Lukas Reschke
a65410f23c
Remove the CSP header for Firefox
https://bugzilla.mozilla.org/show_bug.cgi?id=737064 *gnarf*
11 years ago
Lukas Reschke
e5cc5a0a2d
Allow the loading of external images
11 years ago
Lukas Reschke
293e7bdcf0
Notice about changing the standard policy
11 years ago
Lukas Reschke
0517465f4d
Allow admins to change the CSP policy in the config file
11 years ago
Lukas Reschke
351d206dd3
Allow eval() and send headers for legacy browsers
The blocking of eval() seems to have problems with JQuery 1.7.2 - let's allow it for now and disable it in the future.
11 years ago
Lukas Reschke
3ffbaf4795
Allow iframes to external domains
11 years ago
Lukas Reschke
0c59074eeb
Correct copy paste fail
11 years ago
Lukas Reschke
af8c193605
Disallow inline JS
11 years ago
Lukas Reschke
967b7947a1
Add the default-src
11 years ago
Lukas Reschke
c82d6e5153
Add CSP header
11 years ago
Bart Visscher
a8f963d9cf
Spaces to tabs
11 years ago
Thomas Mueller
44e5c052b3
handling proper display of files/folders with negative size
refs #1162
11 years ago
Brice Maron
a310dcb0ff
Fix a dirty function preventing showing errors
11 years ago
Frank Karlitschek
0f61816278
A new function to create nice error page. And use it for fatal db errors
11 years ago
Alessandro Cosentino
7d01342bab
fix translation issues with previous commit
11 years ago
Alessandro Cosentino
aa917cfb18
uncomment hours entries in relative date functions
11 years ago
Felix Moeller
0e70ea9d8b
Checkstyle: Fix the last 25 NoSpaceAfterComma
11 years ago
Felix Moeller
30d7993e01
Checkstyle fixes: NoSpaceAfterComma
11 years ago
Felix Moeller
f8d1d7787e
Checkstyle fixes for SpaceBeforeOpenBrace
11 years ago
Felix Moeller
afadf93d31
Checkstyle: many fixes
11 years ago
Lukas Reschke
7a7f12a0c1
Create only one CSRF token per session
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)
With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
11 years ago
Bernhard Posselt
bf3dac05d1
added functions for printing escaped and unescaped values
11 years ago
Felix Moeller
03581ef463
Correct a first issue Checkstyle is complaining about ...
This is BracketsNotRequired
11 years ago
Sam Tuke
8b01286a5d
Merged branch 'master'
11 years ago
Lukas Reschke
d525654fcd
Correct indentation
11 years ago
Björn Schießle
f493e97f5d
always generate access token, also for forms shown to anonymous users (e.g. public shares)
11 years ago
Christian Reiner
71454b1bca
Fix to preserve backward compatibility for apps creating static links containing the request token (currently the contacts app and maybe some 3rd party implementations)
11 years ago
Christian Reiner
743826bbf3
Reimplementation of CSRF protection including autorefresh
11 years ago
Robin Appelman
4131b205d4
fix some more phpdoc
11 years ago
scambra
e48811017d
fix translation for core/lostpassword
11 years ago
Thomas Mueller
3829460ab8
adding space between) and {
11 years ago
Bart Visscher
1a46192433
Add args parameter to linkTo(Absolute) function, to append the args automaticly
11 years ago
Thomas Mueller
58b1e841f1
fix translations within subfolder /lib
12 years ago
Bart Visscher
db18218a1b
Space before tab fixes
12 years ago
Bart Visscher
52f2e7112e
Whitespace fixes in lib
12 years ago
Robin Appelman
48306a3c4f
fix unused variables
12 years ago
Bjoern Schiessle
902c649dad
use new sanitize HTML function backported
Conflicts:
lib/template.php
12 years ago
Bjoern Schiessle
f11e4d7cd6
removing sanitizeHTML() function from template.php since I moved it to util.php
to make it more generic.
12 years ago
Bjoern Schiessle
089ae980c4
use new sanitize HTML function
12 years ago
Brice Maron
cfb3b633f5
Force sanitize function to use UTF8 (for php lower than 5.4)
12 years ago
Bart Visscher
180243d92a
Move page layout handling to its own class
12 years ago
Bart Visscher
332603a263
Move formfactor code to OC_Template
12 years ago
Thomas Tanghus
625cd822c3
Backport CSRF prevention.
12 years ago
Thomas Tanghus
89464721c7
Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.
12 years ago
Lukas Reschke
2b22c538c8
Make some apps compatible
12 years ago
Lukas Reschke
6d68b7620c
Check for string
12 years ago
Lukas Reschke
18e44ba2f3
Some updates...
12 years ago
Lukas Reschke
b63795ccb8
Handling arrays
12 years ago
Lukas Reschke
c009bc4b87
Revert
12 years ago
Lukas Reschke
6817a6b102
First try of implementing assignHTML
12 years ago