Commit Graph

1395 Commits

Author SHA1 Message Date
Ralf Becker
90c55e013d try "PLAIN" first, in case IMAP wrongly reports some digest, it does not (correctly) implement 2020-02-05 10:58:34 +01:00
Ralf Becker
9cc0eaccd4 try "PLAIN" first, in case IMAP wrongly reports some digest, it does not (correctly) implement 2020-02-05 10:51:38 +01:00
Ralf Becker
abd6f7d669 allow to specify the root for lang-files 2020-02-01 17:50:56 +01:00
Hadi Nategh
faca76f6a9 Do not run restrict validation check for type taglist-account if free entries are allowed 2020-01-31 16:13:45 +01:00
Ralf Becker
1559b017d7 validate IP address in X-Forwarded-For header 2020-01-30 13:21:56 +01:00
Ralf Becker
39be6e0b89 * Sharing: temporary disable cleaning of deleted files, causing all shares to get deleted 2020-01-29 16:30:22 +01:00
Ralf Becker
b65b21fe9c allow images and media in mail via http: and https:, but remove object tags (already forbiden via CSP) 2020-01-29 14:40:30 +01:00
Ralf Becker
cc8258cb3c use random_bytes(32) which throws for not enought entropy 2020-01-29 11:12:21 +01:00
Ralf Becker
d95894d530 use etemplate-exec-id as CSRF token for ajax requests 2020-01-29 11:08:44 +01:00
nathangray
2045c08e54 * Api: Fix SQL error from doubled table name in group statement
"Unknown column 'egw_tracker.egw_tracker.tr_id' in 'group statement'"
2020-01-28 14:05:44 -07:00
Ralf Becker
ec31d93af2 do NOT load categories.php?app=phpgw for login page
It gives an error as no user is logged in, which is served as text/html, which then gives an error in browser, as it conflicts with X-Content-Type-Options: nosniff
2020-01-28 18:56:54 +01:00
Ralf Becker
57ab6f667c adding CSP frame-ancestors 'self' policy to mitigate clickjacking 2020-01-28 18:19:40 +01:00
Ralf Becker
2ea9549dcf stricter CSP policy for mail body 2020-01-28 17:45:36 +01:00
Ralf Becker
d8289ef29d stricter CSP policy 2020-01-28 17:14:51 +01:00
Ralf Becker
e9c4d3f07e complete push implementation for timesheet incl. ACL check 2020-01-24 13:31:56 +01:00
Ralf Becker
2bae92f066 ALL and SESSION constants for push 2020-01-23 16:05:32 +01:00
Ralf Becker
6e0936bd98 first take on pushing app-changes to all clients 2020-01-23 11:26:44 +01:00
nathangray
c88bf3c4a0 Fix typo 2020-01-15 08:14:04 -07:00
Ralf Becker
f7c653832f add an iterator for objects with a get_rows method 2020-01-13 14:41:46 +01:00
Ralf Becker
257fa50a1f fix PHP Warning: Use of undefined constant EGW_ACL_READ - assumed 'EGW_ACL_READ' 2020-01-09 14:41:07 +01:00
Ralf Becker
7b30bb7b0d * Admin: optional session-action column in access-log and sessions
also no longer update access-log in session-class destructor, as it fails with skipping permanent logging for WebDAV and others
2019-12-14 13:09:22 +02:00
Hadi Nategh
4276ebbe5f * Mobile theme: fix mobile theme sidebar not showing notifications 2019-12-10 14:18:05 +01:00
nathangray
1064759020 Fix /apps/projectmanager threw SQL error Unknown column 'hash' in 'order clause' 2019-12-09 14:11:55 -07:00
Ralf Becker
2df0095579 fix typo 2019-12-05 08:57:26 +02:00
Hadi Nategh
cf2d626bca Fix replying to some mails with broken pre tags would cause infinite loop 2019-12-03 14:34:32 +01:00
Ralf Becker
e305ba1d23 ignore logging of session dla only for max. of 15 min, so session status is displayed correct 2019-12-02 16:27:17 +02:00
nathangray
83e2d70222 Mail: Fix bullet & number to text conversion failed with non-ascii characters 2019-11-22 09:44:27 -07:00
nathangray
8b503dbae3 Admin: change delete user filemanager hook to move home dir, but only search /home for other files
- Translation from Birgit
2019-11-19 10:19:04 -07:00
Ralf Becker
93b1c7f1ab fix namespace issues 2019-11-19 14:02:37 +02:00
nathangray
a39d257eac Admin: change delete user home directory back to special case, getting actual file count takes way too long. 2019-11-18 14:02:38 -07:00
Ralf Becker
7cd4169768 * all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy 2019-11-15 13:54:34 +01:00
Ralf Becker
056e5c053a use hostname from setup, only if webserver-url starts with a slash, closer to previous behavior 2019-11-13 18:28:33 +01:00
Ralf Becker
2fcdcb5afe * CalDAV/Calendar: iOS also no longer allowed to accept/reject invitations
now we skip encoding href attributes with mailto: urls independent of user-agent
2019-11-13 16:12:50 +01:00
Ralf Becker
302800b414 new class Api\Header\Http to handle X-Forwarded-Host and -Schema headers
also kope now with multiple comma-separated host-names in X-Forwarded-Host header happening with multiple proxys
2019-11-12 20:13:24 +01:00
Ralf Becker
c768c9cbf7 * CalDAV/Calendar: Lightning 68 no longer allowed to accept/reject invitations
Caused by calendar-user-address-set in principal had url encoded @ in email
--> now using a minimal url-encoding for Lightning, to not encode @
2019-11-11 18:02:20 +01:00
nathangray
5acd287e8d * Mail: keep number & bullet lists when converting to plain text 2019-11-08 11:42:25 -07:00
nathangray
d8faef3503 Admin: Extend Vfs::deleteAccount hook to all the files it can find, not just home dir. 2019-11-07 13:46:14 -07:00
Ralf Becker
bf844b7598 support for new Swoole push server 2019-11-04 09:29:49 +01:00
Ralf Becker
972ebf56f2 speed up restore of database by inserting up to 500 row in one statement (was only 10) 2019-10-30 17:15:23 +01:00
Ralf Becker
bdc8e71057 * Mail: stop logging of mails to webserver error-log 2019-10-30 15:09:11 +01:00
Ralf Becker
8f6df975fe also remove /api/thumbnail.php from access-log updates 2019-10-29 13:20:23 +01:00
Ralf Becker
b926ffc5c8 fix IDE warnings 2019-10-29 09:36:49 +01:00
Ralf Becker
aecea69519 extract logic of custom-field search method
process_search modifies the parameters so search calls this method and then its parent with the modified parameters
2019-10-22 17:07:21 +02:00
Ralf Becker
cad1ec2aaf fix regular expression to not update access-log for avatar 2019-10-22 09:58:18 +02:00
Ralf Becker
5a9bc1a98a UCS 4.4 Rest API gives an error creating group "Default"
claiming a user or group with that name exists, which is not the case
(probably because other LDAP objects with cn=Default exist)
we work around that by creating it as DefaultX and rename it in LDAP to Default for now
2019-10-18 16:23:50 +02:00
Hadi Nategh
414b169791 Add missing timezone selectbox in framework 2019-10-18 15:01:08 +02:00
Hadi Nategh
b13a3a4619 * Mail: fix mails consists of both multipart/mixed and multipart/related create duplicated content 2019-10-16 17:01:02 +02:00
Ralf Becker
df1909d8c1 skip mail-accounts is user editable check for password change
some stored credentials are not event linked to mail accounts or 
might belong to by user not editable accounts like smime on a mail account for all
2019-10-15 18:34:15 +02:00
Hadi Nategh
5a1fbe7049 Use letter avatar when user have no personal avatar is set in addressbook 2019-10-15 14:06:33 +02:00
nathangray
121d5f82ef Etemplate: Fix taglist-account would reject most values 2019-10-11 11:55:10 -06:00
nathangray
a05c66f32c Api: Cleanup by moving password check to its own function 2019-10-11 10:51:40 -06:00
nathangray
56989f338b Remove duplicate method 2019-10-08 14:44:35 -06:00
nathangray
8d58409211 Get Sharing to recognize editable Collabora shares for determining class 2019-10-08 14:43:17 -06:00
Ralf Becker
5dcf1e842f fix for stable Univention 4.4-2 REST API 2019-09-30 12:37:48 +02:00
nathangray
084d2f7ac7 Etemplate: Expand VFS path attribute, if present 2019-09-27 13:40:24 -06:00
Ralf Becker
71d3e3a80c ignore updates (session creation is written) of *dav and avatar, due to possible high volume of updates 2019-09-27 15:59:10 +02:00
Ralf Becker
21a44891ed * InfoLog: fix delegation no longer shown after database restore 2019-09-24 11:23:17 +02:00
nathangray
4e339a62a4 Filemanager: Fix shared directory could not open odp (or other non-odt files) in Collabora
Also fix "Permission denied" error trying to open office files without Collabora
2019-09-18 11:54:08 -06:00
Ralf Becker
4f367e6bf1 * Univention: fix "Must change password upon next login" feature 2019-09-16 10:06:57 +02:00
Ralf Becker
c5ea1618af CalDAV/CardDAV: fix not working creation of new contacts in MacOS Addressbook
OSX Addressbook sends ?add-member url-encoded
2019-09-12 09:10:19 +02:00
Ralf Becker
e2529ea8a3 * Preferences: always show Security & Password popup, only disable password tab, if no rights to change it 2019-09-11 12:15:38 +02:00
nathangray
c0757e5e58 Api - fix typo preventing translation of exception headlines 2019-09-09 14:22:15 -06:00
Ralf Becker
3967d2a3b6 fix aborted WebAuthn not treated as failure of 2nd factor, if registered 2019-09-06 10:36:21 +02:00
Ralf Becker
b56c1ae856 hook to allow apps to modify login page, eg. for multifactor auth 2019-09-04 15:15:18 +02:00
nathangray
397b77a86d Mail - another fix for extra newlines, now with less out of memory errors 2019-08-29 11:53:40 -06:00
nathangray
c59807d861 Api - No need to make the link titles safe here, it just makes timesheet titles look weird 2019-08-23 16:01:01 -06:00
nathangray
3bec6326f9 Api - Add Sharing->get_path() so we can get the path of the share 2019-08-23 14:19:10 -06:00
nathangray
e099086151 Fix sharing only looks for addressbook templates for insert into document 2019-08-22 16:04:07 -06:00
nathangray
5bc2467de3 Api - Better handling of enabled attribute for share actions 2019-08-22 15:56:17 -06:00
nathangray
a49e3a3c15 Api - Add a Share filemanager directory context menu action 2019-08-22 15:18:40 -06:00
Ralf Becker
c706f3f09c pending translations from our translation server 2019-08-22 13:57:23 +02:00
Ralf Becker
681679382c * Api: no longer loggin last-logintime of anonymous user
to not block website and also to better cope with high rate anon endpoints 
might be called creating a bottleneck in the egw_accounts table.
2019-08-19 16:51:13 +02:00
Ralf Becker
77ca6dcece one more old eGroupWare 2019-08-14 12:13:47 +02:00
Ralf Becker
a594f9ccee add cache-buster to new login-background to force browser to load it 2019-08-13 15:01:18 +02:00
Ralf Becker
30a2c4d90f fix default "EGroupware" site_title for new login page 2019-08-09 15:52:19 +02:00
Ralf Becker
1403c7ffd0 * Login: new background and logo for login page 2019-08-09 14:41:16 +02:00
Hadi Nategh
5dcb431087 Revert commit 91f85186cd as it breaks mail reply 2019-08-06 15:51:25 +02:00
Ralf Becker
2776d215e2 * Login: RememberMe token for either automatic login or as 2. factor for 2-Factor-Auth 2019-08-03 18:37:18 +02:00
nathangray
91f85186cd Mail - fix extra newlines added when switching email from HTML to text 2019-08-02 11:50:52 -06:00
nathangray
1131d07199 Revert "Etemplate - avoid error if child is not a widget", it causes other random breaking
This reverts commit 1f63996a2c.
2019-08-02 11:08:14 -06:00
nathangray
1f63996a2c Etemplate - avoid error if child is not a widget
though it never should be...
2019-08-02 10:33:38 -06:00
Ralf Becker
92f89f93ca fix namespace in docu 2019-08-01 18:39:14 +02:00
nathangray
890cd4e4a4 Api - give error if share path is missing 2019-07-31 10:31:13 -06:00
Ralf Becker
a45c63d5ec setting a timeout of 30 seconds, as recommended by Univention 2019-07-31 12:48:59 +02:00
Ralf Becker
45d3def574 fix "405 Method not allowed" error updating users and retrying on connection failure once 2019-07-31 12:10:35 +02:00
Hadi Nategh
33aa092453 Add descriptive tooltip for avatar status 2019-07-31 11:45:39 +02:00
Ralf Becker
f4840d1d87 fix PHP Warning: count(): Parameter must be an array or an object that implements Countable 2019-07-31 10:55:46 +02:00
Ralf Becker
9370dbf116 fix Argument 2 passed to EGroupware\Api\Accounts\Univention\Udm::user2udm() must be of the type array, null given
GET to users/user/$dn returns just the entry
2019-07-30 19:44:22 +02:00
Ralf Becker
02c21fe2f9 remove commented out fixing of policies as object 2019-07-30 18:27:29 +02:00
Hadi Nategh
053a2aeefd Call no named attachment "forwarded message" only if it's a message 2019-07-30 12:14:42 +02:00
nathangray
bfc2728ad3 Add github link to Collabora key description 2019-07-29 09:36:27 -06:00
nathangray
997822182d Api - Move Collabora credential type ID into parent to avoid collisions 2019-07-29 09:26:49 -06:00
Hadi Nategh
d52410ed94 Fix icon for Share link action 2019-07-29 15:36:57 +02:00
Ralf Becker
6435eb1293 * Api: fix error adding/editing catgories or custom fields 2019-07-29 11:21:54 +02:00
Hadi Nategh
1125857730 Same fix as commit 377766293f for mail display 2019-07-29 11:18:26 +02:00
Hadi Nategh
5b420c7d0d Reduce letter avatar size by 50% 2019-07-22 15:01:25 +02:00
Ralf Becker
26a287b7d9 use new Univention UDM Rest Api, instead of univention-directory-manager cli 2019-07-22 11:18:28 +02:00
nathangray
58c53efd49 Api - When doing monthly share cleanup, check to see if share target is still valid
- removed some duplicated code
2019-07-18 15:25:28 -06:00
Ralf Becker
b433ed7037 remove some more prefixes 2019-07-18 15:43:39 +02:00
Ralf Becker
15d8e0d422 allow to search for multiple items and strip "contact_" prefix 2019-07-18 15:27:06 +02:00