ICH MAG NICHT MEHR...
2013 May 17Ich mag nicht mehr… Ich mag einfach nicht mehr…
Ich mag echt nicht mehr mit solcher Schrottsoftware wie OwnCloud arbeiten; hat bitte jemand eine Alternative fuer mich?
Highlight des Tages: PROPFIND /.well-known/carddav
<?xml version="1.0" encoding="utf-8"?>
<D:propfind xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:carddav"><D:prop>
<D:current-user-principal/>
<D:resourcetype />
<D:displayname />
<C:addressbook-home-set/>
</D:prop></D:propfind>Unter OwnCloud 5.0.5 hat das die korrekte XML Antwort der CardDAV Ressourcen des sich authentifizierenden Users gegeben:
<?xml version="1.0" encoding="utf-8"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:card="urn:ietf:params:xml:ns:carddav">
<d:response>
<d:href>/remote.php/carddav/</d:href>
<d:propstat>
<d:prop>
<d:current-user-principal>
<d:href>/remote.php/carddav/principals/b***r@s***r.h***p.n***t/</d:href>
</d:current-user-principal>
<d:resourcetype>
<d:collection/>
</d:resourcetype>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:displayname/>
<card:addressbook-home-set/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/remote.php/carddav/principals/</d:href>
<d:propstat>
<d:prop>
<d:current-user-principal>
<d:href>/remote.php/carddav/principals/b***r@s***r.h***p.n***t/</d:href>
</d:current-user-principal>
<d:resourcetype>
<d:collection/>
</d:resourcetype>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:displayname/>
<card:addressbook-home-set/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/remote.php/carddav/addressbooks/</d:href>
<d:propstat>
<d:prop>
<d:current-user-principal>
<d:href>/remote.php/carddav/principals/b***r@s***r.h***p.n***t/</d:href>
</d:current-user-principal>
<d:resourcetype>
<d:collection/>
</d:resourcetype>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:displayname/>
<card:addressbook-home-set/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
</d:multistatus>Und unter dem tollen neuen - ein halbes Dutzend XSS und CSRF Fehler behenden - 5.0.6 bekomme ich trommelwirbel eine HTML-LOGIN SEITE!
<!DOCTYPE html>
<!--[if lt IE 7]><html class="ng-csp ie ie6 lte9 lte8 lte7"><![endif]-->
<!--[if IE 7]><html class="ng-csp ie ie7 lte9 lte8 lte7"><![endif]-->
<!--[if IE 8]><html class="ng-csp ie ie8 lte9 lte8"><![endif]-->
<!--[if IE 9]><html class="ng-csp ie ie9 lte9"><![endif]-->
<!--[if gt IE 9]><html class="ng-csp ie"><![endif]-->
<!--[if !IE]><!--><html class="ng-csp"><!--<![endif]-->
<head data-requesttoken="84f010760acb3ec5bbe6">
<title>ownCloud</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="apple-itunes-app" content="app-id=543672169">
<link rel="shortcut icon" href="/core/img/favicon.png" />
<link rel="apple-touch-icon-precomposed" href="/core/img/favicon-touch.png" />
<link rel="stylesheet" href="/remote.php/core.css?v=389bc7bb1e1c2a5e7e147703232a88f6" type="text/css" media="screen" />
<script type="text/javascript" src="/index.php/core/js/config.js?v=389bc7bb1e1c2a5e7e147703232a88f6"></script>
<script type="text/javascript" src="/remote.php/core.js?v=389bc7bb1e1c2a5e7e147703232a88f6"></script>
<script type="text/javascript" src="/core/js/visitortimezone.js?v=389bc7bb1e1c2a5e7e147703232a88f6"></script>
</head>
<body id="body-login">
<div id="login">
<header><div id="header">
<img src="/core/img/logo.svg" class="svg" alt="ownCloud" />
</div></header>
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form method="post">
<fieldset>
<ul>
</ul>
<p class="infield grouptop">
<input type="text" name="user" id="user" placeholder=""
value="" autofocus autocomplete="on" required/>
<label for="user" class="infield">Username</label>
<img class="svg" src="/core/img/actions/user.svg" alt=""/>
</p>
<p class="infield groupbottom">
<input type="password" name="password" id="password" value="" data-typetoggle="#show" placeholder=""
required />
<label for="password" class="infield">Password</label>
<img class="svg" id="password-icon" src="/core/img/actions/password.svg" alt=""/>
<input type="checkbox" id="show" name="show" />
<label for="show"></label>
</p>
<input type="checkbox" name="remember_login" value="1" id="remember_login"/><label
for="remember_login">remember</label>
<input type="hidden" name="timezone-offset" id="timezone-offset"/>
<input type="submit" id="submit" class="login primary" value="Log in"/>
</fieldset>
</form>
</div>
<footer><p class="info"><a href="http://owncloud.org/">ownCloud</a> –
web services under your control</p></footer>
</body>
</html>Ich weiss nicht, was ich dazu noch gross sagen soll…
EOF
Category: blog
Tags: TechSucks ownCloud CardDAV Roundcube RCMCardDAV