Commit Graph

99 Commits

Author SHA1 Message Date
Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Lukas Reschke b6d8a48ce1 Add detection for invalid CLI configuration for settings page
This change will log all failures that prevent the CLI cronjob from happening to the database and display a warning to administrators when an error happened.

To test:

1. Configure some invalid CLI php.ini settings
2. Enable the CLI cronjob and run php cron.php
3. See the errors printed and also in the admin page
4. Configure the CLI settings correctly
5. Errors should be gone.

Fixes https://github.com/owncloud/core/issues/13994
2015-02-27 20:20:34 +01:00
Thomas Müller f72f9e0159 Merge pull request #14530 from owncloud/revert-14403
Revert "Updating license headers"
2015-02-27 00:39:29 -08:00
Morris Jobke 06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Lukas Reschke 06cf93e6ee Move UTF-8 check to setup
Nobody reads the warnings anyways and so we should enforce it at installation time... Also allows us to get rid of some duplicated code.

To test change the `default_charset` to something other than `utf-8` or `UTF-8`, both should work fine with that change here. An error should then get shown.

We already set those default charsets in the shipped .user.ini and .htaccess
2015-02-24 23:51:36 +01:00
Jenkins for ownCloud 6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Lukas Reschke b701bbd8c5 Use APCu only if available in version 4.0.6 and higher
APCu before 4.0.6 is unbelievable buggy and tend to segfault the PHP process (i.e. the whole webserver)

This potentially fixes https://github.com/owncloud/core/issues/14175

Requires a backport to stable8
2015-02-17 13:28:02 +01:00
Lukas Reschke 886bda5f81 Refactor OC_Request into TrustedDomainHelper and IRequest
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.

This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.

Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.

Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
2015-02-16 22:13:00 +01:00
Frank Karlitschek 828d7d6cf5 add a Windows warning 2015-01-20 13:37:50 +01:00
Morris Jobke 7b9343f385 fix typo - caused by 3d997e8c62 2015-01-18 22:08:11 +01:00
Morris Jobke 6a5f12beca Merge pull request #12988 from owncloud/logfile_download
Logfile download
2015-01-09 00:33:22 +01:00
Georg Ehrke f579f2bd94 add Download logfile button to admin settings
add logSettingsController

add download logfile button

move getEntries to LogSettingsController

move set log level to logsettingscontroller.php

add warning if logfile is bigger than 100MB

add unit test for set log level

fix typecasting, add new line at EoF

show log and logfile download only if log_type is set to owncloud

add unit test for getFilenameForDownload
2015-01-07 14:55:53 +01:00
Joas Schilling 3d997e8c62 Fix incorrect warning about setting the overwrite.cli.url 2015-01-07 09:02:33 +01:00
Joas Schilling 539c0aeb04 Add an option to disallow sending sharing emails to non-owncloud users
Fix #10836
2014-12-09 11:32:39 +01:00
Lukas Reschke 8b9cc5c25b Remove unexisting `htAccessWorkinght`
Partially fixes https://github.com/owncloud/core/issues/12690 - remark to myself: improve grep skills.
2014-12-08 11:25:32 +01:00
Lukas Reschke 2b76227180 Check for working .htaccess via AJAX
Fixes https://github.com/owncloud/core/issues/12650
2014-12-06 15:34:53 +01:00
Lukas Reschke 1b0bc2e099 PHP 5.4 is now required for master
🍻
2014-12-04 10:46:38 +01:00
Lukas Reschke fc116f563f Allow read-only configuration
Workaround required for IIS setups running ownCloud to prevent dataloss.

Long-term solution would be to move some configuration settings to the database
2014-11-25 16:26:47 +01:00
Joas Schilling 64421d76fd Deduplicate function by moving it to the OC_Helper 2014-11-20 12:37:59 +01:00
Joas Schilling e32968cfce Remove exec() call with invalid name on windows
Currently running unit tests prints the following message 3 times:
The command "command" is misspelt or could not be found.
Instead of trying this, we just skip this now.
2014-11-19 17:04:55 +01:00
Thomas Müller 5aaea6961c Merge pull request #12110 from owncloud/fix-12080
add 'namespace' for automatically created navigation divs, fixes #12080
2014-11-12 11:25:42 +01:00
Arthur Schiwon c5c74792d1 add 'namespace' for automatically created navigation divs, fixes #12080 2014-11-12 10:42:44 +01:00
Lukas Reschke e73ccbd4ca Migrate "setsecurity.php" to the AppFramework
Add switch to enforce SSL for subdomains

Add unit tests

Add test for boolean values

Camel-case

Fix ugly JS
2014-11-03 16:53:03 +01:00
Thomas Müller 1076a77840 fix loading of more log entries 2014-10-30 14:59:13 +01:00
Thomas Müller d9db791c67 introduce sidebar for admin page 2014-10-30 13:44:40 +01:00
Lukas Reschke 2d2a4741ce Make files non executable
There is not much sense in having these files marked executable, we should avoid that.
2014-10-24 11:14:51 +02:00
Vincent Petry e65ceb08fc Moved WebDAV and internet checks to client side JS
- Added setup checks in JavaScript
- Moved isWebDAVWorking to JS using SetupChecks
- Moved internet connection checks to an ajax call that goes through the
  server
2014-09-23 11:16:14 +02:00
Vincent Petry a064536ec1 Fixed select2 for admin and apps page
Added explicit escaping.
Now internally using a pipe symbol as separator for select2, to make it
possible to use group names containing commas.
2014-09-10 14:30:02 +02:00
Vincent Petry 0d28ba0662 Added select2 on the apps page
Moved setupGroupsSelect() from admin.js to a common settings.js
as OC.Settings.setupGoupsSelect().

Now using select2 as well on the apps page.
2014-09-09 18:04:00 +02:00
Vincent Petry 4a27f4b8b5 Load select2 on admin page 2014-09-09 18:03:05 +02:00
Vincent Petry d23621536c Now using select2 for the groups excluded from sharing 2014-09-09 18:03:05 +02:00
Lukas Reschke c13a8acbb5 Don't show warning when has_internet_connection is set to false
Revert

Add disabled
2014-09-05 15:58:33 +02:00
Joas Schilling 64d64610d2 Add a note about overwritewebroot when using system cron
If the current webroot is non-empty but the webroot from the config is,
and system cron is used, the URL generator fails to build valid URLs.
So we notify the admin to set it up correctly.

Fix #9995
2014-08-18 11:10:22 +02:00
Thomas Müller 3e493501da Merge pull request #9890 from owncloud/check-php-charset-master
setting and checking default_charset in php.ini to be UTF-8
2014-08-11 22:11:11 +02:00
Thomas Müller 673a8bb2b8 only call exec() if allowed to 2014-07-29 16:59:40 +02:00
Thomas Müller 07dc0b2fdf setting and checking default_charset in php.ini to be UTF-8 2014-07-25 09:53:25 +02:00
Steffen Lindner 1b871da59e Fixes typo with sendmail detection - fixes #9203 2014-06-30 15:01:12 +02:00
Bjoern Schiessle 6578f00b4b unify share settings 2014-06-05 15:49:34 +02:00
Thomas Müller cfc1d5623e Merge pull request #8840 from owncloud/share_settings
by default don't show option to send mail notifications for shares
2014-06-03 16:42:44 +02:00
Morris Jobke 25c676f203 simplify SQLite warning 2014-06-03 12:02:23 +02:00
Morris Jobke f88482355f check for user count and files count 2014-06-03 11:39:16 +02:00
Bjoern Schiessle 8e583f55dc set "allow users to send mail notification for shared files default" setting to "no" now that we have the activity app 2014-06-03 11:29:28 +02:00
Morris Jobke 68a4fd44e6 add notification on admin page 2014-06-03 08:01:39 +02:00
Thomas Müller 555b9cc245 Merge pull request #7614 from owncloud/test_annotations_working
Check if ReflectionMethod::getDocComment is working
2014-05-30 22:17:30 +02:00
Bjoern Schiessle 12338e0ef0 allow admin to disable sharing for specific groups of users 2014-05-22 10:43:44 +02:00
Thomas Müller 30f1ec2521 Merge branch 'master' into test_annotations_working
Conflicts:
	lib/private/util.php
2014-05-19 21:42:30 +02:00
Bjoern Schiessle b6e14af861 allow admin to enforce passwords for public link shares 2014-05-16 17:41:09 +02:00
Thomas Tanghus 287c8981bc Check if ReflectionMethod::getDocComment is working 2014-05-09 22:44:55 +02:00
Bjoern Schiessle 6650be9913 add setting to set default expire date 2014-04-24 13:34:31 +02:00
Lukas Reschke e88731a477 Some more PHPDoc fixes 2014-04-21 15:44:54 +02:00