mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nextcloud/lib/private
History
Lukas Reschke f3e9106864 Don't trust update server 
In case the update server may deliver malicious content this would allow an adversary to inject arbitrary HTML into the response. So very bad stuff.

While signing the response would be better and something we can also do in the future (considering the code signing work), this is already a good first start.
 		2015-11-28 12:21:53 +01:00
..
activity update licence headers via script 2015-10-05 21:15:52 +02:00
app Always installed apps includes the hardcoded ones from shipped.json 2015-11-19 09:11:14 +01:00
appframework Merge pull request #20782 from mitar/better-https 2015-11-27 14:24:23 +01:00
archive Fix #19181: Support .bz2 app archives 2015-10-20 21:56:24 +02:00
backgroundjob deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
cache Allow storage wrappers to through a forbidden exception with retry information 2015-11-17 10:39:52 +01:00
command Merge pull request #15129 from owncloud/version-command-bus 2015-03-26 19:55:13 +01:00
console Update license headers 2015-10-26 14:04:01 +01:00
contacts Update license headers 2015-03-26 11:44:36 +01:00
db Merge pull request #20393 from owncloud/querybuilder-select-with-alias 2015-11-26 16:19:20 +01:00
diagnostics Update license headers 2015-03-26 11:44:36 +01:00
encryption cache result from parent folders 2015-11-04 09:27:29 +01:00
files also log exception 2015-11-27 14:28:15 +01:00
group Adjust PHPDoc as suggested 2015-11-20 14:38:29 +01:00
hooks update license headers and authors 2015-06-25 14:13:49 +02:00
http/client update licence headers via script 2015-10-05 21:15:52 +02:00
l10n update licence headers via script 2015-10-05 21:15:52 +02:00
legacy Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
lock Update license headers 2015-10-26 14:04:01 +01:00
log fixes #20538 2015-11-16 16:29:21 +01:00
mail Setup sendmail transport 2015-10-08 16:48:18 +02:00
memcache Handle errors on memcached level - fixes #17397 2015-11-10 15:58:17 +01:00
notification Make sure that object id can be a string 2015-11-23 14:18:15 +01:00
ocs Add a new core capability which tells the clients which url to use 2015-11-03 14:27:36 +01:00
preview deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
route deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
search Scrutinizer Auto-Fixes 2015-05-19 11:23:06 +00:00
security Use native CSPRNG if available 2015-11-09 15:04:22 +01:00
session Delete cookie instead of emptying value 2015-10-19 19:54:12 +02:00
setup Update license headers 2015-10-26 14:04:01 +01:00
share use hooks to auto add server to the list of trusted servers once a federated share was created 2015-11-24 11:34:38 +01:00
share20 [Sharing 2.0] Fix phpdoc etc 2015-11-24 10:26:36 +01:00
tagging Update license headers 2015-03-26 11:44:36 +01:00
template Untangle the linkToDocs method in OC_Helper 2015-11-26 13:58:43 +01:00
user Introduce \OCP\IUser::getEMailAddress() 2015-11-25 22:23:34 +01:00
activitymanager.php update licence headers via script 2015-10-05 21:15:52 +02:00
allconfig.php Move the filtering of sensitive data to the config class 2015-09-25 11:08:33 +02:00
api.php Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
app.php Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
appconfig.php update licence headers via script 2015-10-05 21:15:52 +02:00
apphelper.php update license headers and authors 2015-06-25 14:13:49 +02:00
archive.php Use actual mimetype detection instead of extension 2015-10-31 00:55:37 +01:00
avatar.php Update license headers 2015-10-26 14:04:01 +01:00
avatarmanager.php Update license headers 2015-10-26 14:04:01 +01:00
capabilitiesmanager.php Update license headers 2015-10-26 14:04:01 +01:00
config.php Untangle the linkToDocs method in OC_Helper 2015-11-26 13:58:43 +01:00
contactsmanager.php Update license headers 2015-03-26 11:44:36 +01:00
databaseexception.php Update license headers 2015-03-26 11:44:36 +01:00
databasesetupexception.php Update license headers 2015-03-26 11:44:36 +01:00
datetimeformatter.php Update license headers 2015-03-26 11:44:36 +01:00
datetimezone.php When guessing the timezone, the offset might only be valid on a given timestamp 2015-04-07 10:13:06 +02:00
db.php Remove remainings of mssql 2015-07-29 18:19:31 +02:00
defaults.php Revert "make knowledge base url configurable" 2015-08-11 14:20:25 +02:00
eventsource.php update licence headers via script 2015-10-05 21:15:52 +02:00
filechunking.php work directly on storages when doing a chunked upload assembly 2015-09-14 20:35:33 +02:00
files.php Allow storage wrappers to through a forbidden exception with retry information 2015-11-17 10:39:52 +01:00
forbiddenexception.php Update license headers 2015-03-26 11:44:36 +01:00
group.php Adjust PHPDoc as suggested 2015-11-20 14:38:29 +01:00
helper.php Untangle the linkToDocs method in OC_Helper 2015-11-26 13:58:43 +01:00
hintexception.php Update license headers 2015-03-26 11:44:36 +01:00
hook.php Update license headers 2015-10-26 14:04:01 +01:00
httphelper.php Add connection timeout to default POST options 2015-05-26 11:22:50 +02:00
image.php Update license headers 2015-10-26 14:04:01 +01:00
installer.php Remove last occurences of OC_Helper::getMimeType() 2015-11-26 10:18:32 +01:00
json.php Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
l10n.php Add warning for broken l10n json files 2015-10-30 09:10:16 +01:00
largefilehelper.php Update license headers 2015-03-26 11:44:36 +01:00
log.php update licence headers via script 2015-10-05 21:15:52 +02:00
naturalsort.php update licence headers via script 2015-10-05 21:15:52 +02:00
naturalsort_defaultcollator.php Update license headers 2015-03-26 11:44:36 +01:00
navigationmanager.php Update license headers 2015-03-26 11:44:36 +01:00
needsupdateexception.php Update license headers 2015-03-26 11:44:36 +01:00
notsquareexception.php Update license headers 2015-03-26 11:44:36 +01:00
ocs.php update licence headers via script 2015-10-05 21:15:52 +02:00
ocsclient.php Disable app store for EE by default 2015-10-08 14:52:52 +02:00
preview.php Add tests 2015-10-01 13:17:22 +02:00
previewmanager.php update license headers and authors 2015-06-25 14:13:49 +02:00
repair.php Add a repair step that checks for group membership on shares 2015-10-29 09:26:26 +01:00
repairexception.php Update license headers 2015-03-26 11:44:36 +01:00
repairstep.php update license headers and authors 2015-06-25 14:13:49 +02:00
response.php Use getHttpProtocol instead of $_SERVER 2015-10-30 18:05:30 +01:00
search.php Update license headers 2015-03-26 11:44:36 +01:00
server.php Update license headers 2015-10-26 14:04:01 +01:00
servernotavailableexception.php update license headers and authors 2015-06-25 14:13:49 +02:00
serviceunavailableexception.php Update license headers 2015-03-26 11:44:36 +01:00
setup.php Check for PDO instead of removed function for PHP 7 compatibility 2015-07-30 12:32:22 +02:00
streamer.php Update license headers 2015-10-26 14:04:01 +01:00
subadmin.php subadmin methods should not return any null user or group 2015-11-05 11:50:57 +01:00
systemconfig.php Deduplicate constant 2015-09-25 13:17:23 +02:00
tagmanager.php Update license headers 2015-03-26 11:44:36 +01:00
tags.php Fix undefined variable $tagId 2015-05-04 16:19:26 +02:00
template.php Now using IE8 workaround of davclient.js for all IE versions 2015-11-22 16:05:52 +01:00
templatelayout.php Don't trust update server 2015-11-28 12:21:53 +01:00
tempmanager.php deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
updater.php Update license headers 2015-10-26 14:04:01 +01:00
urlgenerator.php Fix UrlGenerator::imagePath() for app paths 2015-04-03 23:42:18 +01:00
user.php Update license headers 2015-10-26 14:04:01 +01:00
util.php Untangle the linkToDocs method in OC_Helper 2015-11-26 13:58:43 +01:00