search

owncloud / core

:cloud: ownCloud web server core (Files, DAV, etc.)
https://owncloud.com
GNU Affero General Public License v3.0
8.36k stars 2.06k forks source link

Owncloud loads apps stylesheets on login page before login #10586

Closed davodego closed 10 years ago

davodego commented 10 years ago

My owncloud installation loads app stylesheets before login. I've noticed about this by searching for failure of an 3rdparty app. Here is the sourcecode of my startepage:

<!DOCTYPE html>
<!--[if lt IE 7]><html class="ng-csp ie ie6 lte9 lte8 lte7" data-placeholder-focus="false"><![endif]-->
<!--[if IE 7]><html class="ng-csp ie ie7 lte9 lte8 lte7" data-placeholder-focus="false"><![endif]-->
<!--[if IE 8]><html class="ng-csp ie ie8 lte9 lte8" data-placeholder-focus="false"><![endif]-->
<!--[if IE 9]><html class="ng-csp ie ie9 lte9" data-placeholder-focus="false"><![endif]-->
<!--[if gt IE 9]><html class="ng-csp ie" data-placeholder-focus="false"><![endif]-->
<!--[if !IE]><!--><html class="ng-csp" data-placeholder-focus="false"><!--<![endif]-->

    <head data-requesttoken="1551443bdc1a13777474">
        <title>
        ownCloud        </title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0">
        <meta name="apple-itunes-app" content="app-id=543672169">
        <link rel="shortcut icon" href="/owncloud/core/img/favicon.png" />
        <link rel="apple-touch-icon-precomposed" href="/owncloud/core/img/favicon-touch.png" />
                    <link rel="stylesheet" href="/owncloud/core/css/styles.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/header.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/mobile.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/icons.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/fonts.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/apps.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/fixes.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/multiselect.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/jquery-ui-1.10.0.custom.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/jquery-tipsy.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/jquery.ocdialog.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/files_mv/css/mv.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/3rdparty/css/chosen/chosen.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/core/css/share.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/files_versions/css/versions.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/gallery/css/slideshow.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/search_lucene/css/lucene.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/files_videoviewer/css/style.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/files_videoviewer/css/mediaelementplayer.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/firstrunwizard/css/colorbox.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/firstrunwizard/css/firstrunwizard.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/ojsxc/css/jquery.mCustomScrollbar.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/ojsxc/css/jquery.colorbox.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/ojsxc/css/../js/jsxc/jsxc.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/ojsxc/css/../js/jsxc/jsxc.webrtc.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/ojsxc/css/jsxc.oc.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/owncloud/apps/ojsxc/css/muc.css?v=970627414218ccff3497cb7a784288f5" type="text/css" media="screen" />
                            <script type="text/javascript" src="/owncloud/index.php/core/js/oc.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/jquery-1.10.0.min.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/jquery-migrate-1.2.1.min.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/jquery-ui-1.10.0.custom.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/jquery-showpassword.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/placeholders.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/jquery-tipsy.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/compatibility.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/underscore.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/jquery.ocdialog.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/oc-dialogs.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/js.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/octemplate.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/eventsource.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/config.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/search/js/result.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/oc-requesttoken.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/apps.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/snap.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/placeholder.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/3rdparty/js/md5/md5.min.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/jquery.avatar.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/avatar.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_encryption/js/encryption.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_encryption/js/detect-migration.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_mv/js/move.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/3rdparty/js/chosen/chosen.jquery.min.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/share.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_sharing/js/share.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_sharing/js/external.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_versions/js/versions.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/gallery/js/jquery.mousewheel-3.1.1.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/gallery/js/slideshow.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/gallery/js/public.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/search_lucene/js/checker.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/bookmarks/js/bookmarksearch.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/documents/js/viewer/viewer.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_epubviewer/js/loader.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_pdfviewer/js/loader.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/files_videoviewer/js/viewer.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/firstrunwizard/js/jquery.colorbox.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/firstrunwizard/js/firstrunwizard.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/jquery.colorbox-min.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/jquery.slimscroll.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/jquery.fullscreen.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.muc.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.disco.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.caps.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.vcard.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.jingle/strophe.jingle.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.jingle/strophe.jingle.session.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.jingle/strophe.jingle.sdp.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/strophe.jingle/strophe.jingle.adapter.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/otr/build/dep/salsa20.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/otr/build/dep/bigint.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/otr/build/dep/crypto.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/eof.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/otr/build/dep/eventemitter.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/lib/otr/build/otr.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/jsxc.lib.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/jsxc/jsxc.lib.webrtc.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/ojsxc/js/ojsxc.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/apps/rainloop/js/rainloop.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/visitortimezone.js?v=970627414218ccff3497cb7a784288f5"></script>
                    <script type="text/javascript" src="/owncloud/core/js/lostpassword.js?v=970627414218ccff3497cb7a784288f5"></script>

            </head>
        <body id="body-login">
        <div class="wrapper"><!-- for sticky footer -->
            <div class="v-align"><!-- vertically centred box -->
                <header><div id="header">
                    <div class="logo svg"></div>
                    <div id="logo-claim" style="display:none;"></div>
                </div></header>

<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form method="post" name="login">
    <fieldset>
                            <p id="message" class="hidden">
            <img class="float-spinner" src="/owncloud/core/img/loading-dark.gif"/>
            <span id="messageText"></span>
            <!-- the following div ensures that the spinner is always inside the #message div -->
            <div style="clear: both;"></div>
        </p>
        <p class="grouptop">
            <input type="text" name="user" id="user"
                placeholder="Benutzername"
                value=""
                autofocus               autocomplete="on" autocapitalize="off" autocorrect="off" required />
            <label for="user" class="infield">Benutzername</label>
            <img class="svg" src="/owncloud/core/img/actions/user.svg" alt=""/>
        </p>

        <p class="groupbottom">
            <input type="password" name="password" id="password" value=""
                placeholder="Passwort"
                                autocomplete="on" autocapitalize="off" autocorrect="off" required />
            <label for="password" class="infield">Passwort</label>
            <img class="svg" id="password-icon" src="/owncloud/core/img/actions/password.svg" alt=""/>
        </p>

                        <input type="hidden" name="timezone-offset" id="timezone-offset"/>
        <input type="hidden" name="requesttoken" value="1551443bdc1a13777474" />
        <input type="submit" id="submit" class="login primary" value="Einloggen" disabled="disabled"/>
    </fieldset>
</form>

            <div class="push"></div><!-- for sticky footer -->
            </div>
        </div>

        <footer>
            <p class="info">
                <a href="https://owncloud.org" target="_blank">ownCloud</a> – Web-Services unter Deiner Kontrolle         </p>
        </footer>
    </body>
</html>
schiessle commented 10 years ago

Please use the issue template to provider some more information: https://raw.githubusercontent.com/owncloud/core/master/issue_template.md Thanks.

davodego commented 10 years ago

Sure, sorry!

Steps to reproduce

  1. go to login page of my installation dienste.srvdg.de/owncloud
  2. view sourcecode of the page

Expected behaviour

Site loaded without contact to apps/3rdparty apps. It's more fast and more secure.

Actual behaviour

Sourcecode shows a large number of stylesheets from apps in my installation. Loading time is longer and world can see what apps are installed.

Server configuration

Operating system: ubuntu 12.04.4 LTS

Web server:: apache 2.2.22

Database:: mysql

PHP version:: 5.3

ownCloud version:: owncloud 7.0.1

Updated from an older ownCloud or fresh install: Updated from older install. List of activated apps: files, documents, dashboard, images, rainloop, notes, news, bookmarks The content of config/config.php:

<?php
$CONFIG = array (
  'instanceid' => 'oc1d2fb988cc',
  'passwordsalt' => ,
  'datadirectory' => '/var/www/owncloud/data',
  'dbtype' => 'mysql',
  'version' => '7.0.1.1',
  'dbname' => 'owncloud6',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_davodego',
  'dbpassword' => ,
  'installed' => true,
  'theme' => '',
  'maintenance' => false,
  'forcessl' => true,
  'loglevel' => '2',
  'logtimezone' => 'Europe/Berlin',
  'log_type' => 'syslog',
  'log_authfailip' => true,
  'trusted_domains' => 
  array (
    0 => 'dienste.srvdg.de',
  ),
  'xframe_restriction' => false,
  'mail_smtpmode' => 'php',
  'mail_smtpname' => 'davodego',
  'mail_smtppassword' => ,
  'mail_from_address' => 'admin',
  'mail_domain' => 'srvdg.de',
);

Are you using external storage, if yes which one: local/smb/sftp/... External storage: sftp/webdav Are you using encryption: encryption enabled

Client configuration

Browser:: Firefox 31.0 ESR / Iron Browser (chromium) 33.0.1800.0 (260000)

Operating system: Windows 8.1, OpenSuse 13.01

Logs

Web server error log

Insert your webserver log here

No errors in log.

Owncloud Log:

{"app":"PHP","message":"Undefined index: adminlogin at \/var\/www\/owncloud\/core\/templates\/installation.php#52","level":3,"time":"2014-08-01T20:10:20+00:00"} {"app":"PHP","message":"Undefined index: adminpass at \/var\/www\/owncloud\/core\/templates\/installation.php#60","level":3,"time":"2014-08-01T20:10:20+00:00"} {"app":"PHP","message":"Undefined index: databases at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:10:20+00:00"} {"app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:10:20+00:00"} {"app":"PHP","message":"Undefined index: dbuser at \/var\/www\/owncloud\/core\/templates\/installation.php#114","level":3,"time":"2014-08-01T20:10:20+00:00"} {"app":"PHP","message":"Undefined index: dbpass at \/var\/www\/owncloud\/core\/templates\/installation.php#120","level":3,"time":"2014-08-01T20:10:20+00:00"} {"app":"PHP","message":"Undefined index: dbname at \/var\/www\/owncloud\/core\/templates\/installation.php#130","level":3,"time":"2014-08-01T20:10:20+00:00"} {"app":"PHP","message":"Undefined index: dbhost at \/var\/www\/owncloud\/core\/templates\/installation.php#149","level":3,"time":"2014-08-01T20:10:20+00:00"} {"app":"PHP","message":"Undefined index: dbtype at \/var\/www\/owncloud\/lib\/private\/setup.php#25","level":3,"time":"2014-08-01T20:10:54+00:00"} {"app":"PHP","message":"Undefined index: databases at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:10:54+00:00"} {"app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:10:54+00:00"} {"app":"PHP","message":"Undefined index: dbtype at \/var\/www\/owncloud\/lib\/private\/setup.php#25","level":3,"time":"2014-08-01T20:11:17+00:00"} {"app":"PHP","message":"Undefined index: databases at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:11:17+00:00"} {"app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:11:17+00:00"} {"app":"PHP","message":"Undefined index: dbtype at \/var\/www\/owncloud\/lib\/private\/setup.php#25","level":3,"time":"2014-08-01T20:14:01+00:00"} {"app":"PHP","message":"Undefined index: databases at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:14:01+00:00"} {"app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:14:01+00:00"} {"app":"PHP","message":"Undefined index: dbtype at \/var\/www\/owncloud\/lib\/private\/setup.php#25","level":3,"time":"2014-08-01T20:14:08+00:00"} {"app":"PHP","message":"Undefined index: databases at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:14:08+00:00"} {"app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:14:08+00:00"} {"app":"PHP","message":"Undefined index: dbtype at \/var\/www\/owncloud\/lib\/private\/setup.php#25","level":3,"time":"2014-08-01T20:14:43+00:00"} {"app":"PHP","message":"Undefined index: databases at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:14:43+00:00"} {"app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/owncloud\/core\/templates\/installation.php#94","level":3,"time":"2014-08-01T20:14:43+00:00"} ....

Brwoser Log

Firefox Java Konsole: ... Using //@ to indicate sourceMappingURL pragmas is deprecated. Use //# instead jquery-1.10.0.min.js:1 https://dienste.srvdg.de/wolke/core/js/jquery-1.10.0.min.js?v=970627414218ccff3497cb7a784288f5 is being assigned a //# sourceMappingURL, but already has one Synchrone XMLHttpRequests am Haupt-Thread sollte nicht mehr verwendet werden, weil es nachteilige Effekte für das Erlebnis der Endbenutzer hat. Für weitere Hilfe siehe http://xhr.spec.whatwg.org/ jquery-1.10.0.min.js:6 getPreventDefault() sollte nicht mehr verwendet werden. Verwenden Sie stattdessen defaultPrevented. jquery-1.10.0.min.js:5 ... Chrome JavaKonsole:: ... event.returnValue is deprecated. Please use the standard event.preventDefault() instead. jquery-1.10.0.min.js?v=970627414218ccff3497cb7a784288f5:5 ... Firefox Network log: ... GET https://dienste.srvdg.de/wolke/ [HTTP/1.1 200 OK 589ms] GET https://dienste.srvdg.de/wolke/core/css/styles.css [HTTP/1.1 304 Not Modified 137ms] GET https://dienste.srvdg.de/wolke/core/css/header.css [HTTP/1.1 304 Not Modified 9ms] GET https://dienste.srvdg.de/wolke/core/css/mobile.css [HTTP/1.1 304 Not Modified 1404ms] GET https://dienste.srvdg.de/wolke/core/css/icons.css [HTTP/1.1 304 Not Modified 1407ms] GET https://dienste.srvdg.de/wolke/core/css/fonts.css [HTTP/1.1 304 Not Modified 1413ms] GET https://dienste.srvdg.de/wolke/core/css/apps.css [HTTP/1.1 304 Not Modified 1400ms] GET https://dienste.srvdg.de/wolke/core/css/fixes.css [HTTP/1.1 304 Not Modified 1388ms] GET https://dienste.srvdg.de/wolke/core/css/multiselect.css [HTTP/1.1 304 Not Modified 1411ms] GET https://dienste.srvdg.de/wolke/core/css/jquery-ui-1.10.0.custom.css [HTTP/1.1 304 Not Modified 1396ms] GET https://dienste.srvdg.de/wolke/core/css/jquery-tipsy.css [HTTP/1.1 304 Not Modified 1437ms] GET https://dienste.srvdg.de/wolke/core/css/jquery.ocdialog.css [HTTP/1.1 304 Not Modified 1420ms] GET https://dienste.srvdg.de/wolke/apps/files_mv/css/mv.css [HTTP/1.1 304 Not Modified 1424ms] GET https://dienste.srvdg.de/wolke/3rdparty/css/chosen/chosen.css [HTTP/1.1 304 Not Modified 1431ms] GET https://dienste.srvdg.de/wolke/core/css/share.css [HTTP/1.1 304 Not Modified 1433ms] GET https://dienste.srvdg.de/wolke/apps/files_versions/css/versions.css [HTTP/1.1 304 Not Modified 1426ms] GET https://dienste.srvdg.de/wolke/apps/gallery/css/slideshow.css [HTTP/1.1 304 Not Modified 1451ms] GET https://dienste.srvdg.de/wolke/apps/search_lucene/css/lucene.css [HTTP/1.1 304 Not Modified 1442ms] GET https://dienste.srvdg.de/wolke/apps/files_videoviewer/css/style.css [HTTP/1.1 304 Not Modified 1444ms] GET https://dienste.srvdg.de/wolke/apps/files_videoviewer/css/mediaelementplayer.css [HTTP/1.1 304 Not Modified 1448ms] GET https://dienste.srvdg.de/wolke/apps/firstrunwizard/css/colorbox.css [HTTP/1.1 304 Not Modified 1456ms] GET https://dienste.srvdg.de/wolke/apps/firstrunwizard/css/firstrunwizard.css [HTTP/1.1 304 Not Modified 1455ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/css/jquery.mCustomScrollbar.css [HTTP/1.1 304 Not Modified 1464ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/css/jquery.colorbox.css [HTTP/1.1 304 Not Modified 1468ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/jsxc.css [HTTP/1.1 304 Not Modified 1476ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/jsxc.webrtc.css [HTTP/1.1 304 Not Modified 1460ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/css/jsxc.oc.css [HTTP/1.1 304 Not Modified 1479ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/css/muc.css [HTTP/1.1 304 Not Modified 1472ms] GET https://dienste.srvdg.de/wolke/index.php/core/js/oc.js [HTTP/1.1 200 OK 2047ms] GET https://dienste.srvdg.de/wolke/core/js/jquery-1.10.0.min.js [HTTP/1.1 304 Not Modified 1483ms] GET https://dienste.srvdg.de/wolke/core/js/jquery-migrate-1.2.1.min.js [HTTP/1.1 304 Not Modified 1491ms] GET https://dienste.srvdg.de/wolke/core/js/jquery-ui-1.10.0.custom.js [HTTP/1.1 304 Not Modified 1495ms] GET https://dienste.srvdg.de/wolke/core/js/jquery-showpassword.js [HTTP/1.1 304 Not Modified 1502ms] GET https://dienste.srvdg.de/wolke/core/js/placeholders.js [HTTP/1.1 304 Not Modified 1487ms] GET https://dienste.srvdg.de/wolke/core/js/jquery-tipsy.js [HTTP/1.1 304 Not Modified 1510ms] GET https://dienste.srvdg.de/wolke/core/js/compatibility.js [HTTP/1.1 304 Not Modified 1515ms] GET https://dienste.srvdg.de/wolke/core/js/underscore.js [HTTP/1.1 304 Not Modified 1507ms] GET https://dienste.srvdg.de/wolke/core/js/jquery.ocdialog.js [HTTP/1.1 304 Not Modified 1523ms] GET https://dienste.srvdg.de/wolke/core/js/oc-dialogs.js [HTTP/1.1 304 Not Modified 1518ms] GET https://dienste.srvdg.de/wolke/core/js/js.js [HTTP/1.1 304 Not Modified 1538ms] GET https://dienste.srvdg.de/wolke/core/js/octemplate.js [HTTP/1.1 304 Not Modified 1530ms] GET https://dienste.srvdg.de/wolke/core/js/eventsource.js [HTTP/1.1 304 Not Modified 1534ms] GET https://dienste.srvdg.de/wolke/core/js/config.js [HTTP/1.1 304 Not Modified 1545ms] GET https://dienste.srvdg.de/wolke/search/js/result.js [HTTP/1.1 304 Not Modified 1542ms] GET https://dienste.srvdg.de/wolke/core/js/oc-requesttoken.js [HTTP/1.1 304 Not Modified 1554ms] GET https://dienste.srvdg.de/wolke/core/js/apps.js [HTTP/1.1 304 Not Modified 1560ms] GET https://dienste.srvdg.de/wolke/core/js/snap.js [HTTP/1.1 304 Not Modified 1557ms] GET https://dienste.srvdg.de/wolke/core/js/placeholder.js [HTTP/1.1 304 Not Modified 1565ms] GET https://dienste.srvdg.de/wolke/3rdparty/js/md5/md5.min.js [HTTP/1.1 304 Not Modified 1568ms] GET https://dienste.srvdg.de/wolke/core/js/jquery.avatar.js [HTTP/1.1 304 Not Modified 1588ms] GET https://dienste.srvdg.de/wolke/core/js/avatar.js [HTTP/1.1 304 Not Modified 1577ms] GET https://dienste.srvdg.de/wolke/apps/files_encryption/js/encryption.js [HTTP/1.1 304 Not Modified 1581ms] GET https://dienste.srvdg.de/wolke/apps/files_encryption/js/detect-migration.js [HTTP/1.1 304 Not Modified 1584ms] GET https://dienste.srvdg.de/wolke/apps/files_mv/js/move.js [HTTP/1.1 304 Not Modified 1590ms] GET https://dienste.srvdg.de/wolke/3rdparty/js/chosen/chosen.jquery.min.js [HTTP/1.1 304 Not Modified 1610ms] GET https://dienste.srvdg.de/wolke/core/js/share.js [HTTP/1.1 304 Not Modified 1596ms] GET https://dienste.srvdg.de/wolke/apps/files_sharing/js/share.js [HTTP/1.1 304 Not Modified 1607ms] GET https://dienste.srvdg.de/wolke/apps/files_sharing/js/external.js [HTTP/1.1 304 Not Modified 1604ms] GET https://dienste.srvdg.de/wolke/apps/files_versions/js/versions.js [HTTP/1.1 304 Not Modified 1614ms] GET https://dienste.srvdg.de/wolke/apps/gallery/js/jquery.mousewheel-3.1.1.js [HTTP/1.1 304 Not Modified 1620ms] GET https://dienste.srvdg.de/wolke/apps/gallery/js/slideshow.js [HTTP/1.1 304 Not Modified 1637ms] GET https://dienste.srvdg.de/wolke/apps/gallery/js/public.js [HTTP/1.1 304 Not Modified 1635ms] GET https://dienste.srvdg.de/wolke/apps/search_lucene/js/checker.js [HTTP/1.1 304 Not Modified 1627ms] GET https://dienste.srvdg.de/wolke/apps/bookmarks/js/bookmarksearch.js [HTTP/1.1 304 Not Modified 1632ms] GET https://dienste.srvdg.de/wolke/apps/documents/js/viewer/viewer.js [HTTP/1.1 304 Not Modified 1660ms] GET https://dienste.srvdg.de/wolke/apps/files_epubviewer/js/loader.js [HTTP/1.1 304 Not Modified 1643ms] GET https://dienste.srvdg.de/wolke/apps/files_pdfviewer/js/loader.js [HTTP/1.1 304 Not Modified 1659ms] GET https://dienste.srvdg.de/wolke/apps/files_videoviewer/js/viewer.js [HTTP/1.1 304 Not Modified 1651ms] GET https://dienste.srvdg.de/wolke/apps/firstrunwizard/js/jquery.colorbox.js [HTTP/1.1 304 Not Modified 1647ms] GET https://dienste.srvdg.de/wolke/apps/firstrunwizard/js/firstrunwizard.js [HTTP/1.1 304 Not Modified 1685ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/jquery.colorbox-min.js [HTTP/1.1 304 Not Modified 1671ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/jquery.slimscroll.js [HTTP/1.1 304 Not Modified 1683ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/jquery.fullscreen.js [HTTP/1.1 304 Not Modified 1675ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.js [HTTP/1.1 304 Not Modified 1666ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.muc.js [HTTP/1.1 304 Not Modified 1706ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.disco.js [HTTP/1.1 304 Not Modified 1691ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.caps.js [HTTP/1.1 304 Not Modified 1699ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.vcard.js [HTTP/1.1 304 Not Modified 1694ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.jingle/strophe.jingle.js [HTTP/1.1 304 Not Modified 1708ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.jingle/strophe.jingle.session.js [HTTP/1.1 304 Not Modified 1714ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.jingle/strophe.jingle.sdp.js [HTTP/1.1 304 Not Modified 1718ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/strophe.jingle/strophe.jingle.adapter.js [HTTP/1.1 304 Not Modified 1726ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/otr/build/dep/salsa20.js [HTTP/1.1 304 Not Modified 1730ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/otr/build/dep/bigint.js [HTTP/1.1 304 Not Modified 1722ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/otr/build/dep/crypto.js [HTTP/1.1 304 Not Modified 1746ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/eof.js [HTTP/1.1 304 Not Modified 1750ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/otr/build/dep/eventemitter.js [HTTP/1.1 304 Not Modified 1743ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/lib/otr/build/otr.js [HTTP/1.1 304 Not Modified 1753ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/jsxc.lib.js [HTTP/1.1 304 Not Modified 1738ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/jsxc/jsxc.lib.webrtc.js [HTTP/1.1 304 Not Modified 1758ms] GET https://dienste.srvdg.de/wolke/apps/ojsxc/js/ojsxc.js [HTTP/1.1 304 Not Modified 1776ms] GET https://dienste.srvdg.de/wolke/apps/rainloop/js/rainloop.js [HTTP/1.1 304 Not Modified 1762ms] GET https://dienste.srvdg.de/wolke/core/js/visitortimezone.js [HTTP/1.1 304 Not Modified 1765ms] GET https://dienste.srvdg.de/wolke/core/js/lostpassword.js [HTTP/1.1 304 Not Modified 1773ms] POST https://dienste.srvdg.de/wolke/index.php/core/ajax/translations.php [HTTP/1.1 200 OK 487ms] GET https://dienste.srvdg.de/wolke/core/img/loading-dark.gif [HTTP/1.1 304 Not Modified 17ms] GET https://dienste.srvdg.de/wolke/core/img/actions/user.svg [HTTP/1.1 304 Not Modified 13ms] POST https://dienste.srvdg.de/wolke/index.php/core/ajax/translations.php [HTTP/1.1 200 OK 310ms] GET https://dienste.srvdg.de/wolke/core/img/actions/password.svg [HTTP/1.1 304 Not Modified 13ms] GET https://dienste.srvdg.de/wolke/core/img/logo.svg [HTTP/1.1 304 Not Modified 5ms] GET https://dienste.srvdg.de/wolke/core/img/breadcrumb.svg [HTTP/1.1 304 Not Modified 5ms] GET https://dienste.srvdg.de/wolke/core/img/actions/play.svg [HTTP/1.1 304 Not Modified 5ms] ... Chrome Network log: ...

translations.php /owncloud/index.php/core/ajax POST 200 OK application/json jquery-1.10.0.min.js?v=970627414218ccff3497cb7a784288f5:6 Script 865 B 155 B 290 ms 290 ms 290 ms0 play.svg /owncloud/core/img/actions GET 200 OK image/svg+xml jquery-1.10.0.min.js?v=970627414218ccff3497cb7a784288f5:5 Script (from cache) Pending 00 jquery-1.10.0.min.map /owncloud/core/js GET 404 Not Found text/html Other 2.1 KB 5.8 KB 118 ms 105 ms 105 ms ... Sourcecode of Login page can be found in first post.

karlitschek commented 10 years ago

This is a feature not a bug in my opinion. By doing this a user-management app can enhance the login screen. Why do you think this is a problem?

davodego commented 10 years ago

I had a problem with xmpp chat app. By searching for the problem a friend of mine, he uses owncloud to, thought it was strange. On his installation the 3rd party stylsheets are not in index.php. If you say it is OK, it's OK for me.

Daniel

Nachrichten an mich knnen mit PGP verschlsselt werden. Infos zu PGP: http://is.gd/1KiJxw http://is.gd/1KiJxw. Meinen ffentlichen PGP Schlssel bekommt man hier:http://srvdg.de/s/j http://srvdg.de/s/j.

ko-Sozial handeln: netzwerkB.org | gls-bank.de | memo.de | ecotopten.de | aventer.biz | fairnopoly.de

Daniel von der Gnna Kranichfeld, Thringen, old Europe

xmpp: davodego(at)jabber.srvdg.de

http://fca.irgendwieanders.eu/profile/davodego http://fca.irgendwieanders.eu/profile/davodego

Gesendet mit Zarafa Groupware-Server

-----Ursprüngliche Nachricht----- Von: Frank Karlitscheknotifications@github.com Gesendet: Son 21 September 2014 17:16 An: owncloud/core core@noreply.github.com CC: davodego mail@irgendwieanders.eu Betreff: Re: [core] Owncloud loads apps stylesheets on login page before login (#10586)

This is a feature not a bug in my opinion. By doing this a user-management app can enhance the login screen. Why do you think this is a problem?

Reply to this email directly or view it on GitHub https://github.com/owncloud/core/issues/10586#issuecomment-56301799.

davodego commented 10 years ago

Hi, but, is it not a security issiue when everybody can see what apss I have installed by viewing the sourcecode from my index.php?

Daniel

Nachrichten an mich knnen mit PGP verschlsselt werden. Infos zu PGP: http://is.gd/1KiJxw http://is.gd/1KiJxw. Meinen ffentlichen PGP Schlssel bekommt man hier:http://srvdg.de/s/j http://srvdg.de/s/j.

ko-Sozial handeln: netzwerkB.org | gls-bank.de | memo.de | ecotopten.de | aventer.biz | fairnopoly.de

Daniel von der Gnna Kranichfeld, Thringen, old Europe

xmpp: davodego(at)jabber.srvdg.de

http://fca.irgendwieanders.eu/profile/davodego http://fca.irgendwieanders.eu/profile/davodego

Gesendet mit Zarafa Groupware-Server

-----Ursprüngliche Nachricht----- Von: Frank Karlitscheknotifications@github.com Gesendet: Son 21 September 2014 17:16 An: owncloud/core core@noreply.github.com CC: davodego mail@irgendwieanders.eu Betreff: Re: [core] Owncloud loads apps stylesheets on login page before login (#10586)

This is a feature not a bug in my opinion. By doing this a user-management app can enhance the login screen. Why do you think this is a problem?

Reply to this email directly or view it on GitHub https://github.com/owncloud/core/issues/10586#issuecomment-56301799.

DeepDiver1975 commented 10 years ago

but, is it not a security issiue when everybody can see what apss I have installed by viewing the sourcecode from my index.php?

@LukasReschke your opinion on this? THX

LukasReschke commented 10 years ago

We cannot really prevent this considering that an attacker can also just enumerate CSS or JS files (etc.)

Enumerating software versions and the installed software is not something that we can really prevent. - At least in my threat model this is not a problem.