Commit Graph

31538 Commits

Author SHA1 Message Date
Lukas Reschke 2da43e3751
Do not allow directory traversal using "../"
We should not allow directory traversals using "../" here.

To test access the following URL once with and then without this patch:

http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
2016-07-01 13:33:00 +02:00
Morris Jobke 23cc465b0d Merge pull request #254 from nextcloud/fix-229-stable9
[stable9] get only vcard which match both the address book id and the vcard uri
2016-06-30 17:43:46 +02:00
Björn Schießle eed6c6a8b9 Merge pull request #266 from nextcloud/fix-262
[stable9] getShareByToken() should also consider remote shares
2016-06-30 17:17:21 +02:00
Lukas Reschke d52343fc4e Merge pull request #260 from nextcloud/fix-versions-stable9
[stable9] check permissions before rollback
2016-06-30 17:15:28 +02:00
Lukas Reschke 912f07e2a9 Merge pull request #249 from nextcloud/add-exemption-for-acs
[stable9] Add exemption for ACS endpoint
2016-06-30 17:06:11 +02:00
Marius Blüm 1f9735b204 Merge pull request #261 from nextcloud/stable9-fix243
[stable9] targets 3rdparty submodule from Nc instead of oC
2016-06-30 17:05:36 +02:00
Morris Jobke 07c43751d1 Merge pull request #265 from nextcloud/stable9-add-wnd
[stable9] Backport WND
2016-06-30 16:47:29 +02:00
Bjoern Schiessle 347787d92c
getShareByToken() should also consider remote shares 2016-06-30 16:45:13 +02:00
Marius Blüm 212ff8ef6f Merge pull request #251 from nextcloud/make-it-user-saml
Mark user_saml official and kill user_shibboleth
2016-06-30 16:36:23 +02:00
Morris Jobke be7980c826 Merge pull request #263 from nextcloud/dav-permission-check-stable9
add some additonal permission checks to the webdav backend
2016-06-30 15:59:21 +02:00
Lukas Reschke da0666e4f0
Name method properly 2016-06-30 15:37:33 +02:00
Lukas Reschke a80af7079d
[stable9] Backport WND
Backports:

- https://github.com/nextcloud/server/pull/233
- https://github.com/nextcloud/server/pull/190
- https://github.com/nextcloud/server/pull/188
2016-06-30 15:36:03 +02:00
Lukas Reschke 29929c9728 Merge pull request #240 from nextcloud/password_policy_events_stable9
[stable9] add events to check passwords with the password policy app
2016-06-30 15:06:40 +02:00
Bjoern Schiessle 3491400261
add some additonal permission checks to the webdav backend 2016-06-30 15:05:13 +02:00
Marius Blüm 4b05f1c7b4 targets 3rdparty submodule from Nc instead of oC
* backport of #245
* fixes #243
2016-06-30 14:51:47 +02:00
Lukas Reschke 723cf78169 Merge pull request #259 from nextcloud/stable9-set-disposition
[stable9] Set content-type to "application/octet-stream"
2016-06-30 14:29:11 +02:00
Bjoern Schiessle 1208953ba1
check permissions before rollback 2016-06-30 14:22:40 +02:00
Lukas Reschke 94975af6db
[stable9] Set content-type to "application/octet-stream"
Some browsers such as Firefox on Microsoft Windows otherwise do offer to open the file directly which is kinda silly.

Backport of https://github.com/nextcloud/server/pull/258
2016-06-30 13:04:54 +02:00
Bjoern Schiessle 6a61cc0e35
get only vcard which match both the address book id and the vcard uri 2016-06-30 10:46:21 +02:00
Lukas Reschke 5037d097e1 Mark user_saml official and kill user_shibboleth 2016-06-30 00:52:56 +02:00
Lukas Reschke f56ea98993
Add exemption for ACS endpoint
In a SAML scenario we don't get any strict or lax cookie send for
the ACS endpoint. Since we have some legacy code in Nextcloud
(direct PHP files) the enforcement of lax cookies is performed here
instead of the middleware.

This means we cannot exclude some routes from the cookie validation,
which normally is not a problem but is a little bit cumbersome for
this use-case.

Once the old legacy PHP endpoints have been removed we can move
the verification into a middleware and also adds some exemptions.

Not super awesome code to have but the best that I could come up
with that doesn't add another ton of technical debt.
2016-06-29 19:51:27 +02:00
Bjoern Schiessle 27059107f8
add events to check passwords with the password policy app 2016-06-28 11:43:23 +02:00
Lukas Reschke 95f6dd909b Merge pull request #227 from nextcloud/stable9-channel-should-be-inside-config
[stable9] Move OC_Channel to system config
2016-06-27 21:20:36 +02:00
Lukas Reschke 9f7141d26d
Move OC_Channel to system config
The Nextcloud and ownCloud updaters allow someone to configure a custom release channel, this can then be used to publish different versions. (e.g. one channel stays on 9.x while another one already gets 10.x)

There is however one big problem with it: The value is effectively stored in the app config, which is stored in the database. So to be able to read the update channel a connection to the database is necessary. This is quite error prone and also causes some of the issues in the original ownCloud updater.

This moves the channel registration to the config.php and also includes a repair step.
2016-06-27 17:13:40 +02:00
Marius Blüm efc4a1b3bf Merge pull request #228 from nextcloud/show-updater-all-the-time
Revert "[stable9] Don't show the updater if updater is incompatible"
2016-06-27 06:53:20 +02:00
Morris Jobke 62391e9776 Merge pull request #210 from Zollak/stable9-config-sample
[stable9] changed ownCloud to Nextcloud, updated config options
2016-06-26 23:59:44 +02:00
Patric Lenhart c9898fac4a removed more options that are not in stable9 2016-06-26 23:32:40 +02:00
Lukas Reschke f896470542
Revert "[stable9] Don't show the updater if updater is incompatible"
This reverts commit 5e2bf16db1.
2016-06-26 17:33:05 +02:00
Patric Lenhart 506e739a20 removed parameter that is not relevant for stable9 2016-06-26 15:17:38 +02:00
Lukas Reschke 49a916fb46 Merge pull request #225 from nextcloud/stable9-upstream-sync
[Stable9] upstream sync
2016-06-26 14:50:58 +02:00
Lukas Reschke dcb5f00461
Merge remote-tracking branch 'upstream/stable9' into stable9-upstream-sync 2016-06-26 12:48:19 +02:00
Christoph Wurst 907c90165a Merge pull request #25256 from owncloud/stable9-setupchecks-preventreload
[stable9] Don't reload page in case of auth errors during setup checks
2016-06-24 17:12:42 +02:00
Marius Blüm ea327cdea1 Merge pull request #216 from nextcloud/stable9-replace-occurence-of-owncloud-by-nextcloud
[stable9] Replace occurence of "ownCloud" by "Nextcloud"
2016-06-24 15:01:53 +02:00
Marius Blüm 7a3aafda96 Replace occurence of "ownCloud" by "Nextcloud"
* backport of #214
2016-06-24 12:50:43 +02:00
Vincent Petry e366ed6485
Don't reload page in case of auth errors during setup checks
If an error occurs during setup checks, do not let the global ajax
error handler reload the page.
2016-06-24 09:51:26 +02:00
Vincent Petry eb8e151458 Merge pull request #25248 from owncloud/stable9-unique_targets
[stable9] On mount make sure multiple shares with same target map to unique one…
2016-06-23 18:08:54 +02:00
Patric Lenhart 2cf4ae2925 changed ownCloud to Nextcloud, updated config options 2016-06-23 16:11:56 +02:00
Roeland Douma b6192c39d8
On mount make sure multiple shares with same target map to unique ones (#23937)
Scenario:
user0 shares a folder 'foo' with user2
user1 shares a folder 'foo' with user2
user2 logs in

Before: show only the 'foo' from user1

After: show both.

* Added intergration tests
2016-06-23 14:27:51 +02:00
Vincent Petry 3aaa33d9d4 Merge pull request #25228 from owncloud/stable9-enc-revertversionsize
[stable9] Rollback version must also adjust cached size
2016-06-22 18:11:20 +02:00
Vincent Petry 880ff122f1
Rollback version must also adjust cached size 2016-06-22 15:18:19 +02:00
Lukas Reschke bab4f65388 Merge pull request #203 from nextcloud/fix_audit_log-stable9
[stable9] don't try to log the currently logged in user, this fails on cronjobs
2016-06-22 15:09:57 +02:00
Bjoern Schiessle a7766ca72e
don't try to log the currently logged in user, this fails on cronjobs. The users are logged anyway 2016-06-22 14:39:07 +02:00
Morris Jobke e26386e372 Merge pull request #200 from nextcloud/stable9-backport-197
[stable9] some text-changes to nextcloud
2016-06-22 11:01:55 +02:00
Björn Schießle 29a83d8ac6 Merge pull request #199 from nextcloud/stable9-backport-194
[stable9] default.php for nextcloud
2016-06-22 10:40:42 +02:00
Joachim Sokolowski b1d60eb738
some text-changes to nextcloud 2016-06-22 10:22:55 +02:00
Joachim Sokolowski e69f0cbdec
default.php for nextcloud
changing it to nextcloud
2016-06-22 10:10:09 +02:00
Marius Blüm a9a7e0edee Merge pull request #192 from nextcloud/drop-authtoken
Drop old authtoken table (pre 5.0.0)
2016-06-21 21:28:01 +02:00
Marius Blüm ce3437e755 Merge pull request #193 from nextcloud/stable9-backport-191
[stable9] Add postgres to CI
2016-06-21 21:23:20 +02:00
Morris Jobke 8153290dd6
Add postgres to CI 2016-06-21 16:49:40 +02:00
Morris Jobke ce7d9998dc
Drop old authtoken table (pre 5.0.0)
* fixes #155
2016-06-21 16:35:08 +02:00