19e1d35373
Fix path for fileinfomodel in subdirectories
2015-09-15 14:29:37 +02:00
1c792b9f43
normal margins for portrait previews
2015-09-15 14:29:37 +02:00
decdaf0018
Merge pull request #19024 from owncloud/remove-get_temp_dir
...
Remove get_temp_dir()
2015-09-15 14:18:29 +02:00
474f13c9d6
Merge pull request #19041 from owncloud/issue-19007-parameter-name
...
Fix parameter name to match the specs
2015-09-15 14:15:46 +02:00
2f4a1c9c2c
Merge branch 'master' into dont-add-requestheaders-for-cross-domain-requests
2015-09-15 14:04:40 +02:00
7953cc9494
Function does return void
...
This function does return void and not a bool.
2015-09-15 14:02:10 +02:00
e82a225d04
Merge pull request #18964 from owncloud/availability-integer
...
Use integer for availability instead of bool
2015-09-15 13:24:55 +02:00
b6fe5b6f3c
Merge pull request #19039 from owncloud/setup-autoloader-earlier
...
Define allowed app roots earlier
2015-09-15 13:24:35 +02:00
665716095b
Fix parameter name to match the specs
2015-09-15 12:14:14 +02:00
8e1b403b16
Catch apps which have been removed manually
2015-09-15 12:10:23 +02:00
4680691ca6
Define allowed app roots earlier
...
The autoloader needs to be run before including the app.php, otherwise it depends on what app gets executed first and apps that rely on the dependency of other apps in app.php may break.
2015-09-15 12:10:23 +02:00
1d315512ea
Merge pull request #19029 from owncloud/allow-tests-folder-in-autoloader
...
Allow /tests folder in autoloader by default
2015-09-15 12:06:45 +02:00
f2d63d3518
Disable automatic evaluation of responses
...
If a response to a $.ajax() request returns a content type of "application/javascript"
JQuery would previously execute the response body. This is a pretty unexpected
behaviour and can result in a bypass of our Content-Security-Policy as well as
multiple unexpected XSS vectors.
2015-09-15 11:42:13 +02:00
cd90685af1
Do not add sensitive request headers for cross domain requests
...
Prevents leaking the CSRF token to another third-party domain by mistake.
2015-09-15 11:42:13 +02:00
f8619870ea
Remove get_temp_dir()
2015-09-15 11:33:25 +02:00
65ebba44ce
Allow /tests folder in autoloader by default
...
Given the fact that "/tests" is not shipped by default and this has broken some applications and frustrated quite some people we should add "/tests" to the default allowed autoloading set.
I do consider the security impact marginally since the /tests folder is not shipped within the release as well as usually has a hard requirement on being called by phpunit.
2015-09-15 11:32:07 +02:00
5ca690e2f8
Use integer for availability instead of bool
2015-09-15 10:18:32 +02:00
24d2cbf3de
[tx-robot] updated from transifex
2015-09-15 01:54:50 -04:00
35d4851af2
Merge branch 'master' into fix-app-disable-route
2015-09-14 19:50:52 +01:00
d0cea82969
Fixed sidebar toggle entry
...
Properly highlight the row after selecting the item.
This also fixes the unit tests by changing the order of registration of
file actions.
2015-09-14 20:45:30 +02:00
8a6574e81a
Keep right sidebar open, add Details action
2015-09-14 20:45:30 +02:00
688981b55c
allow hook cancel
2015-09-14 20:35:33 +02:00
9202d2f45a
fix chunking tests
2015-09-14 20:35:33 +02:00
75f126da49
use the correct path for cache updates when doing chunked assembly
2015-09-14 20:35:33 +02:00
80f054ddd3
also verify cache in dav upload tests
2015-09-14 20:35:33 +02:00
6386327150
work directly on storages when doing a chunked upload assembly
2015-09-14 20:35:33 +02:00
b424151459
handle notfound exceptions in lock plugin
2015-09-14 20:35:33 +02:00
17b671ee25
adjust tests to handle before/after locking
2015-09-14 20:35:33 +02:00
e612d3123f
wrap the entire put operation in a read lock
2015-09-14 20:35:33 +02:00
209abaadbb
expose locking api in sabre connector
2015-09-14 20:35:33 +02:00
fb9e75edb6
Merge pull request #18973 from owncloud/try-fixing-app-config-on-oracle
...
Do not compare the value on Oracle
2015-09-14 17:59:52 +02:00
dad56921ae
Register valid root for all installed apps in console
...
We need to use commands from apps that aren't enabled (so don't get loaded).
2015-09-14 16:58:25 +01:00
6c6be72e6b
use zipstreamer via composer
2015-09-14 15:33:28 +02:00
2d0f0e898d
Only check the "was updated/inserted" when not on Oracle...
2015-09-14 15:27:06 +02:00
4a777d686b
Merge pull request #18966 from owncloud/ext-remove-numeric-id
...
Remove storing storage_id in mount.json
2015-09-14 15:04:23 +02:00
c39db52cfa
Use srcset to select best avatar size
...
* Allow the browser to select the best available avatar for the screen
2015-09-14 12:58:45 +02:00
be2023dae3
lib/private/files.php: adapted to minimally changed ZipStreamer API
2015-09-14 12:57:50 +02:00
1369525e7f
Merge pull request #18982 from owncloud/fix_18878
...
enforce loading icon in sidebar to be 32x32
2015-09-14 12:47:53 +02:00
f9b05578a6
Merge pull request #19012 from owncloud/occ_encrypt_all_fix_name
...
use the same pattern for the command name like every other command
2015-09-14 12:37:06 +02:00
341b733dec
Merge pull request #19010 from owncloud/use-proper-web-root
...
Use / instead of an empty string as cookie path
2015-09-14 12:14:46 +02:00
0e805d5310
Do not compare the value on Oracle
...
As per docs: http://docs.oracle.com/cd/E11882_01/server.112/e26088/conditions002.htm#i1033286
> Large objects (LOBs) are not supported in comparison conditions.
2015-09-14 12:14:25 +02:00
04db96adaf
Merge pull request #19006 from owncloud/individual-it-patch-1
...
allow ".." in folder names
2015-09-14 15:56:53 +05:45
69b64b5b10
use the same pattern for the command name like every other command
2015-09-14 12:00:39 +02:00
7f459c64cb
check for the right user if we can change his password
2015-09-14 11:49:16 +02:00
3adbfbfd69
Use / instead of an empty string as cookie path
...
When an empty string is used as cookie path PHP will assign the current directory as cookie path.
This means when an user had installed an ownCloud under "/", which is mapped to an empty string in \OC::$WEBROOT, and accessed it the cookie was set to values such as "/index.php/apps/files" since the web browser assumed this to be a directory. This means that multiple encryption cookies were set for the same domain resulting in potential havoc.
With this patch the path will be set to "/" in case an empty web root is installed which makes the cookie accessible to the whole domain.
To test this setup multiple ownCloud instances on the same domain under different ports and have both installed under "/", then try to login in both of it and previously this can in some cases lead to a lockout of the user.
Note that this affects the cookies that the browsers do sent and thus to test this you need to clear all cookies from your browser previously. I consider this an acceptable behaviour for now since this code is only in master.
Fixes https://github.com/owncloud/core/issues/18919
2015-09-14 11:22:34 +02:00
1601e8acfe
Added js tests for jquery.avatar
...
* Ceil avatar request size
2015-09-14 10:17:24 +02:00
211a243784
[tx-robot] updated from transifex
2015-09-14 01:55:35 -04:00
f7e66d49fc
allow ".." in folder names
...
".." are valid in folder names, only ".." by itself is invalid
fix for #18987
2015-09-14 10:42:00 +05:45
c15ba0d658
Merge pull request #18996 from owncloud/ext-swift-dependencycheck
...
Fix dependency check for Swift and SMB_OC
2015-09-13 22:41:07 +01:00
522619f90e
Fix dependency check for Swift and SMB_OC
...
Mistake caused during merging, where the API had changed
2015-09-13 21:41:02 +01:00
Robin Appelman
Thomas Müller
Lukas Reschke
Joas Schilling
Robin McCorkell
Jenkins for ownCloud
Vincent Petry
Nicolai Ehemann
Roeland Jago Douma
Björn Schießle
Individual IT Services
Bjoern Schiessle