Commit Graph

5361 Commits

Author SHA1 Message Date
Klaus Leithoff
5e425398fa change convertHTMLToText behavior, regarding the replacing of CRLF or LF to single space; now removing them completely, when text to be processed is regarded to be html 2013-09-18 12:14:59 +00:00
Ralf Becker
5faeec4ad5 mitigate risk of html downloads by using Content-Security-Policy header or Content-Disposition: attachment for IE 2013-09-12 18:49:36 +00:00
Ralf Becker
b8341e48a1 mitigate risk of html downloads by using Content-Security-Policy header or Content-Disposition: attachment for IE 2013-09-12 18:49:07 +00:00
Ralf Becker
860c5f3974 removed not used assignment 2013-09-12 08:32:40 +00:00
Ralf Becker
9523ba79c2 removed not used assignment 2013-09-12 08:31:10 +00:00
Ralf Becker
3c160e5062 use secure and httponly cookies by default, secure cookies can be switched off in Admin >> site configuration, if required for sitemgr 2013-09-11 13:06:27 +00:00
Ralf Becker
855c04cb2c use secure and httponly cookies by default, secure cookies can be switched off in Admin >> site configuration, if required for sitemgr 2013-09-11 13:06:00 +00:00
Ralf Becker
eeb679b59a setup uses now sessions too and password-hashes in header.inc.php use most secure hashing type 2013-09-11 11:36:24 +00:00
Ralf Becker
eb06a2adee setup uses now sessions too and password-hashes in header.inc.php use most secure hashing type 2013-09-11 11:35:20 +00:00
Ralf Becker
1590d02816 new egw_framework::message($msg, $msg_type="success") method and fixing nextmatch filter-change to return app-header 2013-09-05 11:53:25 +00:00
Ralf Becker
fde4d9df99 silence warning be defining the constants 2013-09-02 13:41:03 +00:00
Ralf Becker
aaf0a7491d silence warning be defining the constants 2013-09-02 13:40:40 +00:00
Ralf Becker
b958240a94 * EMail/all apps: fixed notifications caused EMail to loose connection to IMAP server
- temporary switch of user-enviroment as not fully restored and caused email connection of notified user being tried
- bo_tracking::send_notification does not all switching and is save to used without do_notifications
- references to $GLOBALS[egw_info][user] are now removed, because they also stopped correctly switching user enviroments for notifications
2013-09-02 12:14:08 +00:00
Klaus Leithoff
d5c2a03f51 revert changes introduced with r43681, as issue is fixed in bo_tracking and handling of GLOBALS[info][user][account_id] 2013-09-02 11:34:38 +00:00
Ralf Becker
3d20422177 not creating references to ['egw_info']['user'], as bo_tracking and other async service stuff has problems to change between different user enviroments 2013-09-02 10:43:16 +00:00
Klaus Leithoff
7744905ba8 try to resolve a use-session-stored-data related problem; make sure account_id and prefs are restored after send_notification 2013-08-30 12:57:51 +00:00
Klaus Leithoff
5299db0f05 add (and use) preg replace callback for mailto link to text transformation 2013-08-29 10:40:11 +00:00
Klaus Leithoff
f5e00e4bad add (and use) preg replace callback for mailto link to text transformation 2013-08-29 10:39:08 +00:00
Ralf Becker
a9a8e65ece new parameter to be able to use get_user_applications() in admin and class-constants for ACL-rights, can be used instead EGW_ACL_* defines 2013-08-28 13:27:53 +00:00
Ralf Becker
aa8a848871 optional parameter for egw_framework::window_close() to specify an alert message, which get shown/alerted, before closing the window 2013-08-26 10:24:11 +00:00
Ralf Becker
46f81649eb also fix calls to deprecated ajaxResponse class to use egw_json_response singleton, should be fixed in code for current apps 2013-08-25 15:14:19 +00:00
Ralf Becker
38798b872d Force use of singleton: $response = egw_json_response::get(); not using it causes response being wrapped in an other response 2013-08-25 12:42:55 +00:00
Ralf Becker
b2ba685edd remove inline javascript from idots and jerryr templates 2013-08-21 20:22:53 +00:00
Ralf Becker
73aa652c41 missing egw.js from last commit and egw_framework::window_focus() method 2013-08-20 13:25:36 +00:00
Ralf Becker
1c4f65120c new egw_framework methods refresh_opener and window_close to call egw_refresh on opener or close popup window in a content security save way 2013-08-20 12:06:41 +00:00
Ralf Becker
ec6d873941 let PHP Warnings look exactly like original ones, but with a backtrace 2013-08-15 10:15:13 +00:00
Ralf Becker
c806da58ce give a trace for PHP (User) Warnings 2013-08-14 08:09:51 +00:00
Klaus Leithoff
0a08bfc2f2 handle smtp reset on phpmailerclass, as this class throws exceptions; preserve the error info from smtp class before resetting the smtp communication 2013-08-07 09:23:22 +00:00
Klaus Leithoff
27149b237f play around with catching the smtp error of smtp class, as it is the one that has the info about the error 2013-08-07 09:20:16 +00:00
Klaus Leithoff
a7be5a026e move reset-call of smtp to phpmailer class, as it is the one that throws exceptions, and stops action 2013-08-07 08:34:00 +00:00
Ralf Becker
118657ddee using etemplate_new::ajax_proecess_content to allow to have etemplate still extend etemplate_old, making etemplate_new autoloadable 2013-08-06 18:24:30 +00:00
Klaus Leithoff
37a810e6a4 send reset command after failure while failing when adding addresses 2013-08-06 13:52:27 +00:00
Klaus Leithoff
54b2596ff8 send reset command after failure while failing when adding addresses 2013-08-06 13:51:39 +00:00
Ralf Becker
48fd2113f3 some long running operations, eg. merge-print, run into situation that DB closes our separate sqlfs connection, we try now to reconnect once 2013-08-05 14:59:31 +00:00
Ralf Becker
c20bb4df6b using correct case: To, Cc and Bcc 2013-08-05 14:57:03 +00:00
Ralf Becker
0f37c16cd8 using correct case: To, Cc and Bcc 2013-08-05 14:56:39 +00:00
Klaus Leithoff
202d40d517 ClearAllRecipients should only clear recipients, not From, ReplyTo and such 2013-08-05 13:47:51 +00:00
Klaus Leithoff
d22f24666b ClearAllRecipients should only clear recipients, not From, ReplyTo and such 2013-08-05 13:44:44 +00:00
Ralf Becker
86262dea0f fixed 2 typos 2013-08-05 12:58:41 +00:00
Ralf Becker
e9bf6d69e1 some long running operations, eg. merge-print, run into situation that DB closes our separate sqlfs connection, we try now to reconnect once 2013-08-05 09:47:16 +00:00
Ralf Becker
57634dc01f need to reimplement Clear methods from parent, to also clear our private addresses 2013-08-05 08:47:19 +00:00
Ralf Becker
243bb169a2 need to reimplement Clear methods from parent, to also clear our private addresses 2013-08-05 08:46:29 +00:00
Ralf Becker
6fe4085a11 fixed wrong condition only giving a location header if requests fails, not if it succeeds 2013-08-02 19:28:38 +00:00
Ralf Becker
188328b1d0 fixed wrong condition only giving a location header if requests fails, not if it succeeds 2013-08-02 19:27:35 +00:00
Ralf Becker
207b7de248 instead of sending nothing, which gives a parse error on client-side, send a valid, empty response 2013-08-01 12:28:28 +00:00
Ralf Becker
6f39b0618d using dhtmlxtree from sources instead of codebase directory, as does et2_widget_tree, to not double load it and causing 2. load to overwrite extensions from 1. 2013-08-01 11:19:14 +00:00
Ralf Becker
c65130d714 * Admin/Filemanager: added filesystem check and repair for missing or broken required directories /, /apps and /home 2013-08-01 07:53:58 +00:00
Ralf Becker
05765db6ca * Admin/Filemanager: added filesystem check and repair for missing or broken required directories /, /apps and /home 2013-08-01 07:53:20 +00:00
Ralf Becker
8ce9969ece we need to double encode (html::htmlspecialchars( , TRUE)), as otherwise we get invalid json, eg. for quotes, fixes not working display in filemanager for some directories containing directories with quotes in their name 2013-08-01 06:36:18 +00:00
Nathan Gray
afa7a73f0a Fix chosen sizes using new width attribute for account multi-select 2013-07-26 15:08:17 +00:00
Ralf Becker
3b0eccb9d4 * eTemplate/all apps: (silently) limit number of links shown to 1000 newest, to not run into memory_limit or max_execution_time and assuming noone will scroll further down anyway 2013-07-26 09:39:14 +00:00
Ralf Becker
200a8860bf * eTemplate/all apps: (silently) limit number of links shown to 1000 newest, to not run into memory_limit or max_execution_time and assuming noone will scroll further down anyway 2013-07-26 09:38:38 +00:00
Nathan Gray
f65680a7ae Add CSS to better match egw. Fix chosen sizes using new width attribute. Not perfect, but at least never too small. 2013-07-25 20:28:32 +00:00
Ralf Becker
69a336d58b * Async service/Backup: updating job to next scheduled time BEFORE running it, to copy with jobs running longer then async frequency of 5min, eg. backup 2013-07-25 13:11:37 +00:00
Ralf Becker
8e85c86f8b * Async service/Backup: updating job to next scheduled time BEFORE running it, to copy with jobs running longer then async frequency of 5min, eg. backup 2013-07-25 13:11:07 +00:00
Ralf Becker
e4e725b5bc removed ancient "mark untranslated strings with *" site configuration, as it is unnecessary and breaks links-stream-wrapper and WebDAV 2013-07-25 12:18:43 +00:00
Ralf Becker
59c683c359 removed ancient "mark untranslated strings with *" site configuration, as it is unnecessary and breaks links-stream-wrapper and WebDAV 2013-07-25 12:18:08 +00:00
Ralf Becker
be0c913c35 * Admin/Preferences: fixed not working special char detection in passwords, if you required 4 character classes it always failed 2013-07-25 07:24:33 +00:00
Ralf Becker
71676f982a fixed not working special char detection 2013-07-25 07:21:35 +00:00
Ralf Becker
8ec5425c5a disable minify-ing of javascript, until I find time to fix it, as it stalls testers (css still get minifyed, if debug minify is off in site config) 2013-07-24 07:42:27 +00:00
Ralf Becker
4557a1d24d reverted "no need for RegExp replace", as javascript only replace first occurence, if a string given 2013-07-23 14:42:24 +00:00
Ralf Becker
6e6b2b7b0a reverted "no need for RegExp replace", as javascript only replace first occurence, if a string given 2013-07-23 14:41:53 +00:00
Ralf Becker
8242d40d1e no need for RegExp replace 2013-07-23 11:49:16 +00:00
Ralf Becker
daf247f3ad fixed tail-window did not scroll to bottom automatic after jQuery update 2013-07-23 11:45:57 +00:00
Ralf Becker
58949008f9 disable outer scrollbar, eg. if rendering time is swichted on 2013-07-23 11:33:23 +00:00
Ralf Becker
ae86519a58 disable outer scrollbar, eg. if rendering time is swichted on 2013-07-23 11:32:29 +00:00
Klaus Leithoff
c4caefc9e9 suppress warning on searching for active members 2013-07-23 10:59:56 +00:00
Klaus Leithoff
46e8c16016 suppress warning on searching for active members 2013-07-23 10:58:43 +00:00
Ralf Becker
16191d4db4 rendering quick-add menu on clientside and content-security safe, thought not yet in idots template, also removed not used inline javascript from idots 2013-07-22 19:20:13 +00:00
Ralf Becker
4ed52a2b16 get notifications-popup ready for content-security, install as object in app.notifications and use data-poll-intervall of script tag to pass poll frequency 2013-07-22 13:29:20 +00:00
Nathan Gray
67d6775f54 Use htmlspecialchars to escape data-attributes 2013-07-19 18:03:47 +00:00
Ralf Becker
5e3c0192d3 $extra parameter for framework->header() 2013-07-19 17:07:05 +00:00
Ralf Becker
33ac096fdf enabled and enhanced dependency tests so they can be used to display full dependencies of one or more files 2013-07-19 15:24:55 +00:00
Ralf Becker
f55a668bdf include user-data and common prefs like we already do it with eg. server config 2013-07-19 15:22:00 +00:00
Ralf Becker
d16c426fb6 first step towards content-security by passing parameters to egw.js script via data-attributes of script tag instead of using inline scripts in page 2013-07-19 08:45:26 +00:00
Ralf Becker
4619a9f9c6 fixed accounts::search sometimes returning too many lines 2013-07-17 13:14:35 +00:00
Ralf Becker
9af953e2b1 fixed accounts::search sometimes returning too many lines 2013-07-17 13:14:08 +00:00
Ralf Becker
792f1b26cc replacing egw.LAB with egw_LAB, as egw object is shared by all iframes and popups, while LAB has to work on document 2013-07-17 12:47:21 +00:00
Ralf Becker
18cb6f75a6 fixed again not working new account creation under AD agains Win2008r2 2013-07-16 15:19:38 +00:00
Ralf Becker
4e3c34f257 always check with "passwd_forbid_name" enabled, if setting of password failed 2013-07-16 14:57:43 +00:00
Ralf Becker
94926467d2 always check with "passwd_forbid_name" enabled, if setting of password failed 2013-07-16 14:57:06 +00:00
Ralf Becker
b9cefd3755 fixed not being able to switch "forbid password to contain name" off again, after it has been switched on (caused by name "passwd_forbid_name") 2013-07-16 14:51:03 +00:00
Ralf Becker
10436d5e41 fixed not being able to switch "forbid password to contain name" off again, after it has been switched on (caused by name "passwd_forbid_name") 2013-07-16 14:50:12 +00:00
Klaus Leithoff
8afd5fb840 pass acount_id to crackcheck, as it is required for crackcheck rule validation forbid_name 2013-07-16 10:45:00 +00:00
Klaus Leithoff
2bdcd29582 pass acount_id to crackcheck, as it is required for crackcheck rule validation forbid_name 2013-07-16 10:42:31 +00:00
Ralf Becker
ab7c7930f8 * PostgreSQL: fix for SQL error eg. on update from 1.8.001 to 1.8.004 from 9.1 on 2013-07-16 06:48:19 +00:00
Ralf Becker
d48e8f4d84 * PostgreSQL: fix for SQL error eg. on update from 1.8.001 to 1.8.004 from 9.1 on 2013-07-16 06:47:54 +00:00
Ralf Becker
e82af0a961 need to use own authentication method, to be able to auth user forced to change password and need to always recheck flag, if user are forced to change password, as otherwise he will be prompt again after changing it 2013-07-15 20:30:30 +00:00
Ralf Becker
b54aef66e4 need to use own authentication method, to be able to auth user forced to change password and need to always recheck flag, if user are forced to change password, as otherwise he will be prompt again after changing it 2013-07-15 20:29:49 +00:00
Ralf Becker
d26074731f * Active Directory: allow to do a forced password change in EGroupware and handle reset of that flag for Samba4 too 2013-07-15 20:01:29 +00:00
Ralf Becker
526c938eec * Active Directory: allow to do a forced password change in EGroupware and handle reset of that flag for Samba4 too 2013-07-15 20:01:01 +00:00
Ralf Becker
00fedbf069 * WebDAV/CalDAV/CardDAV: fixed basic authentication via redirect-rule to use $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] as it is used by newer Apache versions 2013-07-15 11:07:24 +00:00
Ralf Becker
5f74357963 * WebDAV/CalDAV/CardDAV: fixed basic authentication via redirect-rule to use $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] as it is used by newer Apache versions 2013-07-15 11:06:45 +00:00
Ralf Becker
e90a6e1d42 fixed again not working new account creation under AD agains Win2008r2 2013-07-15 08:10:03 +00:00
Ralf Becker
eb7cccf775 * Admin/Preferences/Active Directory: more understandable password policy errors and using windows defaults only, if admin has not configured something else 2013-07-14 13:06:39 +00:00
Ralf Becker
6898ee9cdb * Admin/Preferences/Active Directory: more understandable password policy errors and using windows defaults only, if admin has not configured something else 2013-07-14 13:05:24 +00:00
Ralf Becker
fcd1f660b8 disable "account_lid" input, if backend (eg. AD) does not allow changing it 2013-07-13 08:34:33 +00:00
Ralf Becker
6e6835ca8f disable "account_lid" input, if backend (eg. AD) does not allow changing it 2013-07-13 08:34:04 +00:00
Ralf Becker
dc7f8e11b1 * Admin/Active Directory: fixed not working display, setting and removing of "must change password upon next login" 2013-07-13 07:51:40 +00:00
Ralf Becker
cb523f8400 * Admin/Active Directory: fixed not working display, setting and removing of "must change password upon next login" 2013-07-13 07:50:36 +00:00