Klaus Leithoff
|
5e425398fa
|
change convertHTMLToText behavior, regarding the replacing of CRLF or LF to single space; now removing them completely, when text to be processed is regarded to be html
|
2013-09-18 12:14:59 +00:00 |
|
Ralf Becker
|
b8341e48a1
|
mitigate risk of html downloads by using Content-Security-Policy header or Content-Disposition: attachment for IE
|
2013-09-12 18:49:07 +00:00 |
|
Ralf Becker
|
9523ba79c2
|
removed not used assignment
|
2013-09-12 08:31:10 +00:00 |
|
Ralf Becker
|
855c04cb2c
|
use secure and httponly cookies by default, secure cookies can be switched off in Admin >> site configuration, if required for sitemgr
|
2013-09-11 13:06:00 +00:00 |
|
Ralf Becker
|
eb06a2adee
|
setup uses now sessions too and password-hashes in header.inc.php use most secure hashing type
|
2013-09-11 11:35:20 +00:00 |
|
Ralf Becker
|
1590d02816
|
new egw_framework::message($msg, $msg_type="success") method and fixing nextmatch filter-change to return app-header
|
2013-09-05 11:53:25 +00:00 |
|
Ralf Becker
|
aaf0a7491d
|
silence warning be defining the constants
|
2013-09-02 13:40:40 +00:00 |
|
Klaus Leithoff
|
d5c2a03f51
|
revert changes introduced with r43681, as issue is fixed in bo_tracking and handling of GLOBALS[info][user][account_id]
|
2013-09-02 11:34:38 +00:00 |
|
Ralf Becker
|
3d20422177
|
not creating references to ['egw_info']['user'], as bo_tracking and other async service stuff has problems to change between different user enviroments
|
2013-09-02 10:43:16 +00:00 |
|
Klaus Leithoff
|
7744905ba8
|
try to resolve a use-session-stored-data related problem; make sure account_id and prefs are restored after send_notification
|
2013-08-30 12:57:51 +00:00 |
|
Klaus Leithoff
|
f5e00e4bad
|
add (and use) preg replace callback for mailto link to text transformation
|
2013-08-29 10:39:08 +00:00 |
|
Ralf Becker
|
a9a8e65ece
|
new parameter to be able to use get_user_applications() in admin and class-constants for ACL-rights, can be used instead EGW_ACL_* defines
|
2013-08-28 13:27:53 +00:00 |
|
Ralf Becker
|
aa8a848871
|
optional parameter for egw_framework::window_close() to specify an alert message, which get shown/alerted, before closing the window
|
2013-08-26 10:24:11 +00:00 |
|
Ralf Becker
|
46f81649eb
|
also fix calls to deprecated ajaxResponse class to use egw_json_response singleton, should be fixed in code for current apps
|
2013-08-25 15:14:19 +00:00 |
|
Ralf Becker
|
38798b872d
|
Force use of singleton: $response = egw_json_response::get(); not using it causes response being wrapped in an other response
|
2013-08-25 12:42:55 +00:00 |
|
Ralf Becker
|
b2ba685edd
|
remove inline javascript from idots and jerryr templates
|
2013-08-21 20:22:53 +00:00 |
|
Ralf Becker
|
73aa652c41
|
missing egw.js from last commit and egw_framework::window_focus() method
|
2013-08-20 13:25:36 +00:00 |
|
Ralf Becker
|
1c4f65120c
|
new egw_framework methods refresh_opener and window_close to call egw_refresh on opener or close popup window in a content security save way
|
2013-08-20 12:06:41 +00:00 |
|
Ralf Becker
|
ec6d873941
|
let PHP Warnings look exactly like original ones, but with a backtrace
|
2013-08-15 10:15:13 +00:00 |
|
Ralf Becker
|
c806da58ce
|
give a trace for PHP (User) Warnings
|
2013-08-14 08:09:51 +00:00 |
|
Klaus Leithoff
|
27149b237f
|
play around with catching the smtp error of smtp class, as it is the one that has the info about the error
|
2013-08-07 09:20:16 +00:00 |
|
Klaus Leithoff
|
a7be5a026e
|
move reset-call of smtp to phpmailer class, as it is the one that throws exceptions, and stops action
|
2013-08-07 08:34:00 +00:00 |
|
Ralf Becker
|
118657ddee
|
using etemplate_new::ajax_proecess_content to allow to have etemplate still extend etemplate_old, making etemplate_new autoloadable
|
2013-08-06 18:24:30 +00:00 |
|
Klaus Leithoff
|
54b2596ff8
|
send reset command after failure while failing when adding addresses
|
2013-08-06 13:51:39 +00:00 |
|
Ralf Becker
|
48fd2113f3
|
some long running operations, eg. merge-print, run into situation that DB closes our separate sqlfs connection, we try now to reconnect once
|
2013-08-05 14:59:31 +00:00 |
|
Ralf Becker
|
0f37c16cd8
|
using correct case: To, Cc and Bcc
|
2013-08-05 14:56:39 +00:00 |
|
Klaus Leithoff
|
d22f24666b
|
ClearAllRecipients should only clear recipients, not From, ReplyTo and such
|
2013-08-05 13:44:44 +00:00 |
|
Ralf Becker
|
243bb169a2
|
need to reimplement Clear methods from parent, to also clear our private addresses
|
2013-08-05 08:46:29 +00:00 |
|
Ralf Becker
|
6fe4085a11
|
fixed wrong condition only giving a location header if requests fails, not if it succeeds
|
2013-08-02 19:28:38 +00:00 |
|
Ralf Becker
|
207b7de248
|
instead of sending nothing, which gives a parse error on client-side, send a valid, empty response
|
2013-08-01 12:28:28 +00:00 |
|
Ralf Becker
|
6f39b0618d
|
using dhtmlxtree from sources instead of codebase directory, as does et2_widget_tree, to not double load it and causing 2. load to overwrite extensions from 1.
|
2013-08-01 11:19:14 +00:00 |
|
Ralf Becker
|
05765db6ca
|
* Admin/Filemanager: added filesystem check and repair for missing or broken required directories /, /apps and /home
|
2013-08-01 07:53:20 +00:00 |
|
Ralf Becker
|
8ce9969ece
|
we need to double encode (html::htmlspecialchars( , TRUE)), as otherwise we get invalid json, eg. for quotes, fixes not working display in filemanager for some directories containing directories with quotes in their name
|
2013-08-01 06:36:18 +00:00 |
|
Nathan Gray
|
afa7a73f0a
|
Fix chosen sizes using new width attribute for account multi-select
|
2013-07-26 15:08:17 +00:00 |
|
Ralf Becker
|
200a8860bf
|
* eTemplate/all apps: (silently) limit number of links shown to 1000 newest, to not run into memory_limit or max_execution_time and assuming noone will scroll further down anyway
|
2013-07-26 09:38:38 +00:00 |
|
Nathan Gray
|
f65680a7ae
|
Add CSS to better match egw. Fix chosen sizes using new width attribute. Not perfect, but at least never too small.
|
2013-07-25 20:28:32 +00:00 |
|
Ralf Becker
|
8e85c86f8b
|
* Async service/Backup: updating job to next scheduled time BEFORE running it, to copy with jobs running longer then async frequency of 5min, eg. backup
|
2013-07-25 13:11:07 +00:00 |
|
Ralf Becker
|
59c683c359
|
removed ancient "mark untranslated strings with *" site configuration, as it is unnecessary and breaks links-stream-wrapper and WebDAV
|
2013-07-25 12:18:08 +00:00 |
|
Ralf Becker
|
71676f982a
|
fixed not working special char detection
|
2013-07-25 07:21:35 +00:00 |
|
Ralf Becker
|
8ec5425c5a
|
disable minify-ing of javascript, until I find time to fix it, as it stalls testers (css still get minifyed, if debug minify is off in site config)
|
2013-07-24 07:42:27 +00:00 |
|
Ralf Becker
|
6e6b2b7b0a
|
reverted "no need for RegExp replace", as javascript only replace first occurence, if a string given
|
2013-07-23 14:41:53 +00:00 |
|
Ralf Becker
|
8242d40d1e
|
no need for RegExp replace
|
2013-07-23 11:49:16 +00:00 |
|
Ralf Becker
|
58949008f9
|
disable outer scrollbar, eg. if rendering time is swichted on
|
2013-07-23 11:33:23 +00:00 |
|
Klaus Leithoff
|
c4caefc9e9
|
suppress warning on searching for active members
|
2013-07-23 10:59:56 +00:00 |
|
Ralf Becker
|
16191d4db4
|
rendering quick-add menu on clientside and content-security safe, thought not yet in idots template, also removed not used inline javascript from idots
|
2013-07-22 19:20:13 +00:00 |
|
Ralf Becker
|
4ed52a2b16
|
get notifications-popup ready for content-security, install as object in app.notifications and use data-poll-intervall of script tag to pass poll frequency
|
2013-07-22 13:29:20 +00:00 |
|
Nathan Gray
|
67d6775f54
|
Use htmlspecialchars to escape data-attributes
|
2013-07-19 18:03:47 +00:00 |
|
Ralf Becker
|
5e3c0192d3
|
$extra parameter for framework->header()
|
2013-07-19 17:07:05 +00:00 |
|
Ralf Becker
|
33ac096fdf
|
enabled and enhanced dependency tests so they can be used to display full dependencies of one or more files
|
2013-07-19 15:24:55 +00:00 |
|
Ralf Becker
|
f55a668bdf
|
include user-data and common prefs like we already do it with eg. server config
|
2013-07-19 15:22:00 +00:00 |
|
Ralf Becker
|
d16c426fb6
|
first step towards content-security by passing parameters to egw.js script via data-attributes of script tag instead of using inline scripts in page
|
2013-07-19 08:45:26 +00:00 |
|
Ralf Becker
|
9af953e2b1
|
fixed accounts::search sometimes returning too many lines
|
2013-07-17 13:14:08 +00:00 |
|
Ralf Becker
|
792f1b26cc
|
replacing egw.LAB with egw_LAB, as egw object is shared by all iframes and popups, while LAB has to work on document
|
2013-07-17 12:47:21 +00:00 |
|
Ralf Becker
|
94926467d2
|
always check with "passwd_forbid_name" enabled, if setting of password failed
|
2013-07-16 14:57:06 +00:00 |
|
Ralf Becker
|
10436d5e41
|
fixed not being able to switch "forbid password to contain name" off again, after it has been switched on (caused by name "passwd_forbid_name")
|
2013-07-16 14:50:12 +00:00 |
|
Klaus Leithoff
|
2bdcd29582
|
pass acount_id to crackcheck, as it is required for crackcheck rule validation forbid_name
|
2013-07-16 10:42:31 +00:00 |
|
Ralf Becker
|
d48e8f4d84
|
* PostgreSQL: fix for SQL error eg. on update from 1.8.001 to 1.8.004 from 9.1 on
|
2013-07-16 06:47:54 +00:00 |
|
Ralf Becker
|
b54aef66e4
|
need to use own authentication method, to be able to auth user forced to change password and need to always recheck flag, if user are forced to change password, as otherwise he will be prompt again after changing it
|
2013-07-15 20:29:49 +00:00 |
|
Ralf Becker
|
526c938eec
|
* Active Directory: allow to do a forced password change in EGroupware and handle reset of that flag for Samba4 too
|
2013-07-15 20:01:01 +00:00 |
|
Ralf Becker
|
5f74357963
|
* WebDAV/CalDAV/CardDAV: fixed basic authentication via redirect-rule to use $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] as it is used by newer Apache versions
|
2013-07-15 11:06:45 +00:00 |
|
Ralf Becker
|
e90a6e1d42
|
fixed again not working new account creation under AD agains Win2008r2
|
2013-07-15 08:10:03 +00:00 |
|
Ralf Becker
|
6898ee9cdb
|
* Admin/Preferences/Active Directory: more understandable password policy errors and using windows defaults only, if admin has not configured something else
|
2013-07-14 13:05:24 +00:00 |
|
Ralf Becker
|
6e6835ca8f
|
disable "account_lid" input, if backend (eg. AD) does not allow changing it
|
2013-07-13 08:34:04 +00:00 |
|
Ralf Becker
|
cb523f8400
|
* Admin/Active Directory: fixed not working display, setting and removing of "must change password upon next login"
|
2013-07-13 07:50:36 +00:00 |
|
Ralf Becker
|
5caa242314
|
* Admin/Active Directory: create new users with CN=<username> as Windows does and allow to configure profilePath, homeDirectory, homeDrive and scriptPath for new users
|
2013-07-09 15:26:59 +00:00 |
|
Klaus Leithoff
|
16014f8067
|
* API: fix for wrong (unexpected array) type passed in check_list
|
2013-07-08 08:04:41 +00:00 |
|
Hadi Nategh
|
86dfe42104
|
replace no longer existing depricated egw_info->user email and fullname
|
2013-07-04 17:45:20 +00:00 |
|
Ralf Becker
|
76ab4eee25
|
return account_expires and account_primary_group via accounts::search
|
2013-07-03 16:26:18 +00:00 |
|
Ralf Becker
|
4850efed1e
|
fix js error, when chosen is not loaded, eg. on admin >> manage accounts
|
2013-07-02 12:37:01 +00:00 |
|
Ralf Becker
|
bca1712229
|
fixed allowed memory size exceeded error, if trying to read history from a ldap or ads contact with an id starting with a letter, did an unlimited query for all history-log entries of addressbook
|
2013-06-29 16:44:55 +00:00 |
|
Ralf Becker
|
2702d01b34
|
* Admin/API/ADS: account creation did not set initial password
|
2013-06-29 09:30:22 +00:00 |
|
Ralf Becker
|
8325352e88
|
* Admin/Preferences/ADS: give explicit error, that AD requires SSL or TLS to change passwords (not just failing with unspecific error)
|
2013-06-29 08:51:02 +00:00 |
|
Ralf Becker
|
5e0c017129
|
remove old default of 7 for password length, as it allways checks for that default otherwise
|
2013-06-28 16:20:01 +00:00 |
|
Ralf Becker
|
287abb2b38
|
adding again error message and number from DB to exception thrown in case of SQL errors, also adding a new method to abstract MySQL group_contact for PostgreSQL 8.4+
|
2013-06-28 10:50:42 +00:00 |
|
Ralf Becker
|
a0cba996a0
|
display mail-address for groups in AD
|
2013-06-26 19:57:48 +00:00 |
|
Ralf Becker
|
5eea435035
|
fixed auth_sql to allow updating passwords of in-active accounts and return true for all successfull password changes as documented (returned false if password was unchanged and hash password on success)
|
2013-06-26 09:49:30 +00:00 |
|
Ralf Becker
|
ee41d4a09d
|
* Admin/API/LDAP: fixed not working pagination of accounts for 2. or further pages introduced by enabling caching again in last package
|
2013-06-26 08:12:17 +00:00 |
|
Ralf Becker
|
aa1426b8de
|
* Admin: split password strength config in minimum length and number of character types, allow account backends specially AD to report password policy failures
|
2013-06-25 16:37:44 +00:00 |
|
Ralf Becker
|
aa221a4e77
|
add tabs for each application
|
2013-06-25 13:14:27 +00:00 |
|
Ralf Becker
|
293d395472
|
allow auth backends to throw exceptions to give verbose error why password changing failed, auth_ads does now password strength check (even if not configured), as this is most likely cause for not changed password
|
2013-06-23 10:46:26 +00:00 |
|
Ralf Becker
|
c44be3ee6d
|
handle not available AD or LDAP connection with an exception, caught and just displayed within setup, so one can change ip or credentials
|
2013-06-23 09:58:08 +00:00 |
|
Ralf Becker
|
78efd4a604
|
* API: if re-connect to database fails for an existing session, stop execution with an exception, as otherwise eg. preferences can get lost
|
2013-06-20 13:30:58 +00:00 |
|
Ralf Becker
|
025c6a4c22
|
need to report expired accounts as NOT active and add ability to copy shadowExpire attribute from LDAP to AD (not done by samba-tool classicupgrade!)
|
2013-06-20 09:54:08 +00:00 |
|
Ralf Becker
|
7b9bcffb74
|
* Admin/ActiveDirectory: fixed only first N accounts where shown and turned accidently switched off caching in session on again
|
2013-06-20 07:45:08 +00:00 |
|
Ralf Becker
|
02e4c44624
|
* Addressbook/LDAP: recreation of contact (eg. because of missing objectclass) failed and lead to deleted contact or account
|
2013-06-18 10:45:00 +00:00 |
|
Ralf Becker
|
b993253dcd
|
* API: ancent APC (3.1.3) in Debian 6/Squezze has size in MB without a unit, this caused APC not to be used because of to small cache size
|
2013-06-18 06:35:12 +00:00 |
|
Nathan Gray
|
22f2b5599b
|
Only echo JSONResponse if it's non-empty
|
2013-06-12 21:06:16 +00:00 |
|
Ralf Becker
|
066ffc2c25
|
refactored account_id change script to use information from app-specific tables_current.inc.php instead of a fixed list
|
2013-06-12 16:57:44 +00:00 |
|
Nathan Gray
|
936c375a2d
|
Fix cache not being updated when clearing a preference
|
2013-06-11 22:43:42 +00:00 |
|
Ralf Becker
|
b6319b43cf
|
* API: allow to set a maximum caching time used instead of unlimited caching or a bigger time, eg. in header.inc.php: egw_caching::$max_expiration = 864000; // 10days
|
2013-06-10 09:55:22 +00:00 |
|
Ralf Becker
|
7e8db9b2fe
|
urlencode password to cope with url special chars like forward slash or @ in passwords
|
2013-06-03 19:32:26 +00:00 |
|
Klaus Leithoff
|
6270bc83f9
|
allow some nesting of div elements
|
2013-06-03 13:27:19 +00:00 |
|
Ralf Becker
|
d328af7cff
|
accounts addressbook incl. working updates for active directory
|
2013-06-01 17:55:33 +00:00 |
|
Ralf Becker
|
3996f8a936
|
* MySQL: got mysqli extension working and make it default for EGroupware, as mysql is now officially deprecated, existing installs need to be switched manually in header.inc.php or Setup >> Manage header
|
2013-05-26 09:32:41 +00:00 |
|
Ralf Becker
|
b9102b010c
|
* Sambaadmin: create new users/groups in LDAP with uidNumber/gidNumber matching relative id (last part of SID) to ease migration to AD or Samba4
|
2013-05-25 11:07:38 +00:00 |
|
Ralf Becker
|
8c6fd8d936
|
changes to create users and set passwords on win2008r2
|
2013-05-24 17:08:15 +00:00 |
|
Ralf Becker
|
9ecefc6b79
|
* LDAP: only check for matching system users, if a new account get added, as existing accounts can be reported - depending on configuration - as system users too
|
2013-05-23 17:09:59 +00:00 |
|
Klaus Leithoff
|
a7944a3b76
|
fix problem regarding the ability to save a groups emailaddress
|
2013-05-23 13:48:51 +00:00 |
|
Ralf Becker
|
4037993dc5
|
* API: full support of active directory as account storage, tested so far with Samba4
|
2013-05-22 17:22:20 +00:00 |
|
Ralf Becker
|
f993f20723
|
* API: fallback auth checks and - if necessary - updates passwords on fallback on successful primary authentication or password change, to ensure they are kept up to date
|
2013-05-22 09:02:53 +00:00 |
|