Commit Graph

49426 Commits

Author SHA1 Message Date
Roeland Jago Douma 07d32779db
Merge pull request #16610 from nextcloud/backport/16599/stable16
[stable16] Fix/xss/on favorite file
2019-07-30 16:30:19 +02:00
Roeland Jago Douma 516588ff91
Merge pull request #16598 from nextcloud/backport/16502/stable16
[stable16] Check the if we can actually access the storage cache for recent files
2019-07-30 11:44:01 +02:00
Max Fichtelmann 951147c6e9 prevent potential XSS via unchecked use innerHTML
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
2019-07-30 07:52:40 +00:00
Max Fichtelmann af87bd2f60 fix XSS when adding a file with a malicious name to favorites
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
2019-07-30 07:52:40 +00:00
Nextcloud bot 48b271a216
[tx-robot] updated from transifex 2019-07-30 02:14:53 +00:00
Julius Härtl e7920203ba Add additional check for read permissions
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-29 15:00:12 +00:00
Julius Härtl f1f755740d Check the if we can actually access the storage cache for recent files
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-29 15:00:11 +00:00
Roeland Jago Douma 5ac52d2e09
Merge pull request #16578 from nextcloud/backport/16558/stable16
[stable16] Do not log all locked exceptions
2019-07-29 10:40:23 +02:00
Nextcloud bot 6b814e5002
[tx-robot] updated from transifex 2019-07-29 02:15:08 +00:00
Nextcloud bot ff3e510b76
[tx-robot] updated from transifex 2019-07-28 02:15:33 +00:00
Roeland Jago Douma 45815e5c09
Merge pull request #16561 from nextcloud/backport/16551/stable16
[stable16] supresses disclosing the userid for LDAP users in the welcome mail
2019-07-27 12:22:02 +02:00
Roeland Jago Douma 5959245417 Do not log all locked exceptions
This can happen for valid reasons (multiple users writing at the same
time) with for example the text app. Apps should properly handle it. No
reason to log it by default.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 08:40:00 +00:00
Roeland Jago Douma 64fb4c7736
Merge pull request #16562 from nextcloud/backport/16555/stable16
[stable16] use a pattern to identify sensitive config keys
2019-07-27 10:38:41 +02:00
Roeland Jago Douma d092802a2d
Merge pull request #16564 from nextcloud/backport/16557/stable16
[stable16] Do not log locked files
2019-07-27 10:38:25 +02:00
Roeland Jago Douma 5786c6c058
Merge pull request #16566 from nextcloud/backport/16556/stable16
[stable16] log email shares in admin_audit log
2019-07-27 10:37:53 +02:00
Roeland Jago Douma 05788a814e
Merge pull request #16567 from nextcloud/backport/16163/stable16
[stable16] Change send to sent
2019-07-27 10:37:20 +02:00
Nextcloud bot d638060520
[tx-robot] updated from transifex 2019-07-27 02:14:46 +00:00
Frederic Werner 7c225bd706
Change send to sent
Signed-off-by: Frederic Werner <frederic-github@werner-net.work>
2019-07-26 16:21:37 +02:00
Sascha Wiswedel 94db7053d2 log email shares in admin_audit log
Signed-off-by: Sascha Wiswedel <sascha.wiswedel@nextcloud.com>
2019-07-26 14:15:45 +00:00
Roeland Jago Douma 167a8d72cf Do not log locked files
This is the code doing its job. There is no need to spam the log file
with this.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 13:46:02 +00:00
Arthur Schiwon a9ccac2f20 treat sensitive config keys by pattern
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-26 13:21:22 +00:00
Arthur Schiwon 84a849ec8a supresses disclosing the userid for LDAP users in the welcome mail
The userid is not relevant here, and by default cannot be used to login
with. Typically, there is a common type of login names in organizations
(LDAP username or email most often) that does not need to be disclosed.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-26 13:16:33 +00:00
Roeland Jago Douma 159ff6dd97
Merge pull request #16543 from nextcloud/backport/16532/stable16
[stable16] Fix max contrast retrieval to limit minimum color for relative time
2019-07-26 08:08:00 +02:00
Nextcloud bot 00379ebffa
[tx-robot] updated from transifex 2019-07-26 02:14:49 +00:00
Roeland Jago Douma 540168fc43
Merge pull request #16541 from nextcloud/backport/15794/stable16
[stable16] Lock SCSS so we only run 1 job at a time
2019-07-25 19:40:41 +02:00
Morris Jobke 6ee98f3567 Trigger fallback code to get max contrast value and use integer there
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-25 15:08:05 +00:00
Morris Jobke 861daee4d8 Fix max contrast retrieval to limit minimum color for relative time
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-25 15:08:05 +00:00
Roeland Jago Douma 3f5ce65879 Lock SCSS so we only run 1 job at a time
This is bit hacky but a start to lock the SCSS compiler properly
Retry during 10s then give up
Properly get error message
Do not clear locks and properly debug scss caching

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-25 13:44:06 +00:00
Roeland Jago Douma c08d2cbda7
Merge pull request #16536 from nextcloud/backport/16503/stable16
[stable16] allow to provide supported calendar component set internally as a string
2019-07-25 15:44:01 +02:00
Georg Ehrke 19e5cb37a6 allow to provide supported calendar component set internally as a string
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-07-25 11:36:46 +00:00
Nextcloud bot eeefef4843
[tx-robot] updated from transifex 2019-07-25 02:14:48 +00:00
Morris Jobke 67c8dc001d
Merge pull request #16527 from nextcloud/backport/15637/stable16
[stable16] Allow hidden smb shares
2019-07-24 15:14:57 +02:00
Morris Jobke c9bf543cd4
Merge pull request #16524 from nextcloud/backport/16523/stable16
[stable16] Nested recursion breaking max nested level for parent comment calculation
2019-07-24 15:14:29 +02:00
Daniel Kesselberg f1031e1e24 Fix wrong indentation
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-24 10:44:20 +00:00
Daniel Kesselberg 62826ae018 Fix invalid recursion
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-24 10:44:20 +00:00
Daniel Kesselberg 9072d82cd6 Allow hidden smb shares
A hidden smb share ends with $. This patch changes the placeholder
detection to allow shares with $ at the end.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-24 10:44:19 +00:00
Joas Schilling c7322c7efd PHPStorm code cleanup
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-24 09:51:23 +00:00
Joas Schilling 27a6f8020b Get the topmost parent for the parent instead of doing endless recursion
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-24 09:51:22 +00:00
Nextcloud bot 9e62b2f25a
[tx-robot] updated from transifex 2019-07-24 02:15:44 +00:00
Nextcloud bot 227701b6ee
[tx-robot] updated from transifex 2019-07-23 02:15:51 +00:00
Morris Jobke 93c5176f1e
Merge pull request #16500 from nextcloud/backport/16495/stable16
[stable16] Pass $configargs to openssl_pkey_export
2019-07-22 16:03:29 +02:00
Daniel Kesselberg abd714d685
Pass $configargs to openssl_pkey_export
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-22 14:37:10 +02:00
Nextcloud bot 55e70858b1
[tx-robot] updated from transifex 2019-07-22 02:16:08 +00:00
Nextcloud bot 70d3fd8a76
[tx-robot] updated from transifex 2019-07-21 02:15:18 +00:00
Nextcloud bot 69e5591229
[tx-robot] updated from transifex 2019-07-20 02:14:40 +00:00
Nextcloud bot 291103a495
[tx-robot] updated from transifex 2019-07-19 02:15:04 +00:00
Roeland Jago Douma 158ca6f03c
Merge pull request #16444 from nextcloud/backport/16440/stable16
[stable16] Fix File#putContents(string) on ObjectStorage
2019-07-18 08:08:54 +02:00
Nextcloud bot a6bf6a61e8
[tx-robot] updated from transifex 2019-07-18 02:15:01 +00:00
Marcel Klehr 21822512dc Fix File#putContents(string) on ObjectStorage
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2019-07-17 20:39:24 +00:00
Morris Jobke 7e954ebca0
Merge pull request #16437 from nextcloud/backport/16151/stable16
[stable16] Update operationprogressbar.js
2019-07-17 17:33:42 +02:00