Commit Graph

1065 Commits

Author SHA1 Message Date
Robin Appelman c1ba4deb72 when scanning a folder that is a mountpoint, use the root of the mount for checking if a folder is writable instead of the folder 2012-05-17 01:47:58 +02:00
Robin Appelman aac9629e88 add support for custom ports for mysql/pgsql by adding :portnumber to the database host 2012-05-17 01:06:22 +02:00
Robin Appelman 5fe7200a7f update documentation of oc_user::checkpassword 2012-05-17 00:57:43 +02:00
Robin Appelman 2c99924f7d make sure the group exists in the backend before adding a user to it 2012-05-17 00:47:43 +02:00
Bart Visscher b39f01fce6 Comment spelling fix 2012-05-16 18:52:40 +02:00
Bart Visscher 5d72681d10 Better place to check caching headers 2012-05-16 18:52:40 +02:00
Arthur Schiwon 01b366df80 avoid corrupt ZIP files on lighttpd, should fix oc-467 2012-05-15 11:57:24 +02:00
Thomas Mueller 583dce5276 removing executable bit - again 2012-05-15 00:52:00 +02:00
Robin Appelman 6779f28af4 cache app types during install or update 2012-05-14 22:49:31 +02:00
Thomas Mueller bda2dbec1f Prevent Clickjacking by adding additional headers:
header('X-Frame-Options: Sameorigin');
                header('X-XSS-Protection: 1; mode=block');
                header('X-Content-Type-Options: nosniff');

Thanks to Lukas Reschke for reporting this issue (and many more).
2012-05-14 15:34:28 +02:00
Robin Appelman e7c106d91e selective app loading for remote/public 2012-05-14 00:28:28 +02:00
Michael Gapczynski a332c39472 Check if path_info is empty as well, fixes bug oc-632. Thanks to die3lustigen2. 2012-05-13 15:26:30 -04:00
Robin Appelman 8d475debe0 additional logging when db upgrade fails 2012-05-13 21:21:39 +02:00
Robin Appelman 1a2ab2ef68 prevent user creation with empty password 2012-05-13 20:53:56 +02:00
Thomas Tanghus 3926e2d4f3 VCategories: Made a small check for categories that seems to resolv the problems in Calender. Also reverts the changes from 9e6221b229. 2012-05-13 15:07:07 +02:00
Thomas Tanghus 9e6221b229 VCategories: Suppress error messages stemming from import from file app. 2012-05-13 09:16:53 +02:00
Frank Karlitschek af77ce9a9b This is RC now 2012-05-13 05:11:10 +02:00
Robin Appelman 9eb91a111d update to jquery 1.7.2 2012-05-12 00:37:19 +02:00
Brice Maron 5b7c69f978 Change sqlite escaping of identifier to double quote. Fixing some issues 2012-05-11 19:45:53 +00:00
Bart Visscher 919681f3e6 Make processed css files cachable 2012-05-11 21:33:02 +02:00
Robin Appelman 847832ae77 also set remote/public paths on installing apps 2012-05-11 20:58:23 +02:00
Robin Appelman d12021e3c4 fix sqlite3 driver against updated MDB2 2012-05-11 20:56:02 +02:00
Robin Appelman cf3940425f don't do the initial scanning of the users home folder trough the update system 2012-05-11 20:49:19 +02:00
Robin Appelman 0622fa79ba add temporary filestorage backend for testing purposed 2012-05-11 20:33:56 +02:00
Robin Appelman b40f9670ae allow clearing hooks and fileproxies 2012-05-11 20:33:56 +02:00
Robin Appelman 736739bbbd load remote and public paths from info.xml during upgrade instead of setting them every time 2012-05-11 20:33:56 +02:00
Michiel de Jong c99d7dd94f the ',last' breaks all other rewrite rules and is also not there in the committed .htaccess, so removing it. anybody know why it was there? 2012-05-11 17:59:21 +02:00
Michiel de Jong 347ce2aafa match setup script to .htaccess from repo 2012-05-11 17:30:27 +02:00
Michiel de Jong 4462b26160 oops, typo in lib/setup.php 2012-05-11 17:09:10 +02:00
Michiel de Jong 2dff357a4e add new htaccess things into setup script too 2012-05-11 17:06:04 +02:00
Georg Ehrke 8f2217ca2e make default app choosable 2012-05-11 13:56:52 +02:00
Tom Needham 709b0a1ddc Check if app is enabled before exporting its data 2012-05-10 23:06:53 +00:00
Michael Gapczynski de95bf62a2 Prevent any null bytes related exploits, thanks to Lukas Reschke 2012-05-10 11:44:06 -04:00
Michael Gapczynski d9fbdae758 Prevent XSS exploit by checking if path-info is set, thanks to Lukas Reschke 2012-05-10 10:26:12 -04:00
Sam Tuke b055ebc1fc added documentation to OCP namespace 2012-05-10 14:19:17 +01:00
Bart Visscher a9d7c67bf2 The log message is not always shown in html
The log message can also be logged with syslog, here we don't want to have html-entities. Also the log messages through json are displayed as text not html.
2012-05-10 09:13:09 +02:00
Michael Gapczynski 798e6aa40b Merge commit 'refs/merge-requests/100' of git://gitorious.org/owncloud/owncloud into merge-requests/100 2012-05-09 17:50:14 -04:00
Robin Appelman 03f66c6351 also scan new folders when checking for updates
it might cause long load times but seems the best for now
2012-05-09 20:35:12 +02:00
Georg Ehrke bc60b8d87a fix bug in public api 2012-05-09 18:33:40 +02:00
Philipp Roggan bba434ca37 fixed typo in lib/public/util.php:106 (varname to ) 2012-05-09 15:17:40 +02:00
Michael Gapczynski 051442bc76 Sanitize redirect urls 2012-05-08 17:41:50 -04:00
Tom Needham 9c47346373 Protect admin from evil log messages 2012-05-08 19:41:31 +00:00
Georg Ehrke 52717d2a1b remove comments 2012-05-08 17:07:50 +02:00
Brice Maron 9921ca11b5 Add protection for non-authorized char in installation form 2012-05-07 22:12:30 +00:00
Frank Karlitschek 43978abd80 increase to 4 beta 2012-05-07 22:58:22 +02:00
Frank Karlitschek 10d291d6b3 Merge branch 'master' of gitorious.org:owncloud/owncloud 2012-05-07 22:56:34 +02:00
Frank Karlitschek 40b823bc8b some more docu fixes 2012-05-07 22:55:44 +02:00
Bart Visscher 4dbc2093c6 Create a function for linking to remote.php 2012-05-07 21:47:14 +02:00
Georg Ehrke 5b7cefb1e5 make ampache work with remote.php 2012-05-07 20:26:09 +02:00
Georg Ehrke d032345191 fix validation of getfile parameter - i hate this bloody merge conflicts 2012-05-07 13:23:55 +02:00