39be6e0b89
* Sharing: temporary disable cleaning of deleted files, causing all shares to get deleted
2020-01-29 16:30:22 +01:00
b65b21fe9c
allow images and media in mail via http: and https:, but remove object tags (already forbiden via CSP)
2020-01-29 14:40:30 +01:00
cc8258cb3c
use random_bytes(32) which throws for not enought entropy
2020-01-29 11:12:21 +01:00
d95894d530
use etemplate-exec-id as CSRF token for ajax requests
2020-01-29 11:08:44 +01:00
2045c08e54
* Api: Fix SQL error from doubled table name in group statement
...
"Unknown column 'egw_tracker.egw_tracker.tr_id' in 'group statement'"
2020-01-28 14:05:44 -07:00
ec31d93af2
do NOT load categories.php?app=phpgw for login page
...
It gives an error as no user is logged in, which is served as text/html, which then gives an error in browser, as it conflicts with X-Content-Type-Options: nosniff
2020-01-28 18:56:54 +01:00
57ab6f667c
adding CSP frame-ancestors 'self' policy to mitigate clickjacking
2020-01-28 18:19:40 +01:00
2ea9549dcf
stricter CSP policy for mail body
2020-01-28 17:45:36 +01:00
d8289ef29d
stricter CSP policy
2020-01-28 17:14:51 +01:00
e9c4d3f07e
complete push implementation for timesheet incl. ACL check
2020-01-24 13:31:56 +01:00
2bae92f066
ALL and SESSION constants for push
2020-01-23 16:05:32 +01:00
6e0936bd98
first take on pushing app-changes to all clients
2020-01-23 11:26:44 +01:00
c88bf3c4a0
Fix typo
2020-01-15 08:14:04 -07:00
f7c653832f
add an iterator for objects with a get_rows method
2020-01-13 14:41:46 +01:00
257fa50a1f
fix PHP Warning: Use of undefined constant EGW_ACL_READ - assumed 'EGW_ACL_READ'
2020-01-09 14:41:07 +01:00
7b30bb7b0d
* Admin: optional session-action column in access-log and sessions
...
also no longer update access-log in session-class destructor, as it fails with skipping permanent logging for WebDAV and others
2019-12-14 13:09:22 +02:00
4276ebbe5f
* Mobile theme: fix mobile theme sidebar not showing notifications
2019-12-10 14:18:05 +01:00
1064759020
Fix /apps/projectmanager threw SQL error Unknown column 'hash' in 'order clause'
2019-12-09 14:11:55 -07:00
2df0095579
fix typo
2019-12-05 08:57:26 +02:00
cf2d626bca
Fix replying to some mails with broken pre tags would cause infinite loop
2019-12-03 14:34:32 +01:00
e305ba1d23
ignore logging of session dla only for max. of 15 min, so session status is displayed correct
2019-12-02 16:27:17 +02:00
83e2d70222
Mail: Fix bullet & number to text conversion failed with non-ascii characters
2019-11-22 09:44:27 -07:00
8b503dbae3
Admin: change delete user filemanager hook to move home dir, but only search /home for other files
...
- Translation from Birgit
2019-11-19 10:19:04 -07:00
93b1c7f1ab
fix namespace issues
2019-11-19 14:02:37 +02:00
a39d257eac
Admin: change delete user home directory back to special case, getting actual file count takes way too long.
2019-11-18 14:02:38 -07:00
7cd4169768
* all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy
2019-11-15 13:54:34 +01:00
056e5c053a
use hostname from setup, only if webserver-url starts with a slash, closer to previous behavior
2019-11-13 18:28:33 +01:00
2fcdcb5afe
* CalDAV/Calendar: iOS also no longer allowed to accept/reject invitations
...
now we skip encoding href attributes with mailto: urls independent of user-agent
2019-11-13 16:12:50 +01:00
302800b414
new class Api\Header\Http to handle X-Forwarded-Host and -Schema headers
...
also kope now with multiple comma-separated host-names in X-Forwarded-Host header happening with multiple proxys
2019-11-12 20:13:24 +01:00
c768c9cbf7
* CalDAV/Calendar: Lightning 68 no longer allowed to accept/reject invitations
...
Caused by calendar-user-address-set in principal had url encoded @ in email
--> now using a minimal url-encoding for Lightning, to not encode @
2019-11-11 18:02:20 +01:00
5acd287e8d
* Mail: keep number & bullet lists when converting to plain text
2019-11-08 11:42:25 -07:00
d8faef3503
Admin: Extend Vfs::deleteAccount hook to all the files it can find, not just home dir.
2019-11-07 13:46:14 -07:00
bf844b7598
support for new Swoole push server
2019-11-04 09:29:49 +01:00
972ebf56f2
speed up restore of database by inserting up to 500 row in one statement (was only 10)
2019-10-30 17:15:23 +01:00
bdc8e71057
* Mail: stop logging of mails to webserver error-log
2019-10-30 15:09:11 +01:00
8f6df975fe
also remove /api/thumbnail.php from access-log updates
2019-10-29 13:20:23 +01:00
b926ffc5c8
fix IDE warnings
2019-10-29 09:36:49 +01:00
aecea69519
extract logic of custom-field search method
...
process_search modifies the parameters so search calls this method and then its parent with the modified parameters
2019-10-22 17:07:21 +02:00
cad1ec2aaf
fix regular expression to not update access-log for avatar
2019-10-22 09:58:18 +02:00
5a9bc1a98a
UCS 4.4 Rest API gives an error creating group "Default"
...
claiming a user or group with that name exists, which is not the case
(probably because other LDAP objects with cn=Default exist)
we work around that by creating it as DefaultX and rename it in LDAP to Default for now
2019-10-18 16:23:50 +02:00
414b169791
Add missing timezone selectbox in framework
2019-10-18 15:01:08 +02:00
b13a3a4619
* Mail: fix mails consists of both multipart/mixed and multipart/related create duplicated content
2019-10-16 17:01:02 +02:00
df1909d8c1
skip mail-accounts is user editable check for password change
...
some stored credentials are not event linked to mail accounts or
might belong to by user not editable accounts like smime on a mail account for all
2019-10-15 18:34:15 +02:00
5a1fbe7049
Use letter avatar when user have no personal avatar is set in addressbook
2019-10-15 14:06:33 +02:00
121d5f82ef
Etemplate: Fix taglist-account would reject most values
2019-10-11 11:55:10 -06:00
a05c66f32c
Api: Cleanup by moving password check to its own function
2019-10-11 10:51:40 -06:00
56989f338b
Remove duplicate method
2019-10-08 14:44:35 -06:00
8d58409211
Get Sharing to recognize editable Collabora shares for determining class
2019-10-08 14:43:17 -06:00
5dcf1e842f
fix for stable Univention 4.4-2 REST API
2019-09-30 12:37:48 +02:00
084d2f7ac7
Etemplate: Expand VFS path attribute, if present
2019-09-27 13:40:24 -06:00
