Commit Graph

23608 Commits

Author SHA1 Message Date
Morris Jobke 9a9633f84f update 3rdparty master 2015-03-10 16:06:01 +01:00
Morris Jobke f5a56355fd Merge pull request #14115 from owncloud/update-symphony-components
update symphony components to 2.6.4
2015-03-10 16:05:12 +01:00
Robin Appelman bb97256a79 update symphony components to 2.6.4 2015-03-10 15:34:45 +01:00
Lukas Reschke 284bd6647c Merge pull request #14759 from owncloud/clean-up-code
Clean-up code and use proper exception types
2015-03-10 14:18:21 +01:00
Thomas Müller 4ffca58bc4 don't rely on \OCP\User::getUser() - it is not set properly in case of async operations 2015-03-10 11:47:52 +01:00
Thomas Müller 7cb6811a7b tearDown the filesystem right before setting it up again 2015-03-10 11:47:06 +01:00
Lukas Reschke 6dc59019af Merge pull request #14346 from owncloud/storage-based-path-validation
adding storage specific filename verification
2015-03-10 11:02:47 +01:00
Thomas Müller 214fa44400 Merge pull request #14534 from owncloud/add-child-src
Add support for 'child-src' directive
2015-03-10 10:30:44 +01:00
Robin Appelman dcd2d7aff5 Add unit tests for external share mananger 2015-03-10 10:17:53 +01:00
Lukas Reschke 48243a2949 Allow iframes from same domain in share view
This is required because the PDF Viewer itself is embedded using an iframe from the same domain. The default policy is blocking this.

Going on further, we have to come up with a solution in the future how to handle previews by applications, one example might be that they call their own endpoint and not the generic share page to allow applications to have full control over how to display previews.

Anyways, to test this behaviour use a decent newer browser (such as Chrome 41) and share a PDF file, obviously the PDF viewer needs to be enabled as well. Without this patch publicly shared PDF files should not get previewed and an error is thrown. (if it isn't then your browser is probably not obeying our Content-Security-Policy and you might consider switching to another one ;))
2015-03-10 10:06:15 +01:00
Joas Schilling 87431605b8 Add test for UniqueConstraintViolationException on wrong key 2015-03-10 09:26:45 +01:00
Jenkins for ownCloud e069d9d3f9 [tx-robot] updated from transifex 2015-03-10 01:55:39 -04:00
Thomas Müller c8ed88f4d6 Merge pull request #14689 from owncloud/better-missing-resource-handling
Log errors and create 404 in network list when a css or js is missing
2015-03-09 23:33:25 +01:00
Thomas Müller 2f61884956 Merge pull request #14753 from owncloud/verify-csrf-token-earlier
Verify CSRF token already in update.php and not the EventSource code
2015-03-09 23:06:15 +01:00
Thomas Müller 89be55a672 let insertIfNotExist() throw the native DBALException - no need to hide the real exception 2015-03-09 22:37:49 +01:00
Thomas Müller b966a4eb17 Adding unit test which shows insertIfNotExists to fall apart in certain situations 2015-03-09 22:37:49 +01:00
Joas Schilling 2747a83a49 Get the id before using it 2015-03-09 22:37:49 +01:00
Joas Schilling 3115d66d60 Better save then sorry 2015-03-09 22:37:49 +01:00
Joas Schilling 940163e16b insertIfNotExists() for storage insertion 2015-03-09 22:37:49 +01:00
Joas Schilling c917ea183c Only check unique keys for the comparison on filecache insert & update otherwise 2015-03-09 22:37:49 +01:00
Joas Schilling 8fa692388b Allow specifying the compare-array for insertIfNotExists() 2015-03-09 22:37:49 +01:00
Morris Jobke 94b7fa17c5 Merge pull request #14720 from owncloud/fix-shareetagpropagation
Fix size propagation over shared storage boundary
2015-03-09 16:24:06 +01:00
Morris Jobke d34662122d Merge pull request #14429 from owncloud/issue/14176-validate-timezone-before-using
Etc timezones don't exist for .5 and .75 offsets
2015-03-09 16:16:16 +01:00
Vincent Petry ec19d9c267 Add unit test for size propagation across share boundaries 2015-03-09 12:56:22 +01:00
Joas Schilling 01cd83a902 Merge pull request #14713 from owncloud/issue/14671-preview-delete-check-for-valid-fileid
Check whether the file id is valid, before using it to delete the previews
2015-03-09 11:56:46 +01:00
Lukas Reschke 2ac6f3a4f5 Clean-up code and use proper exception types 2015-03-09 11:48:55 +01:00
Joas Schilling a12e16e985 Check whether the file id is valid, before using it to delete the previews 2015-03-09 11:25:18 +01:00
Thomas Müller 3623f14e73 no translation service in common storage class 2015-03-09 10:38:38 +01:00
Thomas Müller 2367797c17 Respect http header 'Accept-Language' on ocs and remote.php calls 2015-03-09 10:38:38 +01:00
Thomas Müller 33b11682f9 translate error messages 2015-03-09 10:38:38 +01:00
Lukas Reschke 2f18a09a20 Optimize loop 2015-03-09 10:38:38 +01:00
Thomas Müller abacfd84da fixing js unit tests 2015-03-09 10:38:38 +01:00
Thomas Müller e28d314b53 deprecate isValidFileName() 2015-03-09 10:38:38 +01:00
Thomas Müller 49e1a81eba fixing namespaces and PHPDoc 2015-03-09 10:38:37 +01:00
Thomas Müller 4bac595068 adding storage specific filename verification - refs #13640 2015-03-09 10:38:37 +01:00
Lukas Reschke c0a02f1615 Verify CSRF token already in update.php and not the EventSource code
Issue report:
> Hum, well I upgraded the package then visited the web interface to
trigger the update and it failed; the UI would say there was a
possible CSRF attack and after that it'd be stuck in maintenance mode.
Tried a few times (by editing maintenance to false in owncloud.conf)
and same result each time.

That smells partially like an issue caused by our EventSource implementation, due to legacy concerns the CSRF verification happens within the EventSource handling and not when the actual endpoint is called, what happens here then is:

1. User has somehow an invalid CSRF token in session (or none at all)
2. User clicks the update button
3. Invalid CSRF token is sent to update.php - no CSRF check there => Instance gets set in maintenance mode
4. Invalid CSRF token is processed by the EventSource code => Code Execution is stopped and ownCloud is stuck in maintenance mode

I have a work-around for this problem, basically it verifies the CSRF token already in step 3 and cancels execution then. The same error will be shown to the user however he can work around it by refreshing the page – as stated by the error. I think that’s an acceptable behaviour for now: INSERT LINK

To verify this test:

1. Delete your ownCloud cookies
2. Increment the version in version.php
3. Try to upgrade
=> Before the patch: Instance shows an error, is set to upgrade mode and a refresh does not help
=> After the patch: Instance shows an error, a refresh helps though.

This is not really the best fix as a better solution would be to catch such situations when bootstrapping ownCloud, however, I don’t dare to touch base.php for this sake only, you never know what breaks then…

That said: There might be other bugs as well, especially the stacktrace is somewhat confusing but then again it installing ownCloud under /usr/share/owncloud/ and I bet that is part of the whole issue ;-)
2015-03-09 10:07:30 +01:00
Thomas Müller fccede8f50 Merge pull request #14750 from owncloud/possible-fix-for-OC_Version
proper filename for "require version.php"
2015-03-09 09:55:21 +01:00
Morris Jobke 348fe105b1 Merge pull request #14706 from owncloud/ldap-reset-paged-search-on-null-limit
LDAP: set up paged search even if limit is 0
2015-03-09 08:12:25 +01:00
Morris Jobke d550143ba0 proper filename for "require version.php" 2015-03-09 08:03:28 +01:00
Morris Jobke 674654c210 Merge pull request #14743 from owncloud/autoconfig-password
Convert 'abcpassword' to 'abcpass' during setup
2015-03-09 07:54:22 +01:00
Jenkins for ownCloud 174f8cef64 [tx-robot] updated from transifex 2015-03-09 01:54:36 -04:00
Jenkins for ownCloud 377165ae51 [tx-robot] updated from transifex 2015-03-08 01:54:36 -05:00
Robin McCorkell f43b047636 Convert 'abcpassword' to 'abcpass' during setup
This allows autoconfig files to use 'dbpassword' instead of 'dbpass', which
is more consistent with config.php
2015-03-07 13:10:43 +00:00
Jenkins for ownCloud 73c2157171 [tx-robot] updated from transifex 2015-03-07 01:54:37 -05:00
Morris Jobke 81dc550af0 Merge pull request #14736 from owncloud/errors-list
adjust list of errors, more compact and readable
2015-03-06 23:13:44 +01:00
Lukas Reschke 60c507cd4e Merge pull request #14722 from owncloud/master-14711
Fix totally broken AppStore code...
2015-03-06 18:52:12 +01:00
Thomas Müller a77a6f3b48 Merge pull request #14734 from owncloud/unit-test-insertIfNotExist
[sqlite] Use an atomic implementation on sqlite for insertIfNotExist() + use it in the file cache ...
2015-03-06 18:20:22 +01:00
Thomas Müller 1b08b7c726 use insertIfNotExist() in cache put 2015-03-06 15:32:58 +01:00
Jan-Christoph Borchardt db02edd7c8 adjust list of errors, more compact and readable 2015-03-06 15:27:21 +01:00
Thomas Müller 4e37831d85 Fix PHPDoc on the way .... 2015-03-06 14:54:57 +01:00