Morris Jobke
e8c359d86e
Merge pull request #1897 from nextcloud/fix-public-button
...
fix button on public upload page for mobile
2016-10-25 11:03:21 +02:00
Joas Schilling
890f752a6b
Merge pull request #1452 from nextcloud/appconfig-endpoint
...
Appconfig endpoint
2016-10-25 10:57:48 +02:00
Lukas Reschke
79706e0ddc
Merge pull request #1283 from nextcloud/us_files-ui-webdav-upload
...
Use Webdav PUT for uploads
2016-10-25 10:31:03 +02:00
Roeland Jago Douma
5926da3dd6
Merge pull request #1898 from nextcloud/fix-php-version-check
...
Nextcloud runs only on PHP 5.6+
2016-10-25 10:15:13 +02:00
Roeland Jago Douma
593d52fe91
Fix and cleanup SessionTest
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 09:34:27 +02:00
Vincent Petry
6d1e858aa4
Fix logClientIn for non-existing users ( #26292 )
...
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.
This prevents throwing PasswordLoginForbidden for non-existing users.
2016-10-25 09:34:27 +02:00
Morris Jobke
6df90909f0
Nextcloud runs only on PHP 5.6+
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-25 09:20:03 +02:00
Roeland Jago Douma
1ff328ae65
Merge pull request #1823 from nextcloud/filepicker-folder-fix
...
Fix picking a folder with the filepicker
2016-10-25 08:22:59 +02:00
Roeland Jago Douma
60fa82d92f
Merge pull request #1860 from ryanwr/feature-sort-favorite
...
Sort favorite files first
2016-10-25 08:22:33 +02:00
Roeland Jago Douma
44e9f5d5a1
Merge pull request #1850 from nextcloud/filepicker-empty-folder
...
show empty folder message in filepicker
2016-10-25 08:20:57 +02:00
Jan-Christoph Borchardt
d4515ae603
fix button on public upload page
...
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-10-24 23:26:56 +02:00
Morris Jobke
ee8b8adf7a
Update autoload files 🙈
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 21:50:22 +02:00
Roeland Jago Douma
c8a13f644e
Only enable files_drop plugin when we actuall do files_drop
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Roeland Jago Douma
0abcc630a5
Fix public files_drop page
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Roeland Jago Douma
7a6dbeb398
Make files_drop work
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Roeland Jago Douma
e73a11d106
Fix permision mask
...
If we move a file from the temp part file to the original file we don't
need update permissions.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
f374eb5f1d
More fixes to file upload
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
f72ffa2f11
Fix js unit tests for webdav put upload changes
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
786e858d23
Add support for chunked upload
...
Hacked around Blueimp's jquery.fileupload to make it work with our new
chunking API.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
c68e273664
Goodbye Iframe transport !
...
Not needed any more in IE >= 11
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
25d9dce067
JS utility function to compare paths
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
59c5be1cc5
Use Webdav PUT for uploads in the web browser
...
- uses PUT method with jquery.fileupload for regular and public file
lists
- for IE and browsers that don't support it, use POST with iframe
transport
- implemented Sabre plugin to handle iframe transport and redirect the
embedded PUT request to the proper handler
- added RFC5995 POST to file collection with "add-member" property to
make it possible to auto-rename conflicting file names
- remove obsolete ajax/upload.php and obsolete ajax routes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Morris Jobke
8a231a4223
Merge pull request #1829 from nextcloud/downstream-26256
...
Fix login page handling for disabled users
2016-10-24 21:35:53 +02:00
Morris Jobke
ced3aeacb1
dump autoloader
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 21:31:03 +02:00
Morris Jobke
567e28b01a
Merge pull request #1885 from nextcloud/downstream-26295
...
App dependencies are now analysed on app enable as well - not only on…
2016-10-24 21:26:50 +02:00
Roeland Jago Douma
72b5206c44
Merge pull request #1886 from nextcloud/downstream-26385
...
Remove checks about running on Windows
2016-10-24 21:15:54 +02:00
Roeland Jago Douma
112641236b
Merge pull request #1881 from nextcloud/downstream-26354
...
log error when setting timezone to UTC fails
2016-10-24 21:14:59 +02:00
Morris Jobke
f920153f16
Throw exception because the logger causes session issues anyway that early in the request cycle
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 21:14:44 +02:00
Jörn Friedrich Dreyer
2e0e68b57f
log error when setting timezone to UTC fails ( #26354 )
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:14:40 +02:00
Roeland Jago Douma
4d01f23978
Merge pull request #1879 from nextcloud/fix-missing-import
...
Import the used classes
2016-10-24 21:12:24 +02:00
Morris Jobke
0bfd530b24
Merge pull request #1892 from nextcloud/refactor-readme
...
Refactor README
2016-10-24 19:17:06 +02:00
ryanwr
3e96f33995
Sort favorite files first Issue #1802
...
Signed-off-by: Ryan Welch <ryantwr@gmail.com>
2016-10-24 17:55:47 +01:00
Marius Blüm
a48c7316e2
Refactor README
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2016-10-24 18:29:21 +02:00
Jörn Friedrich Dreyer
817729dc3f
add upgrade command before repair, handle NeedsUpgradeExcaption better
2016-10-24 17:52:49 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Morris Jobke
cfae91ab64
Merge pull request #1828 from nextcloud/avatar-picker-improvements
...
Avatar picker improvements
2016-10-24 16:33:18 +02:00
RealRancor
14b1d946a8
Remove checks whether OC is running on Windows pt. 2
2016-10-24 16:12:17 +02:00
Thomas Müller
03ec052b4e
App dependencies are now analysed on app enable as well - not only on app install.
2016-10-24 15:59:46 +02:00
Vincent Petry
44cf67accd
Storage 503 message improvements
...
"Storage not available" is now "Storage temporarily not available".
Exceptions are now logged in DEBUG level, not FATAL.
2016-10-24 15:43:15 +02:00
Roeland Jago Douma
a28528a254
Add ShareesAPI E-mail search
...
* Allow to search for SHARE_TYPE_EMAIL (4)
* Added tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 14:59:32 +02:00
Joas Schilling
b130267e58
Import the used classes
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-24 14:33:54 +02:00
Thomas Müller
0c637c8d73
[9.2] Add missing unit tests ( #25936 )
...
* Adjust unit test execution after folder rename
* Adjust login controller tests to match current behavior
* Fix broken unit tests
2016-10-24 14:25:52 +02:00
Roeland Jago Douma
729c06548f
Merge pull request #1873 from nextcloud/files_sharing_singular
...
Move files_sharing Controllers => Controller
2016-10-24 14:16:02 +02:00
Lukas Reschke
bd8b3f52f0
Merge pull request #1830 from nextcloud/downstream-26250
...
Improved exception messages
2016-10-24 13:58:29 +02:00
Robin Appelman
0aec8647c2
use smaller cropper on small screens
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-24 13:56:21 +02:00
Robin Appelman
ad902d6bea
center cropper vertically
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-24 13:54:56 +02:00
Morris Jobke
24786d5c51
Merge pull request #1872 from nextcloud/ds-26447-misleading-ssl-config
...
Fix misleading SSL/TLS SMTP email configuration
2016-10-24 13:30:54 +02:00
Roeland Jago Douma
b4ebf03bef
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 13:25:59 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
...
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.
At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)
IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.
Implementing this offers the following advantages:
1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.
If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Roeland Jago Douma
f589f1a1d6
Move files_sharing Controllers => Controller
...
lib/Controller is the default location for controllers. So lets put them
all in there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 11:46:25 +02:00