c0a02f1615
Verify CSRF token already in update.php and not the EventSource code
...
Issue report:
> Hum, well I upgraded the package then visited the web interface to
trigger the update and it failed; the UI would say there was a
possible CSRF attack and after that it'd be stuck in maintenance mode.
Tried a few times (by editing maintenance to false in owncloud.conf)
and same result each time.
That smells partially like an issue caused by our EventSource implementation, due to legacy concerns the CSRF verification happens within the EventSource handling and not when the actual endpoint is called, what happens here then is:
1. User has somehow an invalid CSRF token in session (or none at all)
2. User clicks the update button
3. Invalid CSRF token is sent to update.php - no CSRF check there => Instance gets set in maintenance mode
4. Invalid CSRF token is processed by the EventSource code => Code Execution is stopped and ownCloud is stuck in maintenance mode
I have a work-around for this problem, basically it verifies the CSRF token already in step 3 and cancels execution then. The same error will be shown to the user however he can work around it by refreshing the page – as stated by the error. I think that’s an acceptable behaviour for now: INSERT LINK
To verify this test:
1. Delete your ownCloud cookies
2. Increment the version in version.php
3. Try to upgrade
=> Before the patch: Instance shows an error, is set to upgrade mode and a refresh does not help
=> After the patch: Instance shows an error, a refresh helps though.
This is not really the best fix as a better solution would be to catch such situations when bootstrapping ownCloud, however, I don’t dare to touch base.php for this sake only, you never know what breaks then…
That said: There might be other bugs as well, especially the stacktrace is somewhat confusing but then again it installing ownCloud under /usr/share/owncloud/ and I bet that is part of the whole issue ;-)
2015-03-09 10:07:30 +01:00
22bc37cb82
Properly forward repair errors and warnings
...
This makes repair errors and warnings visible for the user when
upgrading on the command line or in the web UI.
2015-02-27 12:44:04 +01:00
06aef4e8b1
Revert "Updating license headers"
...
This reverts commit 6a1a4880f0
2015-02-26 11:37:37 +01:00
bbf7f56f94
3rd-party apps are disabled on upgrade - refs #14026
2015-02-24 12:02:36 +01:00
6a1a4880f0
Updating license headers
2015-02-23 12:13:59 +01:00
a7df23ceba
Manually type-case all AJAX files
...
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈
Fixes https://github.com/owncloud/core/issues/14196 for core
2015-02-13 13:33:20 +01:00
ce47065d8f
kill ancient code
2015-01-20 14:14:01 +01:00
ceaaab6295
Verify whether type is correct
...
`$this->info` can very well contain an empty array or possibly other values. This means that when this code path is called a PHP Fatal error might get thrown which is not what we want.
2015-01-08 18:38:17 +01:00
bfb6e350d5
Merge pull request #13016 from owncloud/sharing_fixes
...
don't delete share table entries for the unique name if re-share permission was removed
2015-01-07 18:14:53 +01:00
e9e7ee67d3
shareType and permissions are integers
2015-01-07 16:36:13 +01:00
d3662722f6
new OC.Search, add search result formatters and handlers, use full content width for results
2015-01-02 10:28:41 +01:00
24993280ed
Next step in server-to-server sharing next generation, see #12285
...
Beside some small improvements and bug fixes this will probably the final state for OC8.
To test this you need to set up two ownCloud instances. Let's say:
URL: myPC/firstOwnCloud user: user1
URL: myPC/secondOwnCloud user: user2
Now user1 can share a file with user2 by entering the username and the URL to the second ownCloud to the share-drop-down, in this case "user2@myPC/secondOwnCloud".
The next time user2 login he will get a notification that he received a server-to-server share with the option to accept/decline it. If he accept it the share will be mounted. In both cases a event will be send back to user1 and add a notification to the activity stream that the share was accepted/declined.
If user1 decides to unshare the file again from user2 the share will automatically be removed from the second ownCloud server and user2 will see a notification in his activity stream that user1@myPC/firstOwnCloud has unshared the file/folder from him.
2014-12-19 15:20:24 +01:00
c9fd3c9d29
Inject config
2014-12-10 01:13:38 +03:00
303fce44f4
Use httphelper and cache response even when it empty
2014-12-06 20:17:47 +03:00
a589d61b78
in case a translation javascript is not found we no longer bail out
...
remove translation.php
2014-10-29 10:09:12 +01:00
d9907b6fa3
move some deprecated usage of OC_Config and OC_AppConfig to \OC::server
2014-10-20 14:44:44 +02:00
ba2472575f
Close the session for preview generation
...
Without closing the session every preview image generation is locking the session which makes the webinterface unresponsive.
2014-09-29 14:27:44 +02:00
fa096217b1
Merge pull request #9512 from libasys/patch-2
...
Fix use Sharing Api with calendar
2014-09-09 23:58:24 +02:00
70abce0482
Merge pull request #10739 from owncloud/eventsource-public
...
Add EventSource to the public API
2014-09-08 18:46:27 +02:00
fa3393674c
Better phpdoc and method naming
2014-09-04 13:26:51 +02:00
65608d7c92
Use the public api to get event sources
2014-09-03 13:36:15 +02:00
e05b95636b
Fix upgrade process when apps enabled for specific groups
...
Fix issue where the currently logged user was causing side-effects when
upgrading.
Now setting incognito mode (no user) on update to make sure the whole
apps list is taken into account with getEnabledApps() or isEnabled().
2014-09-02 17:16:14 +02:00
d0266c0bf8
Use public api for getting l10n
2014-08-31 10:08:22 +02:00
4aca46046b
Add require_once to update.php due to routing
...
Fixes https://github.com/owncloud/core/issues/10585
Partially reverts 52d5429768
2014-08-22 11:39:05 +02:00
52d5429768
Merge pull request #10522 from owncloud/removeLoadAppScript
...
Remove loadAppScriptFile
2014-08-21 19:59:31 +02:00
ab12bd292d
Add update route to core
2014-08-19 15:40:08 +02:00
fdfc5c67f8
Merge pull request #9866 from owncloud/app-upgrade
...
Don't do app upgrades in the background
2014-08-19 13:33:38 +02:00
d9f35d8c15
we need the recipient as a additional parameter to know for which share the notification was send
2014-08-13 17:02:51 +02:00
3184983565
Send feedback from upgrading apps to the upgrade ui
2014-08-04 13:41:05 +02:00
6d06a765f4
in case $_POST['itemSourceName'] does not exist we simply default it to null
2014-08-01 09:10:14 +02:00
4eb2b4e1b0
Merge pull request #10051 from owncloud/preview-empty-text
...
Use svg mimeicons for empty text files
2014-07-31 11:38:29 +02:00
4a9b0d5465
Use svg mimeicons for empty text files
2014-07-30 16:31:37 +02:00
c066320208
Also keep maxY into account when scaling a preview while preserving aspect ratio
2014-07-30 13:52:40 +02:00
ecc1f92bb6
add OCS api call to set expire date for link shares
2014-07-25 13:38:18 +02:00
e6b093bfb9
Fix use Sharing Api with calendar
...
Without this fix it logs this error:
Undefined index: itemSourceName at /opt/local/apache2/htdocs/oc7/core/ajax/share.php#44
I think the itemSourceName is only used with sharing files!
2014-07-08 10:57:51 +02:00
9c00f5ddb6
set minDate and maxDate in datepicker
2014-06-06 17:40:16 +02:00
6578f00b4b
unify share settings
2014-06-05 15:49:34 +02:00
5b97369b00
Simulate apps database schema update on upgrade
...
When upgrade, also simulate the database schema update for apps before
doing the actual upgrade.
2014-06-04 17:16:44 +02:00
02f682b156
Now showing disabled apps as upgrade status line
...
- Added app id in update overview.
- Added status message for disabled app for CLI upgrade and web upgrade
2014-05-27 15:20:33 +02:00
ab7ae004f7
Automatically copy the share expiration date when new shares are created
...
Fix #4823
2014-05-19 01:38:47 +02:00
20893cc3b3
Images on public sharing get downscaled to increase use experience - this will speed up loading time
...
- adding keep aspect to core/ajax/preview.php
- remove duplicate method Preview::show()
- no more hard coded mimetype of preview
- remove .png from the preview urls
- keep old route preview.png for backwards compatibility
- aspect preserving previews are now cached
2014-05-02 17:02:57 +02:00
dcca5f7bdd
Merge pull request #5857 from owncloud/type-ahead-share-by-mail-master
...
introduce auto completion on share email - integrated with the contactsm...
2014-04-11 00:04:58 +02:00
f9279ac77a
killing some more calls to OC_App::loadApps(); - because we load all apps in handleRequest()
2014-03-25 17:42:41 +01:00
0b4d879619
Fix copy/paste error :P
2014-03-25 15:38:11 +01:00
aa5bba2bcc
'ID' => 'id' and check existence of EMAIL
2014-03-25 14:22:39 +01:00
6ff96b34ad
Merge branch 'master' into load-apps-proper-master
...
Conflicts:
apps/files/ajax/rawlist.php
cron.php
ocs/v1.php
2014-03-21 14:05:08 +01:00
6252c248c2
Merge pull request #7557 from owncloud/issue/7297
...
Do not allow setting an expiration date in the past
2014-03-19 15:53:08 +01:00
6b9ae27b90
drop file cache migration OC5 -> OC6
2014-03-18 17:14:38 +01:00
f1ecc758f5
send an individual email to each recipient
2014-03-10 21:54:23 +01:00
80393d9c0f
Do not allow setting an expiration date in the past
...
Fix #7297
2014-03-05 13:12:58 +01:00
7c4f81bd78
rename url parameter
2014-02-24 13:24:10 +01:00
4715fb12c8
Add url parameter to control whether previews should return 404 when the mimetype is unsupported
2014-02-21 14:06:15 +01:00
0624476aa1
Merge branch 'master' into mimeicons-svg
2014-02-20 16:55:18 +01:00
16eb43c033
Merge pull request #7247 from owncloud/sharing_cleanup_step1
...
clean up the sharing ajax calls, add mail notification class
2014-02-20 11:56:20 +01:00
2fd75d8f1c
clean up the sharing ajax calls, add mail notification class
2014-02-19 19:33:00 +01:00
609a91a9b1
Show svg mime icons when no preview is available
2014-02-19 14:47:29 +01:00
c19cacb29f
Check whether the app is set
2014-02-18 14:12:49 +01:00
1352c63dca
Check whether the Key is set
2014-02-18 12:47:05 +01:00
dc6f1d875d
An admin should not be able to add remote and public services on its own. This should only be possible programmatically.
...
This change is due the fact that an admin may not be expected to execute arbitrary code in every environment.
2014-02-18 12:32:57 +01:00
d7f4547717
Merge pull request #6726 from owncloud/fix_6630
...
don't urldecode get var, php does this automatically
2014-02-14 14:34:20 +01:00
af781bdea7
fix DI
2014-02-11 10:50:03 +01:00
41e8d44cf7
move sorter into a class
2014-02-11 10:49:34 +01:00
1d0a236563
respect coding guidelines
2014-02-11 10:49:27 +01:00
71e4d965a1
on filtering the share box users and groups whose name begins with the search term shall appear on top, fixes #6430
2014-02-11 10:49:22 +01:00
0db5fead8e
remove some more global variable $RUNTIME_NOAPPS
2014-02-06 10:04:18 +01:00
f7c291e276
remove empty line
2014-01-30 16:32:45 +01:00
c5742520e1
don't urldecode get var, php does this automatically
2014-01-30 16:32:45 +01:00
2bb13a8db9
use localised date in notification mails
2014-01-27 12:47:54 +01:00
77de47858b
add expire date to link share if possible
2014-01-24 10:46:08 +01:00
d4c0ac7790
introduce auto completion on share email - integrated with the contactsmanager api
2013-11-14 09:38:55 +01:00
1317b7c03d
pass the name of the item source from the browser to the server - no need to get the data via complicated db queries
2013-10-23 18:39:37 +02:00
6915367622
Merge pull request #5446 from frisco82/fixNotifyUser
...
Fix notify user checkbox
2013-10-21 14:07:33 -07:00
b27595888a
fix notify user, and made js more resiliant to changes
2013-10-21 16:14:23 +02:00
85edbb08c1
fix user displayName not being shown after add, added class for improved styling, fix strong for groups when english is not being used
2013-10-21 15:31:31 +02:00
31714f8871
Merge pull request #5133 from owncloud/js_vcategories_to_tags
...
Js vcategories to tags
2013-10-11 04:17:59 -07:00
835f36cb09
find users which are in the same group
2013-10-08 16:43:23 +02:00
f19a236c8e
Remove obsolete files.
2013-10-04 17:24:28 +02:00
e257c3f27c
Fixed array syntax to work with PHP 5.3
...
It seems that array brackets are only supported starting with PHP 5.4.
Fixed the array brackets to be compatible and not cause a syntax error
in PHP 5.3.
2013-10-04 14:28:11 +02:00
304803d102
fix array_diff call
2013-10-04 12:23:40 +02:00
17aa49a890
fix mail subject; don't show time for expire date
2013-09-30 13:33:02 +02:00
883d1c0df3
use template for txt and html mails to send notification mails
2013-09-25 11:51:28 +02:00
fd7469db9e
coding-style fixes
2013-09-03 13:37:06 +02:00
b918c06be6
Merge branch 'master' into sharing_mail_notification_master
...
Conflicts:
lib/util.php
2013-09-02 14:41:46 +02:00
8ef40277b2
Merge master into oc_preview
2013-08-30 18:11:18 +02:00
4bbefdf608
add expiration date if it is already set
2013-08-30 17:20:10 +02:00
e7959f4fd2
don't send mail to the user who shared the file
2013-08-30 16:52:06 +02:00
65ddefc89d
set sendMail status back to false
2013-08-30 16:29:22 +02:00
36574241f8
some clean-up
2013-08-30 16:21:52 +02:00
77adaee645
enable user to inform recipients about a shared file by mail
2013-08-30 13:53:49 +02:00
22e1f73d5e
Use Group methods for searching, fixes #4201
2013-08-30 12:37:46 +02:00
b7758d0f8d
Merge master into oc_preview
2013-08-29 10:50:55 +02:00
ea6e74ca95
Merge pull request #4552 from dampfklon/fix4552
...
Make group suffix in share dialog translatable
2013-08-28 15:46:51 -07:00
9909b8b726
adding translations to update events
2013-08-27 00:26:44 +02:00
87c3f34a93
Make group suffix in share dialog translatable
2013-08-22 19:52:08 +02:00
d9e8ebabdc
outsource sharing and deleted files previews to apps
2013-08-19 13:24:07 +02:00
48f0c54261
style fixes for preview lib
2013-08-19 12:16:55 +02:00
4b5fb08c2c
Merge master into oc_preview
2013-08-14 20:56:44 +02:00
f9b2815767
remove \OC\Preview::showErrorPreview
2013-08-14 12:21:27 +02:00
a2ac5e0163
Merge pull request #4271 from owncloud/plural_translations
...
Plural translations
2013-08-08 10:34:28 -07:00
2e5f1142be
return plural form in ajax translations
2013-08-03 23:27:18 +02:00
640253fa31
fix code style of try catch blocks
2013-07-30 13:43:15 +02:00
ac6a3133ec
style fixes
2013-07-30 12:33:54 +02:00
58f473d734
split upgrade logic from ajax file
2013-07-06 17:00:00 +02:00
3cd7747e7b
Use templates to theme share e-mails ( #3683 )
2013-06-14 17:38:56 +02:00
4687f50e75
Add undefined verision variables
2013-05-17 11:15:53 -04:00
ff64c87adb
Connect watcher failure function to the failure signal
2013-05-04 00:07:30 +02:00
41f7eb948a
Move start of the maintenance mode to the ajax call
...
Make sure the update page is shown in a browser. And not an ajax request
2013-05-04 00:05:29 +02:00
e25c1f3130
port 22c8194cc8
2013-04-02 21:03:13 +02:00
7f74f08808
Add missing backticks.
...
Especially at user without "" PostgreSQL likes to fail.
2013-03-30 23:52:26 +01:00
18554059a4
Remove Debug output
2013-03-27 19:12:53 +01:00
e2afd0cb42
Upgrade FileCache on ownCloud upgrade for all users with files
2013-03-27 19:12:28 +01:00
761540e78b
Merge pull request #2320 from ceri/master
...
Fix erroneous email when folders are shared
2013-03-15 04:22:44 -07:00
8154b4be7d
use display name as sender for private link mails, approved in #2294
2013-03-14 13:26:20 +01:00
17cb47fbf6
Correct emails when folders are shared.
...
itemType is never "dir"; it's either "file" or "folder".
2013-03-14 10:04:58 +00:00
5300d6ad55
Clear the CSS and JS cache earlier to make sure update goes smoothly
2013-03-05 21:13:07 -05:00
630483c75d
Fix notice
2013-03-02 00:53:53 +01:00
fbb989f548
up limit of share dropdown from 4 to 15, scrollbar after 4 1/2 entries, fix #135
2013-02-28 12:07:56 +01:00
47b899e0c8
Disable prepared query caching while doing an upgrade
2013-02-26 22:41:48 +01:00
1a747b3e48
Style cleanup core dir
2013-02-21 23:47:21 +01:00
9dddcae9ca
Remove invalid characters from app id to prevent loading of invalid resources
2013-02-09 15:10:40 +01:00
5f92d269dc
l10n support enhanced in core
2013-02-07 16:49:36 +01:00
590c4aa710
search display name instead of uid; fix key/value order for array access
2013-01-28 15:58:40 +01:00
e9a57e28fc
show display name instead of uid
2013-01-25 13:57:08 +01:00
8daefd00fb
Sanitize the exception
2013-01-19 19:57:17 +01:00
f6426cee04
Tweak failure message and throw exceptions from updateDbFromStructure()
2013-01-05 12:13:36 -05:00
6b2216f0d6
Remove old data directory protection from update, should already have taken place or not working because the server isn't Apache
2013-01-05 11:09:48 -05:00
e7eea3dd2e
Use hooks to send updates from apps
2013-01-04 10:21:33 -05:00
7505837079
Basic update progress of database update only
2013-01-03 21:32:33 -05:00
d2828bab07
fixes default email sender address
2012-12-19 01:09:14 +01:00
162a2c0fba
moving sharing email code to core
2012-12-10 23:22:42 +01:00
d8a171df26
implement share via link token
2012-11-20 15:03:12 +01:00
e06513d76b
Fixing syntax error - closes #406
2012-11-14 11:17:21 +01:00
99af3433d1
Fixing syntax error - closes #406
2012-11-14 11:10:31 +01:00
3c59bc41d7
VCategories: Line too long.
2012-11-05 16:32:20 +01:00
1147dc9774
Merge branch 'master' of github.com:owncloud/core into vcategories_db
...
Conflicts:
lib/vcategories.php
2012-11-05 12:06:59 +01:00
b0ae67d5c5
Update vcategories ajax scripts.
2012-11-01 03:06:20 +01:00
7a7f12a0c1
Create only one CSRF token per session
...
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)
With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
2012-10-31 18:37:59 +01:00
5550cde03b
Merge branch 'master' of github.com:owncloud/core into vcategories_db
...
Fix conflicts:
core/ajax/vcategories/add.php
core/ajax/vcategories/delete.php
2012-10-30 06:53:49 +01:00
1bdd0c949b
Move and fix app setting navigation detect
2012-10-29 15:04:55 +01:00
fefc4e1707
Load all apps in core share ajax file for apps to register their share backends
2012-10-27 17:25:10 -04:00
0120f3fd62
Merge branch 'routing'
...
Conflicts:
core/lostpassword/index.php
core/lostpassword/resetpassword.php
2012-10-27 11:58:02 +02:00
da57fbc93a
show/hide navigation entries after enabling/disabling app
2012-10-26 20:13:24 +02:00
675a56c5ed
Merge branch 'master' of github.com:owncloud/core into vcategories_db
...
Conflicts:
lib/vcategories.php
2012-10-24 21:55:25 +02:00
2d61f03452
More Checkstyle cleanup
...
This is for all LowerCaseConstant warnings
2012-10-23 08:01:09 +02:00
e55cc23132
app !== type
2012-10-19 02:24:57 +02:00
b9c9fdfe20
Use get for loading dialog.
2012-10-19 00:38:23 +02:00
26719005a4
Added ajax files for favorite category handling.
2012-10-19 00:07:41 +02:00
f4fd4a5a52
Updated category ajax files to use type instead of app and add callCheck.
2012-10-19 00:06:18 +02:00
6081bfa2bc
Merge branch 'master' into routing
...
Conflicts:
lib/search/provider/file.php
settings/ajax/changepassword.php
settings/settings.php
2012-10-17 16:38:11 +02:00
b475164e95
Fix autocomplete search for users for groups only share policy
2012-10-09 08:35:07 -04:00
Lukas Reschke
Vincent Petry
Morris Jobke
Thomas Müller
Jenkins for ownCloud
Bjoern Schiessle
Jörn Friedrich Dreyer
Victor Dubiniuk
Robin Appelman
blizzz
libasys
Joas Schilling
Thomas Tanghus
Lukas Reschke
Georg Ehrke
Frank Karlitschek
Ramiro Aparicio
Morris Jobke
dampfklon
Owen Winkler
Stephan Arts
Michael Gapczynski
Bart Visscher
root
Ceri Davies
Jan-Christoph Borchardt
Randolph Carter
Felix Moeller