Re: [Owncloud] How to add JavaScript file to the guest login page

On Sun, Jun 23, 2013 at 2:23 PM, Christian Reiner < f...@christian-reiner.info> wrote: > I asked about a solution for this myself some weeks ago and did not come > to a > solution with the current OC core > This should work fine. https://gist.github.com/LukasReschke/5845385 -- ownCloud Your Cl

Re: [Owncloud] How to add JavaScript file to the guest login page

You can perform a check whether the user is logged in in appinfo/app.php and if the user is not logged in add the script. - Please be aware that this script will be added to any page that the guest accesses. (e.g. the file share view) App Framework: > if (!$api->isLoggedIn()) { > $api->addSc

Re: [Owncloud] Security flaw

On Thu, Jun 20, 2013 at 10:29 PM, Randolph Carter < randolphcar...@fantasymail.de> wrote: > Sounds like one big security risk waiting to happen to me... not only > misconfiguration, but also e.g. intermediate server errors will leave > owncloud wide open for anyone to access? > Good point, we wil

Re: [Owncloud] Security flaw

On Thu, Jun 20, 2013 at 9:32 AM, Ron Trompert wrote: > Yesterday I have installed Owncloud 5.0.7. I have configured the admin > user and in addition, I have allowed for other user to authenticate > themselves using another webdav server. All of this works, but now I am > able to login to the admin

Re: [Owncloud] ownCloud 5.0.6 and 4.5.11 and 4.0.15

On Tue, May 14, 2013 at 1:54 PM, Duchesne Kévin wrote: > ihad the same problem and its ok if i desactive my theme in config.php. > Yup - we moved some values from config.js to the template. https://github.com/owncloud/core/commit/f2911e76bcbb88e1da5caa2ee4cebd2d78725999 https://github.com/ownc

Re: [Owncloud] [Alpha] mod_security rules for ownCloud 5.0

On Tue, May 7, 2013 at 11:21 PM, Sebastian Kügler wrote: > Let me state the obvious here: You _released_ a security critical feature > which has not been thoroughly tested (or even reviewed critically?) and is > less than 24 hours old. > Please do a read-up what mod_security is before claiming s

[Owncloud] [Alpha] mod_security rules for ownCloud 5.0

Hey all, I just released a custom mod_security ruleset for ownCloud 5.0. - I've rewritten the whole set yesterday which means that it most probably still has some bugs inside ;-) The ruleset is written following a positive security model, this means all request and para

[Owncloud] ownCloud Security Advisories (2013-017, 2013-018)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This vulnerabilities only affect ownCloud Server 5.0.x and 4.5.x, the 4.0.x branch is not affected and still supported with security updates by us. --- # XSS vulnerability in MediaElement.js (oC-SA-2013-017) Web: h

[Owncloud] Security: Change your PostgreSQL database password

Hey all, With todays release we fixed a major security vulnerability related to our installation routine. (oC-SA-2013-015, CVE-2013-1941) In our installation process, a new database user is generated with a random password. However, our PostgreSQL setup routine was using the PHP function time() a

Re: [Owncloud] Updater app

On Thu, Apr 11, 2013 at 3:51 PM, Christian Hügel < christian.hue...@stonebyte.de> wrote: > Thank you it works now. But the update information looks kind of weird. > Please see attached screesnhot. > Should be fixed with 5.0.4 -- ownCloud Your Cloud, Your Data, Your Way! GPG: 0xEB32B77BA406BE99

Re: [Owncloud] Owncloud Version Policy

On Thu, Apr 4, 2013 at 1:02 AM, Doc Long wrote: > Could any of the Dev be so kind to make a statement egarding the following: > I and Victor added two comments, but be aware that this is only our personal opinion :-) -- ownCloud Your Cloud, Your Data, Your Way! GPG: 0xEB32B77BA406BE99 ___

[Owncloud] Stop posting "+1" to the issue tracker

Hi all, Just as a remark since there are a lot of "+1" posts on the issue tracker: DON'T DO THIS. Every time you do this subscribed developers get a notification - it's just an absolute waste of time. I'm so annoyed reading all those useless +1 comments which have exactly *NO* sense. A feature wo

Re: [Owncloud] improving OwnCloud javascript theming/templating

On Sat, Mar 16, 2013 at 12:43 PM, Stefan Nagtegaal < developm...@standoutdesign.nl> wrote: > In the manual is also written about AngularJS, which imo is bad to use for > templating. It's not fast enough, and forces users to learn another way of > writing code, instead of just CSS/HTML and a small

Re: [Owncloud] demo language

On Thu, Mar 14, 2013 at 1:34 PM, Pascal d'Hermilly wrote: > Can we give everyone a new user instead? or lock the language to English? I'm thinking about a custom user backend for that. Michael, just ping me on IRC so we can get this running :-) -- ownCloud Your Cloud, Your Data, Your Way! G

Re: [Owncloud] OC5 Media player

Already fixed in master and stable5 on Github. https://github.com/owncloud/apps/commit/64ce426e073fff7118a5b0f5490f6887ef08ef2f -- ownCloud Your Cloud, Your Data, Your Way! GPG: 0xEB32B77BA406BE99 ___ Owncloud mailing list Owncloud@kde.org https://ma

[Owncloud] Changes to the XSS sanitiziation - Important notice to all developers

Hi all, Starting with ownCloud 5.0 we removed the auto-sanitizing from the OC_Template method assign(). We had multiple sensible reasons for that, one of it was that auto-escaping is just not 100% reliable and caused more troubles than it gaves us back on benefits. That said, the needed changes t

Re: [Owncloud] Who is responsible for apps.owncoud.com ?

apps.owncloud.com is run by Frank, but I'll handle this since he is busy doing the release. @Mark please drop me a private mail. Thanks, Lukas ___ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] Any application there (apart from Media) using the user's password ?

On Wed, Feb 6, 2013 at 10:58 AM, Daniel Danger wrote: > Quick thought on that: Is the password send via $_POST on every request, > or just once on login? If the latter is the case, then not every app has > the chance to read the password. (or am I wrong here?) > A malicious app can execute arbitr

Re: [Owncloud] Writing documentation about one-time passwords

Hey Roman, I was asked to take a look at your approach. This is an awesome idea and should be safe, so +1 from my site to include this in the documentation. The documentation should also include a short information how to test if the WebDAV authentication has been setup correctly. (Try to login o

Re: [Owncloud] Roadmap 5.0

On Fri, Feb 1, 2013 at 1:52 PM, Tiago Soares - Netmaker wrote: > I'm just wondering if the roadmap ( http://owncloud.org/dev/roadmap/) is up > to date. Not really. - This changelog is more up to date: https://github.com/owncloud/core/wiki/ownCloud-5-Features > Any thoughts about when 5.0 will b

Re: [Owncloud] dev/unstable download

> I have checked the official website/ftp/git (there are several branches > but no 5.0). Blame on me if I overlooked it... :) Master is always the upcoming version. So just checkout this branch. (don't forget to add the apps + 3rdparty repositories as well) An easier method may be to use our dail

Re: [Owncloud] Inline JS is going to be disabled - Important notice to all developers

Another ProTip™: If your app needs to pass some arguments to a Javascript function you can use the HTML5 data attribute for this. Template file: == "> Javascript file: $('#submit').live('click', function () { DoSomeWork($(this).data('link'), $(this).data('id'));

Re: [Owncloud] Inline JS is going to be disabled - Important notice to all developers

This has been now merged into master. Please fix your app to ensure that it will work with ownCloud 5.0. Cheers, Lukas ___ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] iOS sheduled sync ?

> @All: Where we track iOS bugs currently? :) https://github.com/owncloud/ios-issues/issues ___ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] Github labels

> I'm not sure about the latter, because it could be misunderstood as a way to report security issues. We had a few security reports in the past on Github issues instead of sending a mail to secur...@owncloud.com. So I'd suggest to just label this issues as an "enhancement". _

Re: [Owncloud] 4.5.2 is here

Found some time for a short version, please notice that the content may be corrected later. >XSS vulnerability in user_webdavauth (oC-SA-2012-003) http://owncloud.org/security/advisories/oc-sa-2012-003/ > Code Execution in /lib/migrate.php (oC-SA-2012-004) http://owncloud.org/security/adv

Re: [Owncloud] 4.5.2 is here

> Where can I read these advisories? We will publish them tomorrow evening or - at latest - friday afternoon. Sorry for the delay. THX Lukas ___ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] ownCloud packaging

> is there any information on how to subscribe to packag...@owncloud.org? http://mailman.owncloud.org/mailman/listinfo/packaging We should probably link to this page on our website. - Lukas ___ Owncloud mailing list Owncloud@kde.org https://mail.kde.or

Re: [Owncloud] ownCloud 4.5 beta 4

Hi FYI, this requires PHP 5.3.2 as minimum version. > Fatal error: Call to undefined function stream_resolve_include_path() in > /htdocs/owncloud/lib/base.php on line 99 http://php.net/manual/en/function.stream-resolve-include-path.php Cheers Lukas _