mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
35,304 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

6363 Commits

Author SHA1 Message Date
Bjoern Schiessle 1e930df91f
find and show share-by mail links 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:54:41 +01:00
Bjoern Schiessle 31c8c38bd6
send mail for share-by-mail shares 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:54:40 +01:00
Bjoern Schiessle 318160647a
add method to check if a share provider for a given type is loaded 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:54:39 +01:00
Bjoern Schiessle a17c6a485d
add share by mail share provider 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:51:11 +01:00
Bjoern Schiessle 0a6f02801f
introduce share by mail, ui part 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:51:11 +01:00
Roeland Jago Douma fc4d0a86ef
Fix merging backend results 
* Merge share types correctly
* Filter share types
* Order share types

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-01 12:16:05 +01:00
Roeland Jago Douma 5a00870a2b
Stricter signature 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-31 20:19:14 +01:00
Robin Appelman 3692769b0a
Add getShareTypesInFolder to optimize folder listening 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-10-31 15:55:40 +01:00
Roeland Jago Douma e416ee7b74 Merge pull request #1937 from nextcloud/ros-for-notification-message 
Allow rich object strings in messages as well
 2016-10-31 11:51:02 +01:00
Joas Schilling 54c0501ffa
Type hints already make sure it is an array 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-31 10:37:40 +01:00
Joas Schilling 2c0b5dee19
Allow rich object strings in messages as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-31 10:37:37 +01:00
Roeland Jago Douma e55e6f1f14
Cleanup usages 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-29 14:29:50 +02:00
Roeland Jago Douma 94d09141f8
Remove legacy l10n 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 22:16:33 +02:00
Roeland Jago Douma 83e7cfd13a
Fix more tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 22:16:28 +02:00
Roeland Jago Douma 740659a04c
Move away from OC_L10N 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 21:46:28 +02:00
Roeland Jago Douma f722640a32
Proper DI of config 
* Fixed comments

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 10:13:35 +02:00
Morris Jobke e7ec4601a3
Use callForSeenUsers for avatar migration 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2016-10-28 08:44:05 +02:00
Jörn Friedrich Dreyer f8352fcb8d
introduce callForSeenUsers and countSeenUsers (#26361) 
* introduce callForSeenUsers and countSeenUsers

* add tests

* oracle should support not null on clob

* since 9.2.0
 2016-10-28 08:44:05 +02:00
Morris Jobke d4969abc9d Merge pull request #1800 from nextcloud/nextcloud-rich-object-strings 
Nextcloud rich object strings
 2016-10-27 15:30:58 +02:00
Lukas Reschke 0a2e2f70f6 Merge pull request #1929 from nextcloud/share_email_to_OCS 
Remove notify recipient function
 2016-10-27 09:03:29 +02:00
Roeland Jago Douma b05fe45d52
Fix avatar on exif rotated images 
Fixes #1928

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-26 21:37:11 +02:00
Roeland Jago Douma b7046d390f
Remove internal share mail function 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-26 20:52:41 +02:00
Roeland Jago Douma b98dfaccd9 Merge pull request #1920 from nextcloud/legacy-pages-should-also-receive-the-nonce 
Add nonce also to legacy CSP
 2016-10-26 16:41:34 +02:00
Morris Jobke cde7f535bd Merge pull request #1738 from nextcloud/comments-provide-displaynames-with-mentions 
comment mentions: show displayname not uid
 2016-10-26 14:02:49 +02:00
Joas Schilling c20ab0049f
Identify Chromium as Chrome 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-26 12:07:10 +02:00
Lukas Reschke fdcb8edd78
Add nonce also to legacy CSP 
Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.

To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.

To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-26 09:41:18 +02:00
Lukas Reschke 015affb082
Missing returns + autoloader file 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 22:13:09 +02:00
Roeland Jago Douma 6dbe417c51
Inlince oc.js if possible! 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:18 +02:00
Roeland Jago Douma e351ba56f1
Move browserSupportsCspV3 to CSPNonceManager 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:10 +02:00
Roeland Jago Douma d5589a15d5
Move oc.js to a proper class 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:02 +02:00
Lukas Reschke 08268bca39 Merge pull request #1891 from nextcloud/downstream-26430 
add upgrade command before repair, handle NeedsUpgradeException better
 2016-10-25 18:42:44 +02:00
Morris Jobke 89574367bc Merge pull request #1871 from nextcloud/use-csp-nonces 
Use CSP nonces
 2016-10-25 14:46:00 +02:00
Morris Jobke 27ba46c40e Merge pull request #1890 from nextcloud/downstream-25428 
fixing php 32 bit (arm) filemtime on large file issue (#18971) (#25428)
 2016-10-25 14:44:27 +02:00
Lukas Reschke 62bb991050
Add check for linux os 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 12:01:03 +02:00
Lukas Reschke 459477e2c3
Move function to LargeFileHelper 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 12:00:57 +02:00
Boris Rybalkin cfc0d9249b
fixing php 32 bit (arm) filemtime on large file issue (#18971) (#25428) 
* fixing php 32 bit (arm) filemtime on large file issue (#18971)

* cast to int
 2016-10-25 11:43:17 +02:00
Lukas Reschke df3444493b
Remove not existent function call 
- Removes a not existent function call
- Removes a fallback for Windows

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 11:37:16 +02:00
Lukas Reschke 740ff9108b Merge pull request #1884 from nextcloud/downstream-26292 
Fix logClientIn for non-existing users (#26292)
 2016-10-25 11:24:13 +02:00
Joas Schilling 890f752a6b Merge pull request #1452 from nextcloud/appconfig-endpoint 
Appconfig endpoint
 2016-10-25 10:57:48 +02:00
Lukas Reschke 79706e0ddc Merge pull request #1283 from nextcloud/us_files-ui-webdav-upload 
Use Webdav PUT for uploads
 2016-10-25 10:31:03 +02:00
Vincent Petry 6d1e858aa4
Fix logClientIn for non-existing users (#26292) 
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
 2016-10-25 09:34:27 +02:00
Roeland Jago Douma e73a11d106
Fix permision mask 
If we move a file from the temp part file to the original file we don't
need update permissions.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-24 21:45:00 +02:00
Morris Jobke 8a231a4223 Merge pull request #1829 from nextcloud/downstream-26256 
Fix login page handling for disabled users
 2016-10-24 21:35:53 +02:00
Morris Jobke 567e28b01a Merge pull request #1885 from nextcloud/downstream-26295 
App dependencies are now analysed on app enable as well - not only on…
 2016-10-24 21:26:50 +02:00
Jörn Friedrich Dreyer 817729dc3f
add upgrade command before repair, handle NeedsUpgradeExcaption better 2016-10-24 17:52:49 +02:00
Lukas Reschke 38b3ac8213
Add ContentSecurityPolicyNonceManager 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-24 16:35:31 +02:00
RealRancor 14b1d946a8
Remove checks whether OC is running on Windows pt. 2 2016-10-24 16:12:17 +02:00
Thomas Müller 03ec052b4e
App dependencies are now analysed on app enable as well - not only on app install. 2016-10-24 15:59:46 +02:00
Lukas Reschke 9e6634814e
Add support for CSP nonces 
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-24 12:27:50 +02:00
Morris Jobke 169faf8c32
Remove sensible information from exception message 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2016-10-24 11:42:04 +02:00