nextcloud-server/core
Lukas Reschke f3e9106864 Don't trust update server
In case the update server may deliver malicious content this would allow an adversary to inject arbitrary HTML into the response. So very bad stuff.

While signing the response would be better and something we can also do in the future (considering the code signing work), this is already a good first start.
2015-11-28 12:21:53 +01:00
..
ajax Replace some OC_Config calls with ILogger methods 2015-10-30 09:51:16 +01:00
avatar Update license headers 2015-10-26 14:04:01 +01:00
command Add cmdline key to show shipped/non-shipped apps only 2015-11-23 09:06:35 +01:00
css update page: fix heading whitespace and unbold less important sections 2015-11-25 13:16:00 +01:00
doc
fonts move font back from Light to Regular for body text on normal-res screens, fix #18954 2015-11-10 16:12:42 +01:00
img Merge pull request #20236 from maprambo/safari-pinned-tab-icon 2015-11-09 11:12:38 +01:00
js Fix for parsing pretty printed Webdav responses 2015-11-24 15:26:53 +01:00
l10n [tx-robot] updated from transifex 2015-11-28 01:55:16 -05:00
lostpassword remove unneeded icons from input fields to not distract from submit button, fix #18940 2015-10-30 11:11:37 +01:00
search add search fallback to browser 2015-11-24 15:01:20 +01:00
setup
skeleton
tags
templates Don't trust update server 2015-11-28 12:21:53 +01:00
user
vendor Fix for parsing pretty printed Webdav responses 2015-11-24 15:26:53 +01:00
application.php Update license headers 2015-10-26 14:04:01 +01:00
register_command.php
routes.php Update license headers 2015-10-26 14:04:01 +01:00
shipped.json Add Workflow app to shipped list 2015-11-27 14:26:39 +01:00
strings.php