Commit Graph

140 Commits

Author SHA1 Message Date
Jörn Friedrich Dreyer c0bdbd9d81 introduce and use executeAudited in db.php 2013-06-10 12:56:45 +02:00
Robin Appelman 44f9af5a7f Use the new session wrapper 2013-05-28 01:04:09 +02:00
icewind1991 3b576c5f77 Merge pull request #3111 from owncloud/csp-audio
Allow loading of external media ressources
2013-04-24 08:17:42 -07:00
Lukas Reschke a34350c803 Merge pull request #3106 from IMM0rtalis/xframe_restriction_config
- xframe restriction configurable now
2013-04-24 08:02:12 -07:00
Lukas Reschke 4f96d7fb85 Allow loading of external media ressources 2013-04-24 16:45:51 +02:00
Florian Scholz 03aa86d8a6 - xframe restriction configurable now 2013-04-24 14:45:40 +02:00
Bernhard Posselt b98b56e4a8 check if there is a default/ folder in the theme directory if no theme exists 2013-04-24 13:45:40 +02:00
Lukas Reschke cfb10dc58c Add warning about sanitization 2013-03-06 13:05:22 +01:00
Lukas Reschke a97006144e Only send the standard headers
Fixes https://github.com/owncloud/apps/issues/675
2013-03-04 20:35:58 +01:00
Lukas Reschke dee16deacd Merge master 2013-02-28 20:03:06 +01:00
Lukas Reschke cef6131ea8 Sanitize HTML in html_select_options 2013-02-28 17:19:04 +01:00
Lukas Reschke 229c907a57 [core] From echo to p 2013-02-27 22:55:39 +01:00
Lukas Reschke 470fc3817f Remove the template autoescaping
Ref #1963
2013-02-27 20:53:52 +01:00
Lukas Reschke 6735701c1e Merge pull request #1837 from owncloud/fix-user-template
Remove unneeded code for user layout template
2013-02-25 13:41:32 -08:00
Bart Visscher 15f5325078 Don't use routes when displaying error page 2013-02-22 21:39:44 +01:00
Bart Visscher bf0b9bac8b Remove unneeded code for user layout template 2013-02-22 00:22:43 +01:00
Robin Appelman b8e2454f68 Fix strict standard warning in user template 2013-02-15 16:10:06 +01:00
Bart Visscher ffae6f4b84 Style-fix: Breakup long lines 2013-02-14 08:38:37 +01:00
Lukas Reschke 5fcb35efd6 Also allow local files 2013-02-04 18:43:26 +01:00
Lukas Reschke bb90b0ee6e Allow the loading of local font files embedded via data: 2013-02-04 18:38:16 +01:00
Lukas Reschke 8de0f96a24 Allow loading of external fonts
Required by several applications like our pdf viewer
2013-02-04 17:51:52 +01:00
Lukas Reschke a65410f23c Remove the CSP header for Firefox
https://bugzilla.mozilla.org/show_bug.cgi?id=737064 *gnarf*
2013-01-25 21:57:51 +01:00
Lukas Reschke e5cc5a0a2d Allow the loading of external images 2013-01-25 14:26:14 +01:00
Lukas Reschke 293e7bdcf0 Notice about changing the standard policy 2013-01-23 13:44:43 +01:00
Lukas Reschke 0517465f4d Allow admins to change the CSP policy in the config file 2013-01-23 13:42:52 +01:00
Lukas Reschke 351d206dd3 Allow eval() and send headers for legacy browsers
The blocking of eval() seems to have problems with JQuery 1.7.2 - let's allow it for now and disable it in the future.
2013-01-22 08:09:01 +01:00
Lukas Reschke 3ffbaf4795 Allow iframes to external domains 2013-01-22 00:30:09 +01:00
Lukas Reschke 0c59074eeb Correct copy paste fail 2013-01-21 20:46:42 +01:00
Lukas Reschke af8c193605 Disallow inline JS 2013-01-20 23:30:16 +01:00
Lukas Reschke 967b7947a1 Add the default-src 2013-01-20 12:19:09 +01:00
Lukas Reschke c82d6e5153 Add CSP header 2013-01-20 12:06:33 +01:00
Bart Visscher a8f963d9cf Spaces to tabs 2013-01-16 18:09:16 +01:00
Thomas Mueller 44e5c052b3 handling proper display of files/folders with negative size
refs #1162
2013-01-14 23:39:31 +01:00
Brice Maron a310dcb0ff Fix a dirty function preventing showing errors 2012-12-03 22:53:06 +00:00
Frank Karlitschek 0f61816278 A new function to create nice error page. And use it for fatal db errors 2012-11-24 18:07:26 +01:00
Alessandro Cosentino 7d01342bab fix translation issues with previous commit 2012-11-13 19:32:26 -05:00
Alessandro Cosentino aa917cfb18 uncomment hours entries in relative date functions 2012-11-13 19:18:26 -05:00
Felix Moeller 0e70ea9d8b Checkstyle: Fix the last 25 NoSpaceAfterComma 2012-11-04 18:28:29 +01:00
Thomas Müller 8ac3849a95 Merge pull request #238 from fmms/checkstyle04
Checkstyle fixes
2012-11-04 08:59:45 -08:00
Lukas Reschke 8c4c74b23f Merge pull request #178 from owncloud/JustOneCSRFTokenPerSession
Just one CSRF token per session
2012-11-04 05:54:02 -08:00
Felix Moeller 30d7993e01 Checkstyle fixes: NoSpaceAfterComma 2012-11-04 11:10:46 +01:00
Felix Moeller f8d1d7787e Checkstyle fixes for SpaceBeforeOpenBrace 2012-11-04 10:46:32 +01:00
Felix Moeller afadf93d31 Checkstyle: many fixes 2012-11-02 19:53:02 +01:00
Lukas Reschke 7a7f12a0c1 Create only one CSRF token per session
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)

With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
2012-10-31 18:37:59 +01:00
Bernhard Posselt bf3dac05d1 added functions for printing escaped and unescaped values 2012-10-28 13:28:22 +01:00
Felix Moeller 03581ef463 Correct a first issue Checkstyle is complaining about ...
This is BracketsNotRequired
2012-10-22 21:40:33 +02:00
Lukas Reschke d525654fcd Correct indentation 2012-10-10 19:01:32 +02:00
Björn Schießle f493e97f5d always generate access token, also for forms shown to anonymous users (e.g. public shares) 2012-10-05 10:32:38 +02:00
Christian Reiner 71454b1bca Fix to preserve backward compatibility for apps creating static links containing the request token (currently the contacts app and maybe some 3rd party implementations) 2012-09-28 18:57:20 +02:00
Christian Reiner 743826bbf3 Reimplementation of CSRF protection including autorefresh 2012-09-28 13:30:44 +02:00