Roeland Jago Douma
f2e70441e4
[Share 2.0] Add getShareManager to OCP\IServerContainer
2016-01-27 22:04:37 +01:00
Lukas Reschke
a977465af5
Add new CSRF manager for unit testing purposes
...
This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf . Due to some of our required custom changes it is however not possible to use the Symfony component directly.
2016-01-25 20:03:40 +01:00
Thomas Müller
7731b29136
Merge pull request #21719 from owncloud/move-notification-api-to-ocp
...
Move the notification API to public namespace
2016-01-22 16:20:26 +01:00
Joas Schilling
31c5848e51
Allow automatic injection of the Manager
2016-01-22 11:02:40 +01:00
Robin McCorkell
da4127d23b
Introduce CredentialsManager for storage of credentials in DB
...
CredentialsManager performs a simple role, of storing and retrieving
encrypted credentials from the database. Credentials are stored by user
ID (which may be null) and credentials identifier. Credentials
themselves may be of any type that can be JSON encoded.
The rationale behind this is to avoid further (mis)use of
oc_preferences, which was being used for all manner of data not related
to user preferences.
2016-01-18 11:10:41 +01:00
Robin McCorkell
88cd615214
Introduce IDBConnection::setValues()
...
setValues() attempts to insert a new row, or failing that, update an
existing row. The ability to set preconditions is also available.
2016-01-18 11:10:41 +01:00
Thomas Müller
682821c71e
Happy new year!
2016-01-12 15:02:18 +01:00
Roeland Jago Douma
98c4951f45
getLowStrengthGenerator does not do anything anymore
2016-01-11 19:59:15 +01:00
Roeland Jago Douma
cd35ad6aaa
Add 'OCP\Files\IMimeTypeDetector' to DI container
...
* Added test to server container as well
2016-01-07 13:20:43 +01:00
Bernhard Posselt
23c754aed3
prefer scalar type hints over phpdoc annotation
...
use method exists lookup to be safe and not break on old hhvm versions
add test that checks if type hint is preferred over annotation
2015-12-24 09:20:26 +01:00
Joas Schilling
412e4ed3f6
Register app containers in the OC container
2015-12-18 13:45:07 +01:00
Thomas Müller
6317ba8cb4
Merge pull request #21135 from owncloud/add-polyfill
...
Add polyfills for PHP55, PHP56 and PHP70 functionalities
2015-12-11 11:40:51 +01:00
Lukas Reschke
f3360d51c6
Use PHP polyfills
2015-12-11 08:47:36 +01:00
Scrutinizer Auto-Fixer
ffc49a24f0
Scrutinizer Auto-Fixes
...
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-12-10 16:43:37 +01:00
Lukas Reschke
7c45eaa70b
Add type description
...
Allows IDEs and static code analyzers. Would have saved me some minutes today :)
2015-12-08 15:20:54 +01:00
Scrutinizer Auto-Fixer
453e1bf66e
Scrutinizer Auto-Fixes
...
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-12-07 15:43:36 +00:00
Thomas Müller
602b636d3e
Merge pull request #20807 from owncloud/dont-append-redirect-url-if-user-is-already-logged-in
...
Don't append redirect URL if user is logged-in
2015-12-03 16:53:59 +01:00
Joas Schilling
44852ce324
Allow DI for OCP\Files\IMimeTypeDetector
2015-12-01 16:49:20 +01:00
Joas Schilling
3c5a6b829e
Allow DI the system tag stuff without Application class
2015-11-30 17:08:29 +01:00
Lukas Reschke
f4eb15d340
Show error template
...
Otherwise this leads to an endless redirection in case of a CSRF exception. Also sets user expectation right.
2015-11-30 11:25:52 +01:00
Thomas Müller
bdbefe17d6
Merge pull request #20782 from mitar/better-https
...
Also allow empty value for no-HTTPS
2015-11-27 14:24:23 +01:00
Mitar
59511d97ee
Also allow empty value for no-HTTPS.
...
This makes it work better with old version of Nginx.
2015-11-27 01:01:56 -08:00
Morris Jobke
7aed592957
Add full interface of server container as alias
2015-11-26 18:20:25 +01:00
Robin Appelman
2d7c9f0ba9
also match ie11 with Request::USER_AGENT_IE
2015-11-22 16:05:52 +01:00
Thomas Müller
358858c9e3
Fix undefined HTTP_USER_AGENT
2015-11-22 16:05:50 +01:00
Lukas Reschke
daa388ce8d
Move index.php from files to AppFramework
...
1. Allows it to use the more secure CSP rules of the AppFramework.
2. Adds some unit tests.
2015-11-16 21:10:11 +01:00
Robin Appelman
d514200b56
Add escapeLikeParameter to IDBConnection
2015-11-05 16:41:30 +01:00
Lukas Reschke
bafb86fb9f
Use getHttpProtocol instead of $_SERVER
2015-10-30 18:05:30 +01:00
Lukas Reschke
8f09d5b67c
Update license headers
2015-10-26 14:04:01 +01:00
Lukas Reschke
8133d46620
Remove dependency on ICrypto + use XOR
2015-10-21 17:33:41 +02:00
Morris Jobke
a0743f12c6
Provide IAppContainer as dependency injection
2015-10-20 10:33:53 +02:00
Morris Jobke
bf579a153f
fix IE8 user agent detection
2015-10-09 11:19:06 +02:00
Thomas Müller
020bb33150
Merge pull request #19034 from owncloud/http-request-warning
...
Prevent warning decoding content
2015-10-08 21:51:47 +02:00
Thomas Müller
8d2c8cf2a2
Merge pull request #19607 from owncloud/use-url
...
Use `/` if installed in main folder
2015-10-08 13:01:41 +02:00
Lukas Reschke
6a4f22c61f
Use `/` if installed in main folder
...
Otherwise an empty string is used indicating the cookie is only valid for those resources. This can lead to eunexpected behaviour.
Fixes https://github.com/owncloud/core/issues/19196
2015-10-06 15:24:19 +02:00
Lukas Reschke
80a232da6a
Add \OCP\IRequest::getHttpProtocol
...
Only allow valid HTTP protocols.
Ref https://github.com/owncloud/core/pull/19537#discussion_r41252333 + https://github.com/owncloud/security-tracker/issues/119
2015-10-06 14:18:46 +02:00
Morris Jobke
8366ce2767
deduplicate @xenopathic
2015-10-06 09:52:19 +02:00
Morris Jobke
b945d71384
update licence headers via script
2015-10-05 21:15:52 +02:00
Jörn Friedrich Dreyer
d81416c51d
return '' instead of false
2015-09-23 12:32:49 +02:00
Joas Schilling
ee75f9f594
Fix type hint errors in the container and the interface
2015-09-23 10:13:41 +02:00
Robin McCorkell
31a8949adf
Prevent warning decoding content
2015-09-14 22:36:40 +01:00
Bernhard Posselt
fd74522804
make resolve public to avoid boiler plate code
...
add resolve to public interface
2015-09-13 17:44:24 +02:00
Roeland Jago Douma
f12caf930e
Properly return 304
...
The ETag set in the IF_NONE_MODIFIED header is wraped in quotes (").
However the ETag that is set in response is not (yet). Also we need to
cast the ETag to a string.
* Added unit test
2015-09-01 11:04:41 +02:00
Robin McCorkell
e60c4bada1
Decode request content only on getContent
2015-08-31 01:05:25 +01:00
Thomas Müller
534b2e407a
Merge pull request #17662 from owncloud/locking-db
...
Database backend for locking
2015-08-26 03:56:37 +02:00
Lukas Reschke
8313a3fcb3
Add mitigation against BREACH
...
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:
1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data
Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.
To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
Thomas Müller
abd3d5c6a5
Merge pull request #17982 from owncloud/appframework-sanitize-name
...
Sanitize class names before registerService/query
2015-08-12 12:19:24 +02:00
Robin McCorkell
cd0a2874de
Merge pull request #17852 from owncloud/register-alias-factory
...
Add test for factories
2015-08-11 13:30:56 +01:00
Robin McCorkell
8944af57cb
Set default `forwarded_for_headers` to 'HTTP_X_FORWARDED_FOR'
2015-08-10 23:04:52 +02:00
Robin Appelman
58e96e53b0
add method to check if we're inside a transaction
2015-08-10 14:15:44 +02:00