Joas Schilling
3c5a6b829e
Allow DI the system tag stuff without Application class
2015-11-30 17:08:29 +01:00
Thomas Müller
bdbefe17d6
Merge pull request #20782 from mitar/better-https
...
Also allow empty value for no-HTTPS
2015-11-27 14:24:23 +01:00
Mitar
59511d97ee
Also allow empty value for no-HTTPS.
...
This makes it work better with old version of Nginx.
2015-11-27 01:01:56 -08:00
Morris Jobke
7aed592957
Add full interface of server container as alias
2015-11-26 18:20:25 +01:00
Robin Appelman
2d7c9f0ba9
also match ie11 with Request::USER_AGENT_IE
2015-11-22 16:05:52 +01:00
Thomas Müller
358858c9e3
Fix undefined HTTP_USER_AGENT
2015-11-22 16:05:50 +01:00
Lukas Reschke
daa388ce8d
Move index.php from files to AppFramework
...
1. Allows it to use the more secure CSP rules of the AppFramework.
2. Adds some unit tests.
2015-11-16 21:10:11 +01:00
Robin Appelman
d514200b56
Add escapeLikeParameter to IDBConnection
2015-11-05 16:41:30 +01:00
Lukas Reschke
bafb86fb9f
Use getHttpProtocol instead of $_SERVER
2015-10-30 18:05:30 +01:00
Lukas Reschke
8f09d5b67c
Update license headers
2015-10-26 14:04:01 +01:00
Lukas Reschke
8133d46620
Remove dependency on ICrypto + use XOR
2015-10-21 17:33:41 +02:00
Morris Jobke
a0743f12c6
Provide IAppContainer as dependency injection
2015-10-20 10:33:53 +02:00
Morris Jobke
bf579a153f
fix IE8 user agent detection
2015-10-09 11:19:06 +02:00
Thomas Müller
020bb33150
Merge pull request #19034 from owncloud/http-request-warning
...
Prevent warning decoding content
2015-10-08 21:51:47 +02:00
Thomas Müller
8d2c8cf2a2
Merge pull request #19607 from owncloud/use-url
...
Use `/` if installed in main folder
2015-10-08 13:01:41 +02:00
Lukas Reschke
6a4f22c61f
Use `/` if installed in main folder
...
Otherwise an empty string is used indicating the cookie is only valid for those resources. This can lead to eunexpected behaviour.
Fixes https://github.com/owncloud/core/issues/19196
2015-10-06 15:24:19 +02:00
Lukas Reschke
80a232da6a
Add \OCP\IRequest::getHttpProtocol
...
Only allow valid HTTP protocols.
Ref https://github.com/owncloud/core/pull/19537#discussion_r41252333 + https://github.com/owncloud/security-tracker/issues/119
2015-10-06 14:18:46 +02:00
Morris Jobke
8366ce2767
deduplicate @xenopathic
2015-10-06 09:52:19 +02:00
Morris Jobke
b945d71384
update licence headers via script
2015-10-05 21:15:52 +02:00
Jörn Friedrich Dreyer
d81416c51d
return '' instead of false
2015-09-23 12:32:49 +02:00
Joas Schilling
ee75f9f594
Fix type hint errors in the container and the interface
2015-09-23 10:13:41 +02:00
Robin McCorkell
31a8949adf
Prevent warning decoding content
2015-09-14 22:36:40 +01:00
Bernhard Posselt
fd74522804
make resolve public to avoid boiler plate code
...
add resolve to public interface
2015-09-13 17:44:24 +02:00
Roeland Jago Douma
f12caf930e
Properly return 304
...
The ETag set in the IF_NONE_MODIFIED header is wraped in quotes (").
However the ETag that is set in response is not (yet). Also we need to
cast the ETag to a string.
* Added unit test
2015-09-01 11:04:41 +02:00
Robin McCorkell
e60c4bada1
Decode request content only on getContent
2015-08-31 01:05:25 +01:00
Thomas Müller
534b2e407a
Merge pull request #17662 from owncloud/locking-db
...
Database backend for locking
2015-08-26 03:56:37 +02:00
Lukas Reschke
8313a3fcb3
Add mitigation against BREACH
...
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:
1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data
Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.
To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
Thomas Müller
abd3d5c6a5
Merge pull request #17982 from owncloud/appframework-sanitize-name
...
Sanitize class names before registerService/query
2015-08-12 12:19:24 +02:00
Robin McCorkell
cd0a2874de
Merge pull request #17852 from owncloud/register-alias-factory
...
Add test for factories
2015-08-11 13:30:56 +01:00
Robin McCorkell
8944af57cb
Set default `forwarded_for_headers` to 'HTTP_X_FORWARDED_FOR'
2015-08-10 23:04:52 +02:00
Robin Appelman
58e96e53b0
add method to check if we're inside a transaction
2015-08-10 14:15:44 +02:00
Roeland Jago Douma
f0b617b508
Use DI
...
* Register OCP\Capability\IManager at DIContainer
* Add register capabilities to appframework
* Register capabilities in DI way
* Make unit test pass again
* Remove CapabiltiesManager from OCP
2015-08-10 10:45:16 +02:00
Robin McCorkell
fcc03e588a
Add \OCP\ISession to AppFramework
2015-08-07 12:29:57 +01:00
Lukas Reschke
90a11efecd
Remove "use" statement
...
Ref https://bugs.php.net/bug.php?id=66773
2015-08-05 09:31:21 +02:00
Lukas Reschke
4efa7c09b1
Use StringUtils::equals on CSRF token and add unit tests
2015-08-04 18:34:33 +02:00
Robin McCorkell
182bc17aeb
Sanitize class names before registerService/query
...
Leading backslashes are removed, so a `registerService('\\OC\\Foo')`
can still be resolved with `query('OC\\Foo')`.
2015-07-30 21:02:16 +01:00
Bernhard Posselt
d8673dabe3
add test for factories
...
use ref for factory test
use a factory for registerAlias
Ensure we construct SimpleContainer
Use single instance of DIContainer in routing tests
2015-07-25 01:59:30 +02:00
Thomas Müller
1f8ee61006
Merge pull request #17755 from owncloud/alias-container-alive
...
Add registerAlias method to shortcut interface registration #17714
2015-07-24 13:11:32 +02:00
Joas Schilling
20cd0ae55b
Add a log message when the Doctrine Query Builder is retrieved
2015-07-21 15:53:28 +02:00
Joas Schilling
516f7e8299
Add unit tests and automatic quoting
2015-07-21 15:25:47 +02:00
Joas Schilling
1bfb944d51
Add QueryBuilder, ExpressionBuilder and CompositeExpression wrappers
2015-07-21 15:25:47 +02:00
Lukas Reschke
7dda86f371
Return proper status code in case of a CORS exception
...
When returning a 500 statuscode external applications may interpret this as an error instead of handling this more gracefully. This will now make return a 401 thus.
Fixes https://github.com/owncloud/core/issues/17742
2015-07-20 12:54:22 +02:00
Bernhard Posselt
a4e3939204
add registerAlias method to shorcut interface registration
...
remove unused import
add since tag
fix typo
2015-07-18 13:43:54 +02:00
Thomas Müller
bd71540c8a
Fixing 'Undefined index: REMOTE_ADDR' - fixes #17460
2015-07-16 16:40:57 +02:00
Morris Jobke
da45fad3eb
Merge pull request #17078 from owncloud/fix-initial-server-host
...
Fix undefined offset
2015-07-01 08:55:12 +02:00
Morris Jobke
f63915d0c8
update license headers and authors
2015-06-25 14:13:49 +02:00
Lukas Reschke
4d23e06097
Fix undefined offset
...
There are cases where no trusted host is specified such as when installing the instance, this lead to an undefined offset warning in the log right after installing. (when another domain than localhost or 127.0.0.1 was used)
2015-06-22 12:28:07 +02:00
Robin McCorkell
04b6f67f07
Allow multiple whitespace in type hints in AppFramework
...
Type hints such as `@param bool $doSomething` will now correctly get
parsed, allowing for alignment of docblock parameters if the app developer so
wishes.
2015-06-20 23:52:01 +01:00
Bernhard Posselt
c8e3599cad
disallow cookie auth for cors requests
...
testing ...
fixes
fix test
add php doc
fix small mistake
add another phpdoc
remove not working cors annotations from files app
2015-05-22 14:06:26 +02:00
Scrutinizer Auto-Fixer
fdbc21fc6c
Scrutinizer Auto-Fixes
...
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-05-19 11:23:06 +00:00