internall classes, functions or session variables because this will change and break in upcoming versions. Apps should only call this public interface that we will kepp stable over different releases. The namespace is OCP for ownCloud public. This is just the first step. more coming soon
2012-04-23 15:50:30 +02:00
e888f4d9bc
Merge branch 'master' into sabredav_1.6
2012-04-22 13:20:50 +02:00
4c2cf35050
fix merge conflicts
2012-04-22 13:19:12 +02:00
Michael Gapczynski
Frank Karlitschek
Michiel de Jong
Robin Appelman
Sam Tuke
Bart Visscher
Arthur Schiwon
Thomas Mueller
Thomas Tanghus
Brice Maron
Georg Ehrke
Tom Needham
Sam Tuke
Philipp Roggan
Daniel
Jernej Virag
Marvin Thomas Rabe
Frank Karlitschek
Frank Karlitschek