nextcloud/settings
Lukas Reschke becde58952
Add sudo mode to enabling and disabling apps
Otherwise an administrator could bypass sudo mode by installing an app that allows RCE by design. I've by intention excluded the update endpoint from the requirement because updating apps should be as unintruisive as possible.

Not the cleanest approach by adding this to the AJAX endpoints instead of requiring a controller but for 11 this felt safer for me. We can clean this up together later then. (also the other AJAX endpoints in this folder do have the same logic)

Ref https://github.com/nextcloud/server/issues/2487

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-05 15:12:28 +01:00
..
Controller Show app store rating only for 5+ votes 2016-11-30 15:59:02 +01:00
Middleware Fix others 2016-07-21 18:13:57 +02:00
ajax Add sudo mode to enabling and disabling apps 2016-12-05 15:12:28 +01:00
css Allow emtpy values on personal page and fix saving checkmark position 2016-12-05 10:48:52 +01:00
img Get rid of settings/img/*.png 2016-10-20 14:20:47 +02:00
js Add sudo mode to enabling and disabling apps 2016-12-05 15:12:28 +01:00
l10n [tx-robot] updated from transifex 2016-12-05 01:07:41 +00:00
templates Merge pull request #2468 from nextcloud/fix-personal-settings-readonly 2016-12-05 12:15:04 +01:00
tests/js Fixes javascript tests for apps.js 2016-11-13 14:28:32 +01:00
Application.php Clean up the Application class again 2016-11-22 15:04:03 +01:00
help.php Update with robin 2016-07-21 18:13:58 +02:00
personal.php Language 2016-11-30 15:20:04 +01:00
routes.php bring back setEmailAddress for the user management 2016-11-25 10:26:48 +01:00
users.php Update with robin 2016-07-21 18:13:58 +02:00