sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,720 Commits
651 Branches
1175 Tags
9.5 GiB
Commit Graph

4720 Commits (3ca5c71a0bbc330241a9b031c607aa81042fffa5)
 

Author SHA1 Message Date
Lukas Reschke 3ca5c71a0b Use /dev/urandom instead of /dev/random 
The usage of /dev/urandom is enough secure
 2012-10-15 19:23:37 +07:00
Lukas Reschke 7f06f93e9e Show a warning in the installer if no secure RNG is available 2012-10-14 17:17:06 +07:00
Lukas Reschke e99cf5cf49 Fallback to /dev/random if openssl_random_pseudo_bytes not available 2012-10-14 16:16:20 +07:00
Lukas Reschke 306eb6d319 Doublehash the token to prevent timing attacks 2012-10-14 12:15:00 +07:00
Lukas Reschke 1772f36950 Sanitize file names 2012-10-12 15:43:46 +07:00
Lukas Reschke 77eff3479d Sanitize file names 2012-10-12 15:42:15 +07:00
Lukas Reschke 299c664655 escapeHTML function 2012-10-12 15:24:53 +07:00
Lukas Reschke d4b19ef0db Update FullCalendar to 1.5.4 2012-10-12 15:21:46 +07:00
Thomas Tanghus 7cf133249e Don't try to add invalid cards via CardDAV. 2012-10-11 17:51:14 +07:00
Frank Karlitschek 033ac60208 4.0.8 2012-10-09 17:07:10 +07:00
Arthur Schiwon d8e0be18c8 destroy invalid sessions 2012-10-08 13:53:08 +07:00
Lukas Reschke f96bf9eb81 Remove the webodf sources 
This is a backport of 683a0c1 /cc @DeepDiver1975
 2012-10-06 14:32:52 +07:00
Lukas Reschke b76a335dc9 Sanitize user input 
This is a backport of 4f7c7c6 /cc @DeepDiver1975
 2012-10-06 14:23:22 +07:00
Lukas Reschke 375eae1a5c Use openssl_random_pseudo_bytes if available 
This is a backport of ef57e92 /cc @DeepDiver1975
 2012-10-06 14:19:58 +07:00
Thomas Tanghus ca216b5296 Trim trailing whitespace from version. 2012-09-26 11:33:14 +07:00
Arthur Schiwon c212d118ba fix default values in table fscache 2012-09-26 11:28:47 +07:00
Lukas Reschke 292d20595d Passwords containing a ":" don't work with this explode 
Thanks to mETz
 2012-09-25 19:49:42 +07:00
Lukas Reschke 1e7ac8ba15 Sanitize user input 2012-09-22 10:55:25 +07:00
Tom Needham 1954f80fa3 Don't store users password hash when exporting. 2012-09-19 16:19:47 +07:00
Tom Needham a5c42edbe5 Only try to delete migration.db if it was created. 2012-09-18 16:31:27 +07:00
Tom Needham 3b465f419a Allow exporting of users from any user backend, fixed oc-1645 2012-09-18 16:30:13 +07:00
Arthur Schiwon 0f489e80ad LDAP: transliterate other latin characters to ASCII when creating owncloud names. Already created usernames are not being affected. Fixes ugly names with removed Umlauts, chars with accents and likes. 2012-09-18 17:10:21 +07:00
Victor Dubiniuk 95a748152e Fix for cyrillic folder names. ref#oc-1683 2012-09-11 23:57:13 +07:00
Lukas Reschke d050e6e04e Merge pull request #11 from ne704/typos 
fix message about 'apps' directory
 2012-09-10 10:13:21 +07:00
Niko Ehrenfeuchter ae3ea39a4c fix message about 'apps' directory 2012-09-10 19:06:03 +07:00
Lukas Reschke 943a9a2e09 Merge pull request #10 from ne704/typos 
Typos
 2012-09-10 09:41:26 +07:00
Niko Ehrenfeuchter 76ccd69cec mark unused variables 2012-09-10 16:04:05 +07:00
Niko Ehrenfeuchter 88d95823b2 fix typos 2012-09-10 16:04:03 +07:00
Niko Ehrenfeuchter ac4364040d fix typos + copy-paste errors in comments 2012-09-10 16:03:46 +07:00
Georg Ehrke b37d318159 back port better input validation in calendar from apps repo 2012-08-31 14:27:03 +07:00
Arthur Schiwon b11203537e LDAP: check for existing username from other backends when creating one for an LDAP user or group. Fixes oc-1551 in stable4. Also optimizes groupExists() function as side effect. 2012-08-29 18:07:32 +07:00
Lukas Reschke a79175330e Gitorious => Github 2012-08-26 11:32:20 +07:00
Lukas Reschke 49c17fc391 I like TLS/SSL 2012-08-26 00:56:18 +07:00
Lukas Reschke 5afdfec91d Sanitizing the user input to prevent a reflected XSS. Thanks to Nico Golde (ngolde.de) 2012-08-21 17:56:20 +07:00
Arthur Schiwon 2051a5db5d Fix deletion for browser that do not support onBeforeUnload, fixes oc-1534 2012-08-20 17:04:57 +07:00
Lukas Reschke 4984a72d0d Add a missing exit(); 2012-08-18 14:57:19 +07:00
Lukas Reschke 45003593e1 Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde. 2012-08-18 09:26:58 +07:00
Georg Ehrke f53dd22cd9 backport 1bccc80996 2012-08-16 15:30:55 +07:00
Frank Karlitschek 526e704c9f 4.0.7 
and remove some ^M while at it
 2012-08-14 20:07:58 +07:00
Lukas Reschke 4682846d3e Disable user enumeration 2012-08-14 17:19:20 +07:00
Michael Gapczynski 95ef80e6db Check blacklist when renaming files 2012-08-13 01:29:32 +07:00
Lukas Reschke 4fd069b479 Also check some other files 2012-08-13 01:26:28 +07:00
Lukas Reschke 2024d424cd Disable listing of all users 2012-08-13 01:22:53 +07:00
Jakob Sack 6d94455540 Fix OC_Connector_Sabre_Locks for SQLite 2012-08-12 09:06:46 +07:00
Lukas Reschke 2871896d54 Check if webfinger is enabled 2012-08-10 16:38:32 +07:00
Michael Gapczynski e9a63900de Don't return file handle if the mode supports writing and the file is not writable 
Conflicts:
	apps/files_sharing/sharedstorage.php
 2012-08-10 09:46:44 +07:00
Lukas Reschke baab13ae13 Validate cookie to prevent auth bypasses. 2012-08-10 15:23:04 +07:00
Lukas Reschke 5192eecce2 Added XSRF check 2012-08-10 00:11:04 +07:00
Lukas Reschke 7581d55428 Missed an "echo" 2012-08-09 22:17:52 +07:00
Lukas Reschke aae17d4ae8 Sanitize user input 2012-08-09 22:14:48 +07:00