Commit Graph

45931 Commits

Author SHA1 Message Date
Morris Jobke cdca81b966
Merge pull request #11783 from suntorytimed/stable14
[stable14] backport of #10778
2018-10-24 13:32:52 +02:00
Stefan Weiberg e8db4017b8
backport of #10778
Adding a check to see if keyFileContents is empty:

* this fixes a download error and an exception if the data content
  for encryption is empty
* #3958: for recovering encrypted files with a damaged signature
  this is necessary in addition to turning the signature check off

Signed-off-by: Stefan Weiberg <sweiberg@suse.com>
2018-10-24 09:08:03 +02:00
Patrick Conrad bae4207246
Remove cookies from Clear-Site-Data Header
In 2f87fb6b45 this header was introduced. The referenced documentation says:

> When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/).

This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header.
This is not the behavior we want at this point!

So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.

Signed-off-by: Patrick Conrad <conrad@iza.org>
(cherry picked from commit 1806baaeaf)
2018-10-24 08:50:26 +02:00
Nextcloud bot a13d936c35
[tx-robot] updated from transifex 2018-10-24 00:12:41 +00:00
Roeland Jago Douma 3e8a38fc57
Merge pull request #11995 from nextcloud/stable14-11967-fix-opening-a-section-again-in-the-files-app
[stable14] Fix opening a section again in the Files app
2018-10-23 20:05:25 +02:00
Morris Jobke 52c3285de4
Merge pull request #11994 from nextcloud/assemblly-stream-lazy-14
lazy open first source stream in assemblystream
2018-10-23 19:19:35 +02:00
Morris Jobke e88c8d15ba
Merge pull request #11961 from nextcloud/backport/11931/stable14
[14] Do not emit preHooks twice on non-part-storage
2018-10-23 18:16:59 +02:00
Robin Appelman 0803de9b91
lazy open first source stream in assemblystream
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-10-23 17:44:31 +02:00
Nextcloud bot 7894c40f54
[tx-robot] updated from transifex 2018-10-23 14:54:39 +00:00
Daniel Calviño Sánchez c1e37bb387 Add acceptance tests for opening a section in the Files app
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-23 16:44:29 +02:00
Daniel Calviño Sánchez 9801b5af36 Remove event handler no longer needed
The custom handler for "URL changed" events were added to reload the
file list whenever the sections for favorites and shares were opened;
this was used to fix the problem of not reloading the file lists when
opening them for a second time. However, besides that the handlers were
not really necessary, and as the root of the bug was fixed in the
previous commit those handlers are now removed.

The file list for tags uses the handler for a different purpose, though,
so that one was kept.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-23 16:44:29 +02:00
Daniel Calviño Sánchez 73125667d4 Fix opening a section again in the Files app
When a section is open in the Files app a "show" event is triggered.
File list objects handle that event by reloading themselves, but only
if the file list was shown at least once. However, the file list objects
of plugins are created when the "show" event is triggered for the first
time for their section; as the file list objects register their handler
for the "show" event when they are created they never handle the first
triggered "show" event, as the handler is set while that event is being
already handled. Therefore, from the point of view of the handler, the
second time that a "show" event was triggered it was seen as if the file
list was shown for the first time, and thus it was not reloaded. Now the
"shown" property is explicitly set for those file lists that are created
while handling a "show" event, which causes them to be reloaded as
expected when opening their section again.

Note that it is not possible to just reload the file list whenever it is
shown; the file list is reloaded also when the directory changes, and
this can happen when the web page is initially loaded and the URL is
parsed. In that case, if file lists were reloaded when shown for the
first time then it could be reloaded twice, one with the default
parameters due to the "show" event and another one with the proper
parameters once the URL was parsed, and the files that appeard in the
list would depend on which response from the server was received the
last.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-23 16:44:26 +02:00
Daniel Calviño Sánchez ea047e3201 Fix indentation
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-23 16:43:20 +02:00
Morris Jobke 8c40be01f2
Merge pull request #11925 from nextcloud/backport/11920/properly-ignore-compiled-files-l10n
[stable14] Add .l10nignore files for compiled assets
2018-10-23 16:30:40 +02:00
Morris Jobke 0d28b603f9
Merge pull request #11979 from nextcloud/bugfix-stable14/noid/forbid_freebusy_but_allow_local_delivery
[stable14] allow local delivery of schedule message while prohibiting FreeBusy requests
2018-10-23 16:03:50 +02:00
Roeland Jago Douma d9c080120e
Merge pull request #11976 from nextcloud/bugfix-stable14/9326/make_sure_usermanager_getByEmail_only_returns_IUser
[stable14] filter null values for UserManager::getByEmail
2018-10-23 15:15:23 +02:00
Roeland Jago Douma 304fcdf837
Merge pull request #11990 from nextcloud/backport/11972/fix-l10n-fetching-from-theme
[stable14] Load apps/APP/l10n/*.js and themes/THEME/apps/APP/l10n/*.js
2018-10-23 11:50:58 +02:00
Morris Jobke 9ea758758e
Load apps/APP/l10n/*.js and themes/THEME/apps/APP/l10n/*.js
Before it quit right after finding the theme version of the l10n file which results in a not translated part of the UI.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-23 10:22:47 +02:00
Georg Ehrke 4bbd3fa108
move disableFreeBusy check from User principal backend to Scheduling Outbox collection. This allows to keep local delivery of scheduling messages while prohibiting FreeBusy requests
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-10-22 16:01:49 +02:00
Georg Ehrke 554c80b403
filter null values for UserManager::getByEmail
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-10-22 15:51:57 +02:00
Morris Jobke 7ca126299e
Merge pull request #11950 from Birkenstab/allow-same-origin-referrer-policy-backport
Allow "same-origin" as "Referrer-Policy" (Backport to stable14)
2018-10-22 15:35:44 +02:00
Roeland Jago Douma e81f42333b
Do not emit preHooks twice on non-part-storage
The old code would emit the hooks twice. Thus having the version written
twice. Which is not very performant as it is first read twice as well.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 13:58:07 +02:00
Moritz Beck ea613a896a Allow "same-origin" as "Referrer-Policy"
Fixes #11531

Although "same-origin" is more strict than e.g. strict-origin it showed up a warning in setupcheck
Based on https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Signed-off-by: Moritz Beck <git@birkenstab.de>
2018-10-20 12:01:48 +02:00
Roeland Jago Douma 76b3bbc415
Merge pull request #11939 from nextcloud/backport/11611/stable14
[14] Allow userId to be null
2018-10-19 19:30:34 +02:00
Roeland Jago Douma 5c8719aa03
Allow userId to be null
Fixes #10852

A quick hack. Still ensures some type safety however now also accepts
null. Else we'd need to add a whole new layer of middlewares.

This can only happen when a guest user wants to access a controller that
requries the user_id.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-19 16:25:14 +02:00
Morris Jobke 61fe59795f
Merge pull request #11929 from nextcloud/backport/11870/proper-column-name-escaping
[stable14] Properly escape column name in "createFunction" call
2018-10-19 15:48:41 +02:00
Morris Jobke 2885db8e9b
Merge pull request #11772 from nextcloud/stable14-pretty-urls-dont-work
[14] Allow overwrite.cli.url without trailing slash
2018-10-19 12:16:22 +02:00
Morris Jobke f6cdab6b11
Properly escape column name in "createFunction" call
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-19 12:12:52 +02:00
Morris Jobke 858ec0a777
Add .l10nignore files for compiled assets
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-19 11:40:16 +02:00
Joas Schilling c1fbf70d83
Merge pull request #11851 from nextcloud/backport/11802/fix-password_by_talk-not-a-boolean
[stable14] Fix a case where "password_by_talk" was not a boolean
2018-10-16 16:32:06 +02:00
Morris Jobke 9454de50b4
Fix a case where "password_by_talk" was not a boolean (e.g. null or "0") and actively cast it to a boolean
This was the error message that we have seen:

```
Argument 1 passed to OC\\Share20\\Share::setSendPasswordByTalk() must be of the type boolean, null given, called in apps/sharebymail/lib/ShareByMailProvider.php on line 981
```

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-15 17:51:09 +02:00
Joas Schilling c17ec81652
Merge pull request #11798 from nextcloud/backport/11782/stable14
[stable14] Add "Referrer-Policy" to htaccess file, addresses issue #11099
2018-10-15 11:06:28 +02:00
Bjoern Schiessle 49b98b52ce
add more tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-12 16:13:57 +02:00
Roeland Jago Douma 91c44c84cf
Merge pull request #11790 from nextcloud/backport/11745/stable14
[14] php7.3 CI
2018-10-12 15:32:33 +02:00
Patrik Kernstock 2b0d0e5b97 Add "Referrer-Policy" to htaccess file, addresses issue #11099
Signed-off-by: Patrik Kernstock <info@pkern.at>
2018-10-12 14:27:06 +02:00
Roeland Jago Douma 59d5d48e9d
Merge pull request #11781 from burned42/stable14_fix_percent_sign_breaking_all_files_view
[stable14] Remove duplicate call to decodeURIComponent
2018-10-12 12:30:03 +02:00
Roeland Jago Douma e7d20cdb5e
Allow php7.3
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-12 12:21:19 +02:00
Roeland Jago Douma bddf937e14
Add 7.3 CI to drone
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-12 12:21:06 +02:00
Morris Jobke 549d53cd93
Merge pull request #11784 from nextcloud/release/14.0.3
14.0.3
2018-10-12 08:46:59 +02:00
Roeland Jago Douma af1ccb9b46
14.0.3
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 20:41:34 +02:00
Roeland Jago Douma db03468911
Merge pull request #11770 from nextcloud/backport/11764/stable14
[14] Normalize getUnjailedPath
2018-10-11 20:19:10 +02:00
Bernd Stellwag 86b2e7d2e7 Remove duplicate call to decodeURIComponent
Signed-off-by: Bernd Stellwag <burned@zerties.org>

(cherry picked from commit 0f030d885b)
Signed-off-by: Bernd Stellwag <burned@zerties.org>
2018-10-11 18:40:31 +02:00
Daniel Kesselberg 4f983b7565
Backport https://github.com/nextcloud/server/pull/11446
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-11 15:14:33 +02:00
Roeland Jago Douma 18c35e6060
Normalize getUnjailedPath
Fixes #11637

If we do not normalize the unjailed path we might end up with a path
like files/user/folder/. which can break on objectstores

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 14:49:32 +02:00
Morris Jobke feb8a795ea
Merge pull request #11761 from nextcloud/stable14-11756-ignore-session-lifetime-if-it-can-not-be-converted-to-a-number
[stable14] Ignore "session_lifetime" if it can not be converted to a number
2018-10-11 13:25:20 +02:00
Daniel Calviño Sánchez a246cc10fd Ignore "session_lifetime" if it can not be converted to a number
When "session_lifetime" can not be converted to a number the interval
becomes a NaN due to dividing it by 2. This NaN was "dragged" over all
the other mathematical operations and caused the csrftoken to be got
again and again due to an infinite loop with no pauses in "setInterval".
Now, the interval is set to the default value instead if the
"session_lifetime" can not be converted to a number.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-11 11:56:12 +02:00
Roeland Jago Douma 55e737afb1
Merge pull request #11662 from nextcloud/fix/11468/app-menu-scrollbar-14
[14] Fixes the apps menu scrollbar
2018-10-11 11:38:49 +02:00
Morris Jobke 51813f76d9
Merge pull request #11751 from nextcloud/release/14.0.2
14.0.2
2018-10-11 09:43:02 +02:00
Roeland Jago Douma 53fb47802c
14.0.2
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 08:56:36 +02:00
Morris Jobke 5bf4bc7ed1
Merge pull request #11738 from nextcloud/backport/11733/fix-setupcheck-14
[stable14] Fix a misleading setup check for .well-known/caldav & carddav
2018-10-11 08:49:57 +02:00