Commit Graph

26872 Commits

Author SHA1 Message Date
Thomas Müller 2fc19635f6 Merge pull request #19014 from owncloud/dont-add-requestheaders-for-cross-domain-requests
Add security hardenings to $.ajax()
2015-09-16 00:16:31 +02:00
Thomas Müller d1f7087b6c Merge pull request #18979 from owncloud/sidebare-preview-fixes
Sidebare preview fixes
2015-09-16 00:12:25 +02:00
Thomas Müller f6f7d8cf94 Merge pull request #18938 from owncloud/occ_decrypt_all2
occ script to disable encryption and to decrypt all files again
2015-09-16 00:11:41 +02:00
Thomas Müller ac1239220d Merge pull request #19052 from owncloud/revert-14856-remote_avatars
Revert "Allow Remote avatars"
2015-09-16 00:10:00 +02:00
Bjoern Schiessle 9bd4f2d41e occ script to disable encryption and to decrypt all files again 2015-09-15 22:39:44 +02:00
Lukas Reschke 230029e509 Merge pull request #18368 from owncloud/version-retention
Add versions obligation
2015-09-15 19:32:07 +02:00
Lukas Reschke 82c2e0df7c Merge branch 'master' into version-retention 2015-09-15 19:29:06 +02:00
Robin Appelman 9883d5b85d Merge pull request #18915 from owncloud/node-getfoldercontents-use-view-logic
Use the view logic for getFolderContent for the node api
2015-09-15 18:04:01 +02:00
Robin Appelman e545c2eec5 Merge pull request #17811 from owncloud/dav-lock-wide
Wrap the entire dav PUT in a read lock
2015-09-15 17:22:00 +02:00
Jan-Christoph Borchardt accebae356 fix filename display in sidebar, fix #18981 2015-09-15 17:03:46 +02:00
Thomas Müller ae9ea244f2 Merge pull request #19043 from owncloud/fix-php-doc-of-encrypt-all
Function does return void
2015-09-15 17:03:34 +02:00
Thomas Müller a446b43bcc Revert "Allow Remote avatars" 2015-09-15 16:52:12 +02:00
Victor Dubiniuk cb529acc5c Follow PSR 2015-09-15 17:08:54 +03:00
Victor Dubiniuk d57f3bf9cc Update options description 2015-09-15 17:08:54 +03:00
Victor Dubiniuk c3dc5b0317 Add method docblock 2015-09-15 17:08:54 +03:00
Victor Dubiniuk f46b434a12 Namespacing, reusing 2015-09-15 17:08:54 +03:00
Victor Dubiniuk c3e055549e Improvements 2015-09-15 17:08:54 +03:00
Victor Dubiniuk b95d1e6683 Add quota status to expiration check 2015-09-15 17:08:54 +03:00
Victor Dubiniuk 7ef937d8ad Add versions obligation 2015-09-15 17:08:54 +03:00
Robin Appelman 8767c2b3be fix small mimetype icons 2015-09-15 15:40:42 +02:00
Frank Karlitschek 650e600b94 Merge pull request #18273 from owncloud/files-sidebar-toggle
Keep right sidebar open, add Details action
2015-09-15 14:45:34 +02:00
Robin Appelman 72cfeaf157 recognize eps, psd and illustrator as image 2015-09-15 14:32:07 +02:00
Robin Appelman 98966329bf crop to the center for landscape images 2015-09-15 14:32:07 +02:00
Robin Appelman a734606649 Various thumbnail fixes
- Show square images as portrait
- Set max height based on sidebar width
- cleanup
2015-09-15 14:32:07 +02:00
Robin Appelman 19e1d35373 Fix path for fileinfomodel in subdirectories 2015-09-15 14:29:37 +02:00
Robin Appelman 1c792b9f43 normal margins for portrait previews 2015-09-15 14:29:37 +02:00
Thomas Müller decdaf0018 Merge pull request #19024 from owncloud/remove-get_temp_dir
Remove get_temp_dir()
2015-09-15 14:18:29 +02:00
Thomas Müller 474f13c9d6 Merge pull request #19041 from owncloud/issue-19007-parameter-name
Fix parameter name to match the specs
2015-09-15 14:15:46 +02:00
Lukas Reschke 2f4a1c9c2c Merge branch 'master' into dont-add-requestheaders-for-cross-domain-requests 2015-09-15 14:04:40 +02:00
Lukas Reschke 7953cc9494 Function does return void
This function does return void and not a bool.
2015-09-15 14:02:10 +02:00
Thomas Müller e82a225d04 Merge pull request #18964 from owncloud/availability-integer
Use integer for availability instead of bool
2015-09-15 13:24:55 +02:00
Thomas Müller b6fe5b6f3c Merge pull request #19039 from owncloud/setup-autoloader-earlier
Define allowed app roots earlier
2015-09-15 13:24:35 +02:00
Joas Schilling 665716095b Fix parameter name to match the specs 2015-09-15 12:14:14 +02:00
Lukas Reschke 8e1b403b16 Catch apps which have been removed manually 2015-09-15 12:10:23 +02:00
Lukas Reschke 4680691ca6 Define allowed app roots earlier
The autoloader needs to be run before including the app.php, otherwise it depends on what app gets executed first and apps that rely on the dependency of other apps in app.php may break.
2015-09-15 12:10:23 +02:00
Thomas Müller 1d315512ea Merge pull request #19029 from owncloud/allow-tests-folder-in-autoloader
Allow /tests folder in autoloader by default
2015-09-15 12:06:45 +02:00
Lukas Reschke f2d63d3518 Disable automatic evaluation of responses
If a response to a $.ajax() request returns a content type of "application/javascript"
JQuery would previously execute the response body. This is a pretty unexpected
behaviour and can result in a bypass of our Content-Security-Policy as well as
multiple unexpected XSS vectors.
2015-09-15 11:42:13 +02:00
Lukas Reschke cd90685af1 Do not add sensitive request headers for cross domain requests
Prevents leaking the CSRF token to another third-party domain by mistake.
2015-09-15 11:42:13 +02:00
Robin McCorkell f8619870ea Remove get_temp_dir() 2015-09-15 11:33:25 +02:00
Lukas Reschke 65ebba44ce Allow /tests folder in autoloader by default
Given the fact that "/tests" is not shipped by default and this has broken some applications and frustrated quite some people we should add "/tests" to the default allowed autoloading set.

I do consider the security impact marginally since the /tests folder is not shipped within the release as well as usually has a hard requirement on being called by phpunit.
2015-09-15 11:32:07 +02:00
Robin McCorkell 5ca690e2f8 Use integer for availability instead of bool 2015-09-15 10:18:32 +02:00
Jenkins for ownCloud 24d2cbf3de [tx-robot] updated from transifex 2015-09-15 01:54:50 -04:00
Vincent Petry d0cea82969 Fixed sidebar toggle entry
Properly highlight the row after selecting the item.
This also fixes the unit tests by changing the order of registration of
file actions.
2015-09-14 20:45:30 +02:00
Vincent Petry 8a6574e81a Keep right sidebar open, add Details action 2015-09-14 20:45:30 +02:00
Robin Appelman 688981b55c allow hook cancel 2015-09-14 20:35:33 +02:00
Robin Appelman 9202d2f45a fix chunking tests 2015-09-14 20:35:33 +02:00
Robin Appelman 75f126da49 use the correct path for cache updates when doing chunked assembly 2015-09-14 20:35:33 +02:00
Robin Appelman 80f054ddd3 also verify cache in dav upload tests 2015-09-14 20:35:33 +02:00
Robin Appelman 6386327150 work directly on storages when doing a chunked upload assembly 2015-09-14 20:35:33 +02:00
Robin Appelman b424151459 handle notfound exceptions in lock plugin 2015-09-14 20:35:33 +02:00