Whenever a user navigates away, all ajax calls will fail with the same
result like a cross-domain redirect (SSO). To distinguish these cases,
we need to detect whether the error is a result of the user navigating
away. For this, we introduce a new flag that will be set in
"beforeunload".
Additional handling was required for false positives in case "beforeunload" is
used (ex: cancelled upload) and the user cancelled the navigation.
host can contain the port (host of http://example.com:1234 is
example.com:1234) while hostname never contains a port. They can however
be similar. If you navigate to http://example.com then both host and
hostname will be example.com.
* Fixed docs
* added getHostName function
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.
Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.
Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjPhttp://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/
Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
All IE versions are not able to properly upscale SVG icons unless the
said SVG files contain a "viewBox" attribute, which is not always the
case. Also we cannot guarantee that all third party apps will have this
attribute in their icons.
So for now, app icons will not be displayed in IE instead of broken
ones.
- calculate multiselect header width to exclude scrollbar
- call FileList._onResize() when sidebar is toggled ("appresized"), this
also updates the breadcrumb width
- moved global getScrollBarWidth() to OC.Util namespace
Added hack that uses a "filter" CSS with explicit URL to fix the "New"
menu by scaling down icons and also fix the folder/filetype icon in the sidebar
by scaling it up.
If a response to a $.ajax() request returns a content type of "application/javascript"
JQuery would previously execute the response body. This is a pretty unexpected
behaviour and can result in a bypass of our Content-Security-Policy as well as
multiple unexpected XSS vectors.
Controls bar calculation needs to take the sidebar visibility into
account.
Recalculation is now triggered when sidebar is toggled, using a new
app-content event "appresized".
Tipsy also supported the `fallback` element which will now not work anymore. To enhance compatibility we shall also implement it in the shim.
Fixes https://github.com/owncloud/core/issues/17870
These should be used in the future instead of location.*.
It will make it possible to stub these methods for writing unit tests
and simulating different URL schemes.
Doing this in the PHP code is not the right approach for multiple reasons:
1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.
This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
This function is often used in a wrong and potential dangerous way... Thus we should escape the URL per default and offer developers to disable the automatic escaping via an option parameter if they really want that behaviour.
Might break some things, however, those things are then easy to fix and we really have a ton of bugs caused by this...
Fixes https://github.com/owncloud/core/issues/14228
* options for timeout in seconds and if it contains HTML
* if timeout is 0 it will show the message permanently
* removes the notification after a given (default: 5 seconds) timeframe
* based on work by @brantje
* provide JS unit tests for notifications