| ee8d198 | Frank Karlitschek | 09 March 2013, 20:17:10 UTC | 4.0.13 | 09 March 2013, 20:17:10 UTC |
| 7b6a022 | Lukas Reschke | 11 March 2013, 15:48:13 UTC | Check if username is valid and remove slashes from filename Backport of #2236 to stable4 | 11 March 2013, 15:48:19 UTC |
| fae5bd3 | Thomas Tanghus | 09 March 2013, 18:26:31 UTC | Contacts: Backport filename sanitation and blacklist checking to stable4. | 09 March 2013, 18:26:31 UTC |
| 1ab3084 | Frank Karlitschek | 18 February 2013, 14:42:51 UTC | 4.0.12 | 18 February 2013, 14:42:51 UTC |
| 57f40b2 | Frank Karlitschek | 18 February 2013, 14:41:24 UTC | backport https://github.com/owncloud/core/pull/1751 | 18 February 2013, 14:41:24 UTC |
| 5b4c48d | Lukas Reschke | 12 February 2013, 16:19:58 UTC | Merge pull request #1651 from owncloud/backports Backports | 12 February 2013, 16:19:58 UTC |
| 3ad6ea0 | Thomas Müller | 12 February 2013, 13:48:01 UTC | Fixing php lint error | 12 February 2013, 13:48:01 UTC |
| b966095 | Lukas Reschke | 03 February 2013, 19:03:32 UTC | [user_ldap] Add requesttoken | 12 February 2013, 11:26:51 UTC |
| de9befd | Lukas Reschke | 12 February 2013, 11:22:06 UTC | [user_migrate] Add requesttoken | 12 February 2013, 11:22:06 UTC |
| 28dc89e | Lukas Reschke | 12 February 2013, 11:18:36 UTC | [admin_migrate] Add requesttoken | 12 February 2013, 11:18:36 UTC |
| 97d0cee | Lukas Reschke | 12 February 2013, 10:28:36 UTC | Check requesttoken | 12 February 2013, 10:28:36 UTC |
| 1fbb89a | Lukas Reschke | 12 February 2013, 10:03:58 UTC | [external] Encode HTML | 12 February 2013, 10:03:58 UTC |
| 74e73bc | Bart Visscher | 09 February 2013, 14:03:47 UTC | Remove invalid characters from app id to prevent loading of invalid resources | 11 February 2013, 17:08:48 UTC |
| 015ac6a | Georg Ehrke | 10 February 2013, 10:58:00 UTC | add callcheck in guesstimezone.php | 10 February 2013, 10:58:00 UTC |
| 0f227fa | Frank Karlitschek | 21 January 2013, 20:02:35 UTC | increase the internal number too | 21 January 2013, 20:02:35 UTC |
| d500440 | Frank Karlitschek | 21 January 2013, 19:58:30 UTC | 4.0.11 | 21 January 2013, 19:58:30 UTC |
| 708bd92 | Georg Ehrke | 19 January 2013, 19:33:09 UTC | improve calendar list view | 19 January 2013, 19:33:09 UTC |
| 306d5ee | Lukas Reschke | 19 January 2013, 18:59:52 UTC | Sanitize the exception | 19 January 2013, 18:59:52 UTC |
| f603454 | Lukas Reschke | 19 January 2013, 18:45:28 UTC | Also replace the backslash with a minus For Windows systems | 19 January 2013, 18:48:26 UTC |
| 4e2b834 | Lukas Reschke | 19 January 2013, 18:34:36 UTC | Use GET instead of QUERY_STRING | 19 January 2013, 18:35:31 UTC |
| f71f0ad | Lukas Reschke | 19 January 2013, 18:07:16 UTC | Use the internal function | 19 January 2013, 18:07:16 UTC |
| 3f37063 | Lukas Reschke | 15 January 2013, 09:30:21 UTC | Encode the URI | 15 January 2013, 09:30:21 UTC |
| c56f52b | Frank Karlitschek | 19 December 2012, 20:53:32 UTC | ownCloud 4.0.10 | 19 December 2012, 20:53:32 UTC |
| 8e4b301 | Frank Karlitschek | 17 December 2012, 14:33:45 UTC | backport fix admin check | 17 December 2012, 14:33:45 UTC |
| b24c929 | Lukas Reschke | 16 December 2012, 10:24:01 UTC | Encode the URI properly Backport of eafa9b2 | 16 December 2012, 10:24:01 UTC |
| 28fdba2 | Frank Karlitschek | 13 November 2012, 21:09:00 UTC | 4.0.9 | 13 November 2012, 21:09:00 UTC |
| 7d246ab | Tom Needham | 06 November 2012, 20:59:59 UTC | Migration: On import of user accounts only import folders in home dir, use OC_Helper::copyr Check files when copying recursivley Remove obsolete method Dont count '.' and '..' as directories when importing. | 08 November 2012, 21:38:04 UTC |
| 3a52982 | Tom Needham | 06 November 2012, 23:49:25 UTC | Migration: Allow for no app data cases; handle file copying better | 08 November 2012, 21:35:20 UTC |
| 3cd31ee | Robin Appelman | 05 November 2012, 15:39:03 UTC | support string values ('true' and 'false') for configuring the secure parameter on external storage backends fixes #78 | 05 November 2012, 15:54:24 UTC |
| 4b86c43 | Robin Appelman | 02 November 2012, 23:21:10 UTC | check for filename blacklist in OC_Filesystem::isValidPath | 02 November 2012, 23:23:48 UTC |
| 6540c0f | Robin Appelman | 02 November 2012, 19:15:00 UTC | fix OC_Filesystem::isValidPath when using \ instead of / in paths | 02 November 2012, 19:15:00 UTC |
| c73eb29 | Lukas Reschke | 30 October 2012, 12:50:36 UTC | Backport of ad720c4 for oC 4.x Fixes #145 | 30 October 2012, 12:50:42 UTC |
| b78b989 | Brice Maron | 26 October 2012, 15:54:16 UTC | Fix migration problems for postgresql with MDB2 fix owncloud/apps#21 Ref of MDB2 bug is 19676 | 26 October 2012, 15:57:21 UTC |
| 6244d68 | Victor Dubiniuk | 18 October 2012, 20:10:33 UTC | Fix 'App already installed' for app with entry in DB and no files | 18 October 2012, 20:10:33 UTC |
| ecbf9ff | Lukas Reschke | 15 October 2012, 21:35:27 UTC | "deny from all" instead directory | 16 October 2012, 13:58:59 UTC |
| 4a1f1a4 | Lukas Reschke | 15 October 2012, 21:25:10 UTC | Show a warning in the installer if .htaccess is not working | 16 October 2012, 13:58:57 UTC |
| 6c22983 | Lukas Reschke | 16 October 2012, 11:58:17 UTC | Set oc_token to httponly | 16 October 2012, 11:58:17 UTC |
| 3ca5c71 | Lukas Reschke | 15 October 2012, 17:21:37 UTC | Use /dev/urandom instead of /dev/random The usage of /dev/urandom is enough secure | 15 October 2012, 17:23:37 UTC |
| 7f06f93 | Lukas Reschke | 14 October 2012, 15:17:06 UTC | Show a warning in the installer if no secure RNG is available | 14 October 2012, 15:17:06 UTC |
| e99cf5c | Lukas Reschke | 14 October 2012, 14:14:45 UTC | Fallback to /dev/random if openssl_random_pseudo_bytes not available | 14 October 2012, 14:16:20 UTC |
| 306eb6d | Lukas Reschke | 14 October 2012, 10:12:55 UTC | Doublehash the token to prevent timing attacks | 14 October 2012, 10:15:00 UTC |
| 1772f36 | Lukas Reschke | 12 October 2012, 13:43:46 UTC | Sanitize file names | 12 October 2012, 13:43:46 UTC |
| 77eff34 | Lukas Reschke | 12 October 2012, 13:42:15 UTC | Sanitize file names | 12 October 2012, 13:42:15 UTC |
| 299c664 | Lukas Reschke | 12 October 2012, 13:24:53 UTC | escapeHTML function | 12 October 2012, 13:24:53 UTC |
| d4b19ef | Lukas Reschke | 12 October 2012, 13:21:46 UTC | Update FullCalendar to 1.5.4 | 12 October 2012, 13:21:46 UTC |
| 7cf1332 | Thomas Tanghus | 11 October 2012, 15:51:14 UTC | Don't try to add invalid cards via CardDAV. | 11 October 2012, 15:51:14 UTC |
| 033ac60 | Frank Karlitschek | 09 October 2012, 15:07:10 UTC | 4.0.8 | 09 October 2012, 15:07:10 UTC |
| d8e0be1 | Arthur Schiwon | 08 October 2012, 11:53:08 UTC | destroy invalid sessions | 08 October 2012, 11:53:08 UTC |
| f96bf9e | Lukas Reschke | 06 October 2012, 12:32:52 UTC | Remove the webodf sources This is a backport of 683a0c1 /cc @DeepDiver1975 | 06 October 2012, 12:32:52 UTC |
| b76a335 | Lukas Reschke | 06 October 2012, 12:23:22 UTC | Sanitize user input This is a backport of 4f7c7c6 /cc @DeepDiver1975 | 06 October 2012, 12:23:22 UTC |
| 375eae1 | Lukas Reschke | 06 October 2012, 12:19:58 UTC | Use openssl_random_pseudo_bytes if available This is a backport of ef57e92 /cc @DeepDiver1975 | 06 October 2012, 12:19:58 UTC |
| ca216b5 | Thomas Tanghus | 23 June 2012, 23:57:08 UTC | Trim trailing whitespace from version. | 26 September 2012, 09:33:14 UTC |
| c212d11 | Arthur Schiwon | 26 September 2012, 09:28:47 UTC | fix default values in table fscache | 26 September 2012, 09:28:47 UTC |
| 292d205 | Lukas Reschke | 25 September 2012, 17:49:42 UTC | Passwords containing a ":" don't work with this explode Thanks to mETz | 25 September 2012, 17:49:42 UTC |
| 1e7ac8b | Lukas Reschke | 22 September 2012, 08:55:25 UTC | Sanitize user input | 22 September 2012, 08:55:25 UTC |
| 1954f80 | Tom Needham | 19 September 2012, 16:19:47 UTC | Don't store users password hash when exporting. | 19 September 2012, 16:19:47 UTC |
| a5c42ed | Tom Needham | 18 September 2012, 16:25:34 UTC | Only try to delete migration.db if it was created. | 18 September 2012, 16:31:27 UTC |
| 3b465f4 | Tom Needham | 18 September 2012, 16:24:39 UTC | Allow exporting of users from any user backend, fixed oc-1645 | 18 September 2012, 16:30:13 UTC |
| 0f489e8 | Arthur Schiwon | 18 September 2012, 15:10:21 UTC | LDAP: transliterate other latin characters to ASCII when creating owncloud names. Already created usernames are not being affected. Fixes ugly names with removed Umlauts, chars with accents and likes. | 18 September 2012, 15:10:21 UTC |
| 95a7481 | Victor Dubiniuk | 11 September 2012, 20:57:13 UTC | Fix for cyrillic folder names. ref#oc-1683 | 11 September 2012, 20:57:13 UTC |
| d050e6e | Lukas Reschke | 10 September 2012, 17:13:21 UTC | Merge pull request #11 from ne704/typos fix message about 'apps' directory | 10 September 2012, 17:13:21 UTC |
| ae3ea39 | Niko Ehrenfeuchter | 10 September 2012, 17:06:03 UTC | fix message about 'apps' directory | 10 September 2012, 17:06:03 UTC |
| 943a9a2 | Lukas Reschke | 10 September 2012, 16:41:26 UTC | Merge pull request #10 from ne704/typos Typos | 10 September 2012, 16:41:26 UTC |
| 76ccd69 | Niko Ehrenfeuchter | 03 June 2012, 22:41:32 UTC | mark unused variables | 10 September 2012, 14:04:05 UTC |
| 88d9582 | Niko Ehrenfeuchter | 03 June 2012, 22:27:31 UTC | fix typos | 10 September 2012, 14:04:03 UTC |
| ac43640 | Niko Ehrenfeuchter | 03 June 2012, 15:53:01 UTC | fix typos + copy-paste errors in comments | 10 September 2012, 14:03:46 UTC |
| b37d318 | Georg Ehrke | 31 August 2012, 12:27:03 UTC | back port better input validation in calendar from apps repo | 31 August 2012, 12:27:03 UTC |
| b112035 | Arthur Schiwon | 29 August 2012, 16:07:32 UTC | LDAP: check for existing username from other backends when creating one for an LDAP user or group. Fixes oc-1551 in stable4. Also optimizes groupExists() function as side effect. | 29 August 2012, 16:07:32 UTC |
| a791753 | Lukas Reschke | 26 August 2012, 08:32:20 UTC | Gitorious => Github | 26 August 2012, 08:32:20 UTC |
| 49c17fc | Lukas Reschke | 25 August 2012, 21:56:18 UTC | I like TLS/SSL | 25 August 2012, 21:56:18 UTC |
| 5afdfec | Lukas Reschke | 21 August 2012, 15:56:20 UTC | Sanitizing the user input to prevent a reflected XSS. Thanks to Nico Golde (ngolde.de) | 21 August 2012, 15:56:20 UTC |
| 2051a5d | Arthur Schiwon | 20 August 2012, 15:04:57 UTC | Fix deletion for browser that do not support onBeforeUnload, fixes oc-1534 | 20 August 2012, 15:04:57 UTC |
| 4984a72 | Lukas Reschke | 18 August 2012, 12:57:19 UTC | Add a missing exit(); | 18 August 2012, 12:57:19 UTC |
| 4500359 | Lukas Reschke | 18 August 2012, 07:24:35 UTC | Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde. | 18 August 2012, 07:26:58 UTC |
| f53dd22 | Georg Ehrke | 04 August 2012, 15:38:31 UTC | backport 1bccc80996e270f928c207cdd3090f4284abaea5 | 16 August 2012, 13:30:55 UTC |
| 526e704 | Frank Karlitschek | 14 August 2012, 18:07:58 UTC | 4.0.7 and remove some ^M while at it | 14 August 2012, 18:07:58 UTC |
| 4682846 | Lukas Reschke | 14 August 2012, 15:19:20 UTC | Disable user enumeration | 14 August 2012, 15:19:20 UTC |
| 95ef80e | Michael Gapczynski | 11 August 2012, 15:04:04 UTC | Check blacklist when renaming files | 12 August 2012, 23:29:32 UTC |
| 4fd069b | Lukas Reschke | 12 August 2012, 23:26:28 UTC | Also check some other files | 12 August 2012, 23:26:28 UTC |
| 2024d42 | Lukas Reschke | 12 August 2012, 23:22:53 UTC | Disable listing of all users | 12 August 2012, 23:22:53 UTC |
| 6d94455 | Jakob Sack | 12 August 2012, 07:06:46 UTC | Fix OC_Connector_Sabre_Locks for SQLite | 12 August 2012, 07:06:46 UTC |
| 2871896 | Lukas Reschke | 10 August 2012, 14:38:32 UTC | Check if webfinger is enabled | 10 August 2012, 14:38:32 UTC |
| e9a6390 | Michael Gapczynski | 08 August 2012, 15:25:24 UTC | Don't return file handle if the mode supports writing and the file is not writable Conflicts: apps/files_sharing/sharedstorage.php | 10 August 2012, 13:46:44 UTC |
| baab13a | Lukas Reschke | 10 August 2012, 13:23:04 UTC | Validate cookie to prevent auth bypasses. | 10 August 2012, 13:23:04 UTC |
| 5192eec | Lukas Reschke | 09 August 2012, 22:11:04 UTC | Added XSRF check | 09 August 2012, 22:11:04 UTC |
| 7581d55 | Lukas Reschke | 09 August 2012, 20:17:52 UTC | Missed an "echo" | 09 August 2012, 20:17:52 UTC |
| aae17d4 | Lukas Reschke | 09 August 2012, 20:14:48 UTC | Sanitize user input | 09 August 2012, 20:14:48 UTC |
| a366ba4 | Thomas Tanghus | 09 August 2012, 15:22:56 UTC | Fix for broken Mail App in OSX Mountain Lion. https://mail.kde.org/pipermail/owncloud/2012-August/004649.html | 09 August 2012, 15:22:56 UTC |
| 2cfc7f7 | Bjoern Schiessle | 08 August 2012, 09:47:23 UTC | fix for bug 879 - add parent directory to file cache if it does not exist yet. For example this can happen if the sync client is used before the user created the root directory (e.g. through web login). | 08 August 2012, 09:47:23 UTC |
| e9e84b5 | Arthur Schiwon | 05 August 2012, 19:17:39 UTC | Merge branch 'stable4' of git://gitorious.org/owncloud/owncloud into stable4 | 05 August 2012, 19:17:39 UTC |
| c32a99b | Georg Ehrke | 04 August 2012, 16:50:05 UTC | fix label for versioning in admin settings | 04 August 2012, 16:50:05 UTC |
| 758ae42 | Bart Visscher | 03 August 2012, 14:18:33 UTC | Calendar: remove double html encoding | 03 August 2012, 14:26:05 UTC |
| 0970a3c | Bart Visscher | 03 August 2012, 14:11:10 UTC | Contacts: Fix no active Addressbooks | 03 August 2012, 14:11:10 UTC |
| 6b78ca1 | Arthur Schiwon | 03 August 2012, 13:51:25 UTC | LDAP: sanitize base, user and group trees. fixes oc-1302 | 03 August 2012, 13:51:25 UTC |
| e899c99 | Arthur Schiwon | 03 August 2012, 11:15:15 UTC | Show Login-Button when user+pw are autocompleted, fixes oc-1068 | 03 August 2012, 11:16:25 UTC |
| aa60771 | Frank Karlitschek | 31 July 2012, 08:13:10 UTC | 4.0.6 | 31 July 2012, 08:13:10 UTC |
| b523366 | Arthur Schiwon | 30 July 2012, 15:23:34 UTC | LDAP: don't die on unexpected collisions, handle empty display-name attributes properly | 30 July 2012, 15:30:11 UTC |
| b9bd54b | Michael Gapczynski | 29 July 2012, 22:01:43 UTC | Add additional error handling for emailing private links | 30 July 2012, 14:07:20 UTC |
| dab708b | Michael Gapczynski | 28 July 2012, 15:06:36 UTC | Correction for 'Fix group detection for sharing in case username contains '@', fix for oc-1270' | 30 July 2012, 14:07:20 UTC |
| 519eb39 | Michael Gapczynski | 28 July 2012, 01:28:25 UTC | Remove delete tipsy if file is deleted, fixes bug oc-958 | 30 July 2012, 14:07:19 UTC |
