Lukas Reschke
2da43e3751
Do not allow directory traversal using "../"
...
We should not allow directory traversals using "../" here.
To test access the following URL once with and then without this patch:
http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
2016-07-01 13:33:00 +02:00
Morris Jobke
23cc465b0d
Merge pull request #254 from nextcloud/fix-229-stable9
...
[stable9] get only vcard which match both the address book id and the vcard uri
2016-06-30 17:43:46 +02:00
Björn Schießle
eed6c6a8b9
Merge pull request #266 from nextcloud/fix-262
...
[stable9] getShareByToken() should also consider remote shares
2016-06-30 17:17:21 +02:00
Lukas Reschke
d52343fc4e
Merge pull request #260 from nextcloud/fix-versions-stable9
...
[stable9] check permissions before rollback
2016-06-30 17:15:28 +02:00
Lukas Reschke
912f07e2a9
Merge pull request #249 from nextcloud/add-exemption-for-acs
...
[stable9] Add exemption for ACS endpoint
2016-06-30 17:06:11 +02:00
Marius Blüm
1f9735b204
Merge pull request #261 from nextcloud/stable9-fix243
...
[stable9] targets 3rdparty submodule from Nc instead of oC
2016-06-30 17:05:36 +02:00
Morris Jobke
07c43751d1
Merge pull request #265 from nextcloud/stable9-add-wnd
...
[stable9] Backport WND
2016-06-30 16:47:29 +02:00
Bjoern Schiessle
347787d92c
getShareByToken() should also consider remote shares
2016-06-30 16:45:13 +02:00
Marius Blüm
212ff8ef6f
Merge pull request #251 from nextcloud/make-it-user-saml
...
Mark user_saml official and kill user_shibboleth
2016-06-30 16:36:23 +02:00
Morris Jobke
be7980c826
Merge pull request #263 from nextcloud/dav-permission-check-stable9
...
add some additonal permission checks to the webdav backend
2016-06-30 15:59:21 +02:00
Lukas Reschke
da0666e4f0
Name method properly
2016-06-30 15:37:33 +02:00
Lukas Reschke
a80af7079d
[stable9] Backport WND
...
Backports:
- https://github.com/nextcloud/server/pull/233
- https://github.com/nextcloud/server/pull/190
- https://github.com/nextcloud/server/pull/188
2016-06-30 15:36:03 +02:00
Lukas Reschke
29929c9728
Merge pull request #240 from nextcloud/password_policy_events_stable9
...
[stable9] add events to check passwords with the password policy app
2016-06-30 15:06:40 +02:00
Bjoern Schiessle
3491400261
add some additonal permission checks to the webdav backend
2016-06-30 15:05:13 +02:00
Marius Blüm
4b05f1c7b4
targets 3rdparty submodule from Nc instead of oC
...
* backport of #245
* fixes #243
2016-06-30 14:51:47 +02:00
Lukas Reschke
723cf78169
Merge pull request #259 from nextcloud/stable9-set-disposition
...
[stable9] Set content-type to "application/octet-stream"
2016-06-30 14:29:11 +02:00
Bjoern Schiessle
1208953ba1
check permissions before rollback
2016-06-30 14:22:40 +02:00
Lukas Reschke
94975af6db
[stable9] Set content-type to "application/octet-stream"
...
Some browsers such as Firefox on Microsoft Windows otherwise do offer to open the file directly which is kinda silly.
Backport of https://github.com/nextcloud/server/pull/258
2016-06-30 13:04:54 +02:00
Bjoern Schiessle
6a61cc0e35
get only vcard which match both the address book id and the vcard uri
2016-06-30 10:46:21 +02:00
Lukas Reschke
5037d097e1
Mark user_saml official and kill user_shibboleth
2016-06-30 00:52:56 +02:00
Lukas Reschke
f56ea98993
Add exemption for ACS endpoint
...
In a SAML scenario we don't get any strict or lax cookie send for
the ACS endpoint. Since we have some legacy code in Nextcloud
(direct PHP files) the enforcement of lax cookies is performed here
instead of the middleware.
This means we cannot exclude some routes from the cookie validation,
which normally is not a problem but is a little bit cumbersome for
this use-case.
Once the old legacy PHP endpoints have been removed we can move
the verification into a middleware and also adds some exemptions.
Not super awesome code to have but the best that I could come up
with that doesn't add another ton of technical debt.
2016-06-29 19:51:27 +02:00
Bjoern Schiessle
27059107f8
add events to check passwords with the password policy app
2016-06-28 11:43:23 +02:00
Lukas Reschke
95f6dd909b
Merge pull request #227 from nextcloud/stable9-channel-should-be-inside-config
...
[stable9] Move OC_Channel to system config
2016-06-27 21:20:36 +02:00
Lukas Reschke
9f7141d26d
Move OC_Channel to system config
...
The Nextcloud and ownCloud updaters allow someone to configure a custom release channel, this can then be used to publish different versions. (e.g. one channel stays on 9.x while another one already gets 10.x)
There is however one big problem with it: The value is effectively stored in the app config, which is stored in the database. So to be able to read the update channel a connection to the database is necessary. This is quite error prone and also causes some of the issues in the original ownCloud updater.
This moves the channel registration to the config.php and also includes a repair step.
2016-06-27 17:13:40 +02:00
Marius Blüm
efc4a1b3bf
Merge pull request #228 from nextcloud/show-updater-all-the-time
...
Revert "[stable9] Don't show the updater if updater is incompatible"
2016-06-27 06:53:20 +02:00
Morris Jobke
62391e9776
Merge pull request #210 from Zollak/stable9-config-sample
...
[stable9] changed ownCloud to Nextcloud, updated config options
2016-06-26 23:59:44 +02:00
Patric Lenhart
c9898fac4a
removed more options that are not in stable9
2016-06-26 23:32:40 +02:00
Lukas Reschke
f896470542
Revert "[stable9] Don't show the updater if updater is incompatible"
...
This reverts commit 5e2bf16db1
.
2016-06-26 17:33:05 +02:00
Patric Lenhart
506e739a20
removed parameter that is not relevant for stable9
2016-06-26 15:17:38 +02:00
Lukas Reschke
49a916fb46
Merge pull request #225 from nextcloud/stable9-upstream-sync
...
[Stable9] upstream sync
2016-06-26 14:50:58 +02:00
Lukas Reschke
dcb5f00461
Merge remote-tracking branch 'upstream/stable9' into stable9-upstream-sync
2016-06-26 12:48:19 +02:00
Christoph Wurst
907c90165a
Merge pull request #25256 from owncloud/stable9-setupchecks-preventreload
...
[stable9] Don't reload page in case of auth errors during setup checks
2016-06-24 17:12:42 +02:00
Marius Blüm
ea327cdea1
Merge pull request #216 from nextcloud/stable9-replace-occurence-of-owncloud-by-nextcloud
...
[stable9] Replace occurence of "ownCloud" by "Nextcloud"
2016-06-24 15:01:53 +02:00
Marius Blüm
7a3aafda96
Replace occurence of "ownCloud" by "Nextcloud"
...
* backport of #214
2016-06-24 12:50:43 +02:00
Vincent Petry
e366ed6485
Don't reload page in case of auth errors during setup checks
...
If an error occurs during setup checks, do not let the global ajax
error handler reload the page.
2016-06-24 09:51:26 +02:00
Vincent Petry
eb8e151458
Merge pull request #25248 from owncloud/stable9-unique_targets
...
[stable9] On mount make sure multiple shares with same target map to unique one…
2016-06-23 18:08:54 +02:00
Patric Lenhart
2cf4ae2925
changed ownCloud to Nextcloud, updated config options
2016-06-23 16:11:56 +02:00
Roeland Douma
b6192c39d8
On mount make sure multiple shares with same target map to unique ones ( #23937 )
...
Scenario:
user0 shares a folder 'foo' with user2
user1 shares a folder 'foo' with user2
user2 logs in
Before: show only the 'foo' from user1
After: show both.
* Added intergration tests
2016-06-23 14:27:51 +02:00
Vincent Petry
3aaa33d9d4
Merge pull request #25228 from owncloud/stable9-enc-revertversionsize
...
[stable9] Rollback version must also adjust cached size
2016-06-22 18:11:20 +02:00
Vincent Petry
880ff122f1
Rollback version must also adjust cached size
2016-06-22 15:18:19 +02:00
Lukas Reschke
bab4f65388
Merge pull request #203 from nextcloud/fix_audit_log-stable9
...
[stable9] don't try to log the currently logged in user, this fails on cronjobs
2016-06-22 15:09:57 +02:00
Bjoern Schiessle
a7766ca72e
don't try to log the currently logged in user, this fails on cronjobs. The users are logged anyway
2016-06-22 14:39:07 +02:00
Morris Jobke
e26386e372
Merge pull request #200 from nextcloud/stable9-backport-197
...
[stable9] some text-changes to nextcloud
2016-06-22 11:01:55 +02:00
Björn Schießle
29a83d8ac6
Merge pull request #199 from nextcloud/stable9-backport-194
...
[stable9] default.php for nextcloud
2016-06-22 10:40:42 +02:00
Joachim Sokolowski
b1d60eb738
some text-changes to nextcloud
2016-06-22 10:22:55 +02:00
Joachim Sokolowski
e69f0cbdec
default.php for nextcloud
...
changing it to nextcloud
2016-06-22 10:10:09 +02:00
Marius Blüm
a9a7e0edee
Merge pull request #192 from nextcloud/drop-authtoken
...
Drop old authtoken table (pre 5.0.0)
2016-06-21 21:28:01 +02:00
Marius Blüm
ce3437e755
Merge pull request #193 from nextcloud/stable9-backport-191
...
[stable9] Add postgres to CI
2016-06-21 21:23:20 +02:00
Morris Jobke
8153290dd6
Add postgres to CI
2016-06-21 16:49:40 +02:00
Morris Jobke
ce7d9998dc
Drop old authtoken table (pre 5.0.0)
...
* fixes #155
2016-06-21 16:35:08 +02:00