Michael Göhler
ae1f33db54
implement fixed php session timeout and session id regeneration
2012-10-14 22:36:26 +02:00
Michael Göhler
b92fd984aa
removed username and password from token generation
2012-10-14 22:36:26 +02:00
Michael Göhler
a6c4046f48
fixed typo and redundant method call
2012-10-14 22:36:25 +02:00
Michael Göhler
d8fe6fbb40
added a warning message to the log when a cookie is rejected
2012-10-14 22:36:25 +02:00
Michael Göhler
382f8d060c
fixed wrong variable usage
2012-10-14 22:36:25 +02:00
Michael Göhler
38b9bffaea
call unsetMagicInCookie if token is invalid
2012-10-14 22:36:25 +02:00
Michael Göhler
eb79ccafe3
forgot a class name
2012-10-14 22:36:25 +02:00
Michael Göhler
2ea06f67bd
delete all tokens on password change
2012-10-14 22:36:25 +02:00
Michael Göhler
45f1c3f120
further improvements on multiple login token support
...
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
2012-10-14 22:36:25 +02:00
Michael Göhler
ee5d0f328f
improve token security
...
switched from time() to internal method OC_Util::generate_random_bytes()
2012-10-14 22:36:25 +02:00
Bart Visscher
4b799a6982
Make the lifetime of the remember login cookie
2012-10-14 22:36:25 +02:00
Bart Visscher
7f3e0b5566
Cleanup login tokens on login success
2012-10-14 22:36:25 +02:00
Bart Visscher
1012d317e3
Add support for multiple login cookie tokens
2012-10-14 22:36:25 +02:00
Michael Göhler
7095b3a083
extend logon page to display multiple error messages
2012-10-14 19:57:24 +02:00
Bart Visscher
9a35bd76fb
Use resolved path for require_once in autoloader
2012-10-12 15:47:41 +02:00
Bart Visscher
2c3674ea87
Add logging when stripping apps from autoload include path
2012-10-10 21:06:15 +02:00
Bart Visscher
fe40277ec2
Use __DIR__ instead of __FILE__ to get SERVERROOT
2012-10-10 21:06:15 +02:00
Lukas Reschke
cda2135966
Send a HSTS HTTP header to enforce SSL
2012-10-10 18:56:14 +02:00
Arthur Schiwon
3affeb5bd7
destroy invalid sessions
2012-10-08 13:36:11 +02:00
Bart Visscher
f3a211c03c
Implement routing on javascript side
2012-10-05 09:42:36 +02:00
Robin Appelman
f8eebcbb01
reload the current url when login in instead of always redirecting to the default app (oc-1873)
2012-09-30 03:47:37 +02:00
Lukas Reschke
578aa4e425
Removed sectoken
...
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:18:38 +02:00
Bart Visscher
c9317b5a68
Merge branch 'master' into routing
2012-09-28 21:41:21 +02:00
Bart Visscher
bf1057143c
Merge branch 'master' into routing
...
Conflicts:
apps/files/js/filelist.js
core/js/js.js
lib/ocs.php
2012-09-28 15:38:49 +02:00
Christian Reiner
743826bbf3
Reimplementation of CSRF protection including autorefresh
2012-09-28 13:30:44 +02:00
VicDeo
2b6869bcea
Uncaught exception logging
2012-09-26 14:38:06 +03:00
Lukas Reschke
c4fc291fa7
Passwords containing a ":" don't work with this explode
...
Thanks to mETz
2012-09-25 19:57:40 +02:00
Victor Dubiniuk
bbf8bb0bb3
Log PHP errors to the OC log
2012-09-12 22:30:04 +03:00
Michael Gapczynski
c5f9b887ff
Don't call clearCache() for OC_Minimizer statically, create OC_Minimizer objects for both CSS and JS to clear cache after upgrade
2012-09-12 01:18:07 -04:00
Robin Appelman
46422e6dbe
don't use regular expresions for a simple string replace
2012-09-08 23:40:23 +02:00
Bart Visscher
ceec5e593c
Remove redundant loadApps
2012-09-07 16:19:08 +02:00
Bart Visscher
5eba579827
Merge branch 'master' into routing
...
Conflicts:
apps/files/js/fileactions.js
lib/base.php
lib/helper.php
lib/ocs.php
2012-09-07 15:51:44 +02:00
Thomas Mueller
3829460ab8
adding space between) and {
2012-09-07 15:22:01 +02:00
Bart Visscher
5e55b4d6e7
Whitespace fixes in lib
2012-09-07 14:08:29 +02:00
Bart Visscher
9ea7817a40
Remove core.{css,js} cache on upgrade
2012-09-07 13:42:22 +02:00
Thomas Müller
9eccc0121a
Respect coding style
2012-09-05 13:22:38 +03:00
Thomas Müller
7901fc33a8
fixing syntax error
2012-09-04 15:54:38 +03:00
Thomas Müller
aff08925c1
fixing syntax error - sorry for that
2012-09-04 15:46:43 +03:00
Thomas Müller
2028500c0a
fixing syntax error - sorry for that
2012-09-04 15:42:58 +03:00
Thomas Müller
e4e0b5a822
Respect coding style
2012-09-04 15:34:09 +03:00
Robin Appelman
2508f64efe
set debug mode if an xdebug session is active
2012-09-01 20:52:13 +02:00
Robin Appelman
a7255181ad
fix autoloader throwing errors for non-oc classes
2012-09-01 15:36:52 +02:00
Robin Appelman
3dacf149de
allow configuring user backends in config.php
2012-09-01 02:50:27 +02:00
Robin Appelman
f67aef608f
load authentication apps on login
2012-09-01 02:50:27 +02:00
Robin Appelman
ebd813ae95
don't throw errors in the autoloader when a class doesn't exist
2012-09-01 02:50:27 +02:00
Bart Visscher
b483f2aab8
Merge branch 'master' into routing
...
Conflicts:
apps/contacts/js/contacts.js
apps/contacts/lib/search.php
apps/files_archive/js/archive.js
apps/gallery/lib/tiles.php
apps/gallery/templates/index.php
lib/ocs.php
2012-08-30 21:49:28 +02:00
Bart Visscher
db18218a1b
Space before tab fixes
2012-08-29 20:34:44 +02:00
Bart Visscher
52f2e7112e
Whitespace fixes in lib
2012-08-29 20:28:45 +02:00
Bart Visscher
53e51fe46b
Clean user cache on login
2012-08-28 23:07:28 +02:00
Bart Visscher
8a02a8852f
Add background job for global file cache cleanup
2012-08-28 23:07:28 +02:00
Bart Visscher
63af75586b
Merge branch 'master' into routing
2012-08-15 17:39:00 +02:00
Bart Visscher
db4111f6d5
Routing: Add some core routes
2012-08-12 16:52:36 +02:00
Bart Visscher
8c02494744
Routing: Prepare load funtions to be called from OC_Router
2012-08-12 16:16:22 +02:00
Lukas Reschke
0d8df3f55c
Revert "Combine install checks in lib/base.php"
...
This reverts commit aa9fbf6639
.
2012-08-11 17:07:35 +02:00
Michael Gapczynski
465767670b
Check blacklist when renaming files
2012-08-11 11:04:04 -04:00
Bart Visscher
1025e451a7
Add router match to OC::handleRequest
2012-08-11 01:36:16 +02:00
Bart Visscher
c2160433cd
Merge branch 'master' into routing
...
Conflicts:
lib/base.php
2012-08-11 00:43:26 +02:00
Bart Visscher
72b2324b68
Move loading of routes to OC::getRouter function
2012-08-10 23:31:11 +02:00
Bart Visscher
3722928c46
Change access to router object to getter function
2012-08-10 23:30:04 +02:00
Bart Visscher
3e8b6e816a
Create OC_Router in OC::init
2012-08-10 23:03:57 +02:00
Lukas Reschke
8ec45870a3
Validate cookie properly and prevent auth bypass
...
BIG (!) thanks to Julien CAYSSOL
2012-08-10 15:28:59 +02:00
Jakob Sack
0ea4fa298c
Backgroundjobs: don't try to access OC_Appconfig if ownCloud has not been installed
2012-08-10 13:53:40 +02:00
Jakob Sack
81b997b56e
Merge branch 'backgroundjobs'
2012-08-10 13:00:51 +02:00
Bart Visscher
82b10954e7
Simplify loading app php script files
2012-08-10 12:27:37 +02:00
Bart Visscher
5e7086adc9
Move login handling to OC class
2012-08-10 12:17:13 +02:00
Bart Visscher
83403784d1
Always load when the requested file is css
2012-08-10 11:43:04 +02:00
Bart Visscher
da07245f59
Move OC::loadfile and OC::loadapp next to OC::handleRequest
2012-08-10 11:43:04 +02:00
Bart Visscher
e3c732040b
Make OC::loadfile and OC::loadapp protected, only used in OC::handleRequest
2012-08-10 11:43:04 +02:00
Bart Visscher
0973969386
Cleanup OC::loadfile
2012-08-10 11:43:04 +02:00
Bart Visscher
aa9fbf6639
Combine install checks in lib/base.php
2012-08-10 11:43:04 +02:00
Jakob Sack
889f0a1c6d
rename appconfig keys for backgroundjobs
2012-08-09 10:40:39 +02:00
Jakob Sack
13a0818fec
Be more precise regarding backgroundjobs mode
2012-08-09 01:02:05 +02:00
Bart Visscher
3387454094
Move login code from index.php to OC class
2012-08-08 22:42:51 +02:00
Bart Visscher
9156fb73fd
Move handling request of index.php to OC class
2012-08-08 22:42:50 +02:00
Bart Visscher
7522a23693
Remove unused RUNTIME_NOSETUPFS var
2012-08-08 22:42:50 +02:00
Bart Visscher
99ce7ba1df
Move serverHost and serverProtocol functions to OC_Request
2012-08-07 20:43:00 +02:00
Bart Visscher
6d0390dcca
Fix rewriting GET parameters with ? in REQUESTEDAPP
2012-08-07 20:43:00 +02:00
Bart Visscher
d579defc66
Merge branch 'master' into routing
2012-07-25 17:51:36 +02:00
Arthur Schiwon
57c375ea24
Support for OCA namespace
2012-07-25 12:56:08 +02:00
Bart Visscher
d0cae6a99a
Very basic conversion of ocs to Symfony Routing Component
2012-07-21 19:43:50 +02:00
Robin Appelman
33b8de91ea
allow a more flexible way of using user backends
2012-07-19 16:31:55 +02:00
Bart Visscher
621b83df72
Remove referer check, this is unreliable. The header doesnt need te exist, or can be wrong
2012-07-04 17:51:07 +02:00
Robin Appelman
12f7cb8767
fix running tests from cli
2012-06-27 13:21:45 +02:00
Bart Visscher
2f0b4983e9
Move app upgrade check to loading of apps
2012-06-27 01:05:12 +02:00
Brice Maron
09a9f5400e
Trim url and path of appsroot to have and standart type of path fix oc-1107
2012-06-25 15:50:27 +02:00
Brice Maron
df60d6d5d2
Fixes for multi app dir :
...
Url should be given as relative path (to webroot)
Correct link construction from js
2012-06-22 12:24:56 +02:00
Brice Maron
b5953e7a83
Provide solution for smoother migration for apps to multi-app dir
2012-06-21 22:22:36 +00:00
Brice Maron
e5c56b2433
Merge branch 'master' into multi_app_dir
...
Conflicts:
lib/app.php
lib/base.php
lib/minimizer/css.php
lib/minimizer/js.php
lib/template.php
lib/util.php
2012-06-21 17:15:35 +00:00
Bart Visscher
6404476bec
Delay setup of FS until OC_Filesystem is used
2012-06-20 17:10:49 +02:00
Bart Visscher
f54ef5a464
Remove OC::$CONFIG_DATADIRECTORY, not used
2012-06-19 22:54:14 +02:00
Bart Visscher
332603a263
Move formfactor code to OC_Template
2012-06-18 15:40:48 +02:00
Bart Visscher
977cd0df6b
Fix errors for minimizer
2012-06-18 11:33:24 +02:00
Bart Visscher
6e9cd63fa1
Only check for apps owncloud version requirment when there is a new owncloud version
2012-06-16 20:52:10 +02:00
Bart Visscher
6d3ae575b6
Remove $DOCUMENTROOT, not used
2012-06-16 00:11:36 +02:00
Brice Maron
4753cc3ebd
Merge branch 'master' into multi_app_dir
...
Conflicts:
apps/bookmarks/ajax/addBookmark.php
config/config.sample.php
lib/app.php
remote.php
2012-06-14 21:16:59 +00:00
Brice Maron
6da5a2fdd4
Add possibility to choose the installation folder
2012-06-14 21:00:02 +00:00
Robin Appelman
76de92477f
fix infinite redirect during setup for windows hosts
2012-06-09 14:38:05 +02:00
Georg Ehrke
bdd12df4a2
fix loading of OC::$REQUESTEDAPP if WTFE the app parameter is given but empty aka /?app
2012-06-08 22:31:44 +02:00
Brice Maron
9ec68c819b
Change parameter 'web' to 'url' and take array of array in config instead of : separated values
2012-06-07 20:36:55 +00:00
Bart Visscher
4260dce826
Better handling of core.css and core.js
...
Fixes calling remote.php on install.
Fixes http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-933
2012-06-07 21:35:40 +02:00
Brice Maron
0f7fdd4148
ReAdd possibility to load existing app folders
2012-06-07 19:15:31 +00:00
Brice Maron
e8447e0bda
Rework to fit with minizer
2012-06-06 21:11:15 +00:00
Brice Maron
cc494259d3
Unit path and webpath, correct some more
2012-06-06 20:24:15 +00:00
Brice Maron
b6c5ca126b
First almost working version
2012-06-06 20:23:17 +00:00
Arthur Schiwon
6ca2b49292
avoid too-early database access and thus make owncloud installable again
2012-06-06 17:29:57 +02:00
Bart Visscher
57326ea1f8
Move setting remote_core.* to after setup of OC, also check if it is not set yet
2012-06-05 17:51:52 +02:00
Frank Karlitschek
e747fd794e
fix login for hosts running on port 80
2012-06-05 15:26:31 +02:00
Frank Karlitschek
e3031ae28b
more reliable host detection for reverse proxy servers
2012-06-05 12:52:23 +02:00
Bart Visscher
4a5973662c
Merge branch 'unstable'
...
Conflicts:
apps/files_external/tests/config.php
apps/files_versions/ajax/getVersions.php
apps/files_versions/appinfo/app.php
apps/files_versions/history.php
apps/files_versions/js/versions.js
apps/files_versions/templates/history.php
apps/files_versions/versions.php
lib/base.php
2012-06-04 23:02:05 +02:00
Frank Karlitschek
75d56f24f2
try to switch magic quotes off.
...
it´s evil and deprecated
2012-06-01 12:41:38 +02:00
Frank Karlitschek
24d14783d7
added a serverProtocol function that correctly returns the used protocol even if the ssl connection is terminated at a reverse_proxy or at a load balancer
2012-06-01 10:38:44 +02:00
Michael Gapczynski
fbe58755e5
Restrict requested app to apps directory
2012-05-29 12:31:47 -04:00
Frank Karlitschek
a945fa10a6
update copyright
2012-05-26 19:14:24 +02:00
Frank Karlitschek
24318354f2
changed the default from Berlin to UTC.
...
Greetings form Berlin by the way ;-)
2012-05-24 00:49:21 +02:00
Robin Appelman
60fdc13ae6
enable running unit tests from cli
2012-05-22 20:22:53 +02:00
Robin Appelman
b096fd9ed8
log upgrades
2012-05-19 01:55:20 +02:00
Bart Visscher
ce1e4425c2
Combine and minimize core and default app js files
2012-05-16 18:53:46 +02:00
Bart Visscher
f71fec8cdc
Combine and minimize core and default app css files
2012-05-16 18:53:46 +02:00
Bart Visscher
5d72681d10
Better place to check caching headers
2012-05-16 18:52:40 +02:00
Robin Appelman
9eb91a111d
update to jquery 1.7.2
2012-05-12 00:37:19 +02:00
Bart Visscher
919681f3e6
Make processed css files cachable
2012-05-11 21:33:02 +02:00
Bart Visscher
97233b77cd
Remove DOCUMENTROOT static var, and make SUBURI var private
2012-05-11 21:31:51 +02:00
Georg Ehrke
8f2217ca2e
make default app choosable
2012-05-11 13:56:52 +02:00
Michael Gapczynski
de95bf62a2
Prevent any null bytes related exploits, thanks to Lukas Reschke
2012-05-10 11:44:06 -04:00
Bart Visscher
c2230580c1
Remove unused OC static variable CONFIG_DATADIRECTORY_ROOT
2012-05-10 09:14:27 +02:00
Georg Ehrke
d032345191
fix validation of getfile parameter - i hate this bloody merge conflicts
2012-05-07 13:23:55 +02:00
Georg Ehrke
da03d05700
create folder 'remote' for the remote services like caldav, carddav and webdav
2012-05-02 16:41:23 +02:00
Georg Ehrke
3aedbc5f95
remove debug message
2012-04-27 22:22:58 +02:00
Georg Ehrke
06e9ac8591
fix parsing of app parameter and fix external app
2012-04-27 22:22:03 +02:00
Georg Ehrke
993d655aad
Merge branch 'master' into movable_apps_2
2012-04-27 10:30:50 +02:00
Frank Karlitschek
ee0cb68f5e
some csrf fixes. needs testing
2012-04-27 01:18:21 +02:00
Georg Ehrke
5483c1be42
hide fails
2012-04-26 21:58:43 +02:00
Georg Ehrke
5fda0e4b3b
make *DAV work with movable apps
2012-04-26 21:56:29 +02:00
Georg Ehrke
2b10371bde
fix merge conflicts
2012-04-26 18:08:49 +02:00
Georg Ehrke
40f95ffdf3
fix security check for the path of the requested file
2012-04-26 17:55:00 +02:00
Georg Ehrke
3f64eb25ab
some fixes fore movable apps
2012-04-26 14:52:55 +02:00
Georg Ehrke
476043ecb9
add a proper 404
2012-04-25 10:17:20 +02:00
Georg Ehrke
fb84d0aff8
fix php fail
2012-04-24 21:37:19 +02:00
Georg Ehrke
9b29bc96de
remove debug message
2012-04-24 21:36:54 +02:00
Georg Ehrke
95c220a246
remove debug code in lib base
2012-04-23 20:31:03 +02:00
Georg Ehrke
19109afa79
fix bug in lib base
2012-04-23 20:11:21 +02:00
Georg Ehrke
42a570788b
Merge branch 'master' into movable_apps
2012-04-23 19:56:07 +02:00
Georg Ehrke
6d92ebca45
use native functions of php to parse the string into the Var
2012-04-23 17:09:28 +02:00
Georg Ehrke
9226cb7a6a
rename var file to getfile to prevent fails in files app
2012-04-23 16:36:24 +02:00
Frank Karlitschek
f5c9fe9ece
first step to an public api of ownCloud for the apps. In the future they shouldn´t call internall classes, functions or session variables because this will change and break in upcoming versions. Apps should only call this public interface that we will kepp stable over different releases. The namespace is OCP for ownCloud public. This is just the first step. more coming soon
2012-04-23 15:50:30 +02:00
Georg Ehrke
99a473bd62
support file calls with parameter
2012-04-20 22:33:30 +02:00
Georg Ehrke
2e85313701
optimize code
2012-04-19 22:26:36 +02:00
Georg Ehrke
909282c81e
remove parameters in file var before call require once
2012-04-19 22:25:21 +02:00
Georg Ehrke
85019887df
add loading of files
2012-04-19 16:44:49 +02:00
Georg Ehrke
3e0e6e35f4
open app thru index.php
2012-04-18 08:20:51 +02:00