[Pkg-owncloud-commits] [owncloud-doc] 131/270: typos general
David Prévot
taffit at moszumanska.debian.org
Thu Jul 31 03:53:12 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository owncloud-doc.
commit 8e1c38f338480de61c898ad606c3660da7912316
Author: Volkan Gezer <volkangezer at gmail.com>
Date: Sat May 31 04:13:07 2014 +0200
typos general
---
developer_manual/general/codingguidelines.rst | 6 +++---
developer_manual/general/debugging.rst | 4 ++--
developer_manual/general/devenv.rst | 6 +++---
developer_manual/general/security.rst | 18 +++++++++---------
4 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/developer_manual/general/codingguidelines.rst b/developer_manual/general/codingguidelines.rst
index 9c44f74..bbeaa7d 100644
--- a/developer_manual/general/codingguidelines.rst
+++ b/developer_manual/general/codingguidelines.rst
@@ -13,14 +13,14 @@ General
* Quotes: ' for everything, " for HTML attributes (<p class="my_class">)
* End of Lines : Unix style (LF / '\n') only
* No global variables or functions
-* Unittests
+* Unit tests
* Software should work. Only put features into master when they are complete. It's better to not have a feature instead of having one that works poorly.
* Regularly reset your installation to see how the first-run experience is like. And improve it.
* When you ``git pull``, always ``git pull --rebase`` to avoid generating extra commits like: *merged master into master*
* We need a signed contributor agreement from you to commit into the core repository. But no worries; it's a nice one. All the information is in our `Contributor agreement FAQ <http://owncloud.org/about/contributor-agreement>`_.
-Userinterface
--------------
+User interface
+--------------
* Software should get out of the way. Do things automatically instead of offering configuration options.
* Software should be easy to use. Show only the most important elements. Secondary elements only on hover or via Advanced function.
* User data is sacred. Provide undo instead of asking for confirmation
diff --git a/developer_manual/general/debugging.rst b/developer_manual/general/debugging.rst
index 05074c5..bb7fe67 100644
--- a/developer_manual/general/debugging.rst
+++ b/developer_manual/general/debugging.rst
@@ -12,7 +12,7 @@ When debug mode is enabled ownCloud, a variety of debugging features are enabled
Identifying errors
------------------
-ownCloud uses custom error PHP handling that prevents errors being printed to webserver log files or command line output. Instead, errors are generally stored in ownCloud's own log file, located at: :file:`/data/owncloud.log`
+ownCloud uses custom error PHP handling that prevents errors being printed to web server log files or command line output. Instead, errors are generally stored in ownCloud's own log file, located at: :file:`/data/owncloud.log`
Debugging variables
@@ -32,7 +32,7 @@ not:
<?php trigger_error( "\$user = $user" ); // may not be logged anywhere ?>
-To disable custom error handling in ownCloud (and have PHP and your webserver handle errors instead), see Debug mode.
+To disable custom error handling in ownCloud (and have PHP and your web server handle errors instead), see Debug mode.
Debugging Javascript
diff --git a/developer_manual/general/devenv.rst b/developer_manual/general/devenv.rst
index 3c638eb..e4e3362 100644
--- a/developer_manual/general/devenv.rst
+++ b/developer_manual/general/devenv.rst
@@ -11,7 +11,7 @@ Please follow the steps on this page to set up your development environment.
Set up web server and database
==============================
-First `set up your webserver and database <http://doc.owncloud.org/server/7.0/admin_manual/installation.html>`_ (**Section**: Manual Installation - Prerequisites).
+First `set up your web server and database <http://doc.owncloud.org/server/7.0/admin_manual/installation.html>`_ (**Section**: Manual Installation - Prerequisites).
Get the source
==============
@@ -19,14 +19,14 @@ Get the source
There are two ways to obtain ownCloud sources:
* Using the `stable version <http://doc.owncloud.org/server/7.0/admin_manual/installation.html>`_
-* Using the developement version from `GitHub`_ which will be explained below.
+* Using the development version from `GitHub`_ which will be explained below.
To check out the source from `GitHub`_ you will need to install git (see `Setting up git <https://help.github.com/articles/set-up-git>`_ from the GitHub help)
Gather information about server setup
-------------------------------------
-To get started the basic git repositories need to cloned into the webserver's directory. Depending on the distro this will either be
+To get started the basic git repositories need to cloned into the web server's directory. Depending on the distribution this will either be
* **/var/www**
* **/var/www/html**
diff --git a/developer_manual/general/security.rst b/developer_manual/general/security.rst
index 1de5c9d..6d71eb6 100644
--- a/developer_manual/general/security.rst
+++ b/developer_manual/general/security.rst
@@ -56,14 +56,14 @@ An attacker might now easily send the user a link to::
app.php?username=<script src="attacker.tld"></script>
-to overtake the user account. The same problem occurs when outputting content from the database or any other location that is writeable by users.
+to overtake the user account. The same problem occurs when outputting content from the database or any other location that is writable by users.
Another attack vector that is often overlooked is XSS in **href** attributes. HTML allows to execute javascript in href attributes like this::
<a href="javascript:alert('xss')">
-To prevent XSS in your app, **never use echo, print() or <\%=** - use **p()** instead which will sanitize the input. Also **validate urls to start with the expected protocol** (starts with http for instance)!
+To prevent XSS in your app, **never use echo, print() or <\%=** - use **p()** instead which will sanitize the input. Also **validate URLs to start with the expected protocol** (starts with http for instance)!
.. note:: Should you ever require to print something unescaped, double check if it is really needed. If there is no other way (e.g. when including of subtemplates) use `print_unescaped` with care.
@@ -82,7 +82,7 @@ If you **really** want to use JavaScript for something like this use `escapeHTML
var html = '<li>' + escapeHTML(username) + '</li>';
-An even better way to make your app safer is to use the jQuery builtin function **$.text()** instead of **$.html()**.
+An even better way to make your app safer is to use the jQuery built-in function **$.text()** instead of **$.html()**.
**DON'T**
@@ -109,7 +109,7 @@ This is already built into ownCloud if :php:class:`OC_Template`.
Code executions / File inclusions
---------------------------------
-Code Execution means that an attacker is able to include an arbitrary PHP file. This PHP file runs with all the privileges granted to the normal application and can do an enourmous amount of damage.
+Code Execution means that an attacker is able to include an arbitrary PHP file. This PHP file runs with all the privileges granted to the normal application and can do an enormous amount of damage.
Code executions and file inclusions can be easily prevented by **never** allowing user-input to run through the following functions:
@@ -168,7 +168,7 @@ Shell Injection
.. note:: Please require/request additional programmers to audit your escape function.
-Without escaping the user input this will allow an attacker to execute arbitary shell commands on your server.
+Without escaping the user input this will allow an attacker to execute arbitrary shell commands on your server.
PHP offers the following functions to escape user input:
@@ -200,14 +200,14 @@ ownCloud offers three simple checks:
* **OCP\\JSON::checkAdminUser()**: Checks if the logged in user has admin privileges
* **OCP\\JSON::checkSubAdminUser()**: Checks if the logged in user has group admin privileges
-Using the App Framework, these checks are already automatically performed for each request and have to be explicitely turned off by using annotations above your controller method, see :doc:`../app/controllers`.
+Using the App Framework, these checks are already automatically performed for each request and have to be explicitly turned off by using annotations above your controller method, see :doc:`../app/controllers`.
Additionally always check if the user has the right to perform that action. (e.g. a user should not be able to delete other users' bookmarks).
Sensitive data exposure
-----------------------
-Always store user data or configuration files in safe locations, e.g. **owncloud/data/** and not in the webroot where they can be accessed by anyone using a webbrowser.
+Always store user data or configuration files in safe locations, e.g. **owncloud/data/** and not in the webroot where they can be accessed by anyone using a web browser.
Cross site request forgery
--------------------------
@@ -222,11 +222,11 @@ To prevent CSRF in an app, be sure to call the following method at the top of al
<?php
OCP\JSON::callCheck();
-If you are using the App Framework, every controller method is automatically checked for CSRF unless you explicitely exclude it by setting the @NoCSRFRequired annotation before the controller method, see :doc:`../app/controllers`
+If you are using the App Framework, every controller method is automatically checked for CSRF unless you explicitly exclude it by setting the @NoCSRFRequired annotation before the controller method, see :doc:`../app/controllers`
Unvalidated redirects
---------------------
-This is more of an annoyance than a critical security vulnerability since it may be used for social engineering or phising.
+This is more of an annoyance than a critical security vulnerability since it may be used for social engineering or phishing.
Always validate the URL before redirecting if the requested URL is on the same domain or an allowed ressource.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-doc.git
More information about the Pkg-owncloud-commits
mailing list