Joas Schilling
2c0b5dee19
Allow rich object strings in messages as well
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-31 10:37:37 +01:00
Nextcloud bot
6d2d069c17
[tx-robot] updated from transifex
2016-10-31 01:06:55 +00:00
Nextcloud bot
1187a8c183
[tx-robot] updated from transifex
2016-10-30 00:06:56 +00:00
Roeland Jago Douma
e55e6f1f14
Cleanup usages
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-29 14:29:50 +02:00
Roeland Jago Douma
d5159423cd
Removed depreacted functions (since 6.0)
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-29 14:27:12 +02:00
Lukas Reschke
e48fa1c337
Merge pull request #1948 from nextcloud/move_away_lagacy_oc_l10n
...
Move away from legacy OC_L10N
2016-10-29 09:39:22 +02:00
Nextcloud bot
035890aeb1
[tx-robot] updated from transifex
2016-10-29 00:07:14 +00:00
Roeland Jago Douma
94d09141f8
Remove legacy l10n
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 22:16:33 +02:00
Roeland Jago Douma
83e7cfd13a
Fix more tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 22:16:28 +02:00
Roeland Jago Douma
740659a04c
Move away from OC_L10N
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Roeland Jago Douma
f722640a32
Proper DI of config
...
* Fixed comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 10:13:35 +02:00
Morris Jobke
e7ec4601a3
Use callForSeenUsers for avatar migration
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-28 08:44:05 +02:00
Jörn Friedrich Dreyer
f8352fcb8d
introduce callForSeenUsers and countSeenUsers ( #26361 )
...
* introduce callForSeenUsers and countSeenUsers
* add tests
* oracle should support not null on clob
* since 9.2.0
2016-10-28 08:44:05 +02:00
Nextcloud bot
ad597d498d
[tx-robot] updated from transifex
2016-10-28 00:07:11 +00:00
Morris Jobke
d4969abc9d
Merge pull request #1800 from nextcloud/nextcloud-rich-object-strings
...
Nextcloud rich object strings
2016-10-27 15:30:58 +02:00
Lukas Reschke
0a2e2f70f6
Merge pull request #1929 from nextcloud/share_email_to_OCS
...
Remove notify recipient function
2016-10-27 09:03:29 +02:00
Lukas Reschke
7cae758ef9
Merge pull request #1930 from nextcloud/fix_avatars_exif
...
Fix avatar on exif rotated images
2016-10-27 08:56:56 +02:00
Nextcloud bot
9984eba727
[tx-robot] updated from transifex
2016-10-27 00:07:01 +00:00
Roeland Jago Douma
b05fe45d52
Fix avatar on exif rotated images
...
Fixes #1928
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-26 21:37:11 +02:00
Roeland Jago Douma
b7046d390f
Remove internal share mail function
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-26 20:52:41 +02:00
Roeland Jago Douma
b98dfaccd9
Merge pull request #1920 from nextcloud/legacy-pages-should-also-receive-the-nonce
...
Add nonce also to legacy CSP
2016-10-26 16:41:34 +02:00
Morris Jobke
cde7f535bd
Merge pull request #1738 from nextcloud/comments-provide-displaynames-with-mentions
...
comment mentions: show displayname not uid
2016-10-26 14:02:49 +02:00
Joas Schilling
c20ab0049f
Identify Chromium as Chrome
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-26 12:07:10 +02:00
Morris Jobke
0b430a82d4
Merge pull request #1914 from nextcloud/downstream-26468
...
Remove all unneeded set_include_path()
2016-10-26 09:55:56 +02:00
Lukas Reschke
fdcb8edd78
Add nonce also to legacy CSP
...
Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.
To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.
To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-26 09:41:18 +02:00
Nextcloud bot
a973c1bfb9
[tx-robot] updated from transifex
2016-10-26 00:07:12 +00:00
Lukas Reschke
015affb082
Missing returns + autoloader file
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-25 22:13:09 +02:00
Roeland Jago Douma
6dbe417c51
Inlince oc.js if possible!
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:18 +02:00
Roeland Jago Douma
e351ba56f1
Move browserSupportsCspV3 to CSPNonceManager
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:10 +02:00
Roeland Jago Douma
d5589a15d5
Move oc.js to a proper class
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:02 +02:00
Lukas Reschke
08268bca39
Merge pull request #1891 from nextcloud/downstream-26430
...
add upgrade command before repair, handle NeedsUpgradeException better
2016-10-25 18:42:44 +02:00
Thomas Müller
748f18f34e
Remove all unneeded set_include_path()
2016-10-25 18:08:54 +02:00
Morris Jobke
89574367bc
Merge pull request #1871 from nextcloud/use-csp-nonces
...
Use CSP nonces
2016-10-25 14:46:00 +02:00
Morris Jobke
27ba46c40e
Merge pull request #1890 from nextcloud/downstream-25428
...
fixing php 32 bit (arm) filemtime on large file issue (#18971 ) (#25428 )
2016-10-25 14:44:27 +02:00
Morris Jobke
c0adc3c2cf
Merge pull request #1883 from nextcloud/downstream-26145
...
Storage 503 message improvements
2016-10-25 13:19:46 +02:00
Lukas Reschke
324e5b02ba
Merge pull request #1902 from nextcloud/fix-largefile-helper-not-existent
...
Remove not existent function call
2016-10-25 12:25:41 +02:00
Lukas Reschke
62bb991050
Add check for linux os
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-25 12:01:03 +02:00
Lukas Reschke
459477e2c3
Move function to LargeFileHelper
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-25 12:00:57 +02:00
Boris Rybalkin
cfc0d9249b
fixing php 32 bit (arm) filemtime on large file issue ( #18971 ) ( #25428 )
...
* fixing php 32 bit (arm) filemtime on large file issue (#18971 )
* cast to int
2016-10-25 11:43:17 +02:00
Lukas Reschke
df3444493b
Remove not existent function call
...
- Removes a not existent function call
- Removes a fallback for Windows
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-25 11:37:16 +02:00
Nextcloud bot
e23a298a81
[tx-robot] updated from transifex
2016-10-25 09:36:09 +00:00
Lukas Reschke
740ff9108b
Merge pull request #1884 from nextcloud/downstream-26292
...
Fix logClientIn for non-existing users (#26292 )
2016-10-25 11:24:13 +02:00
Joas Schilling
890f752a6b
Merge pull request #1452 from nextcloud/appconfig-endpoint
...
Appconfig endpoint
2016-10-25 10:57:48 +02:00
Lukas Reschke
79706e0ddc
Merge pull request #1283 from nextcloud/us_files-ui-webdav-upload
...
Use Webdav PUT for uploads
2016-10-25 10:31:03 +02:00
Vincent Petry
6d1e858aa4
Fix logClientIn for non-existing users ( #26292 )
...
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.
This prevents throwing PasswordLoginForbidden for non-existing users.
2016-10-25 09:34:27 +02:00
Morris Jobke
ee8b8adf7a
Update autoload files 🙈
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 21:50:22 +02:00
Roeland Jago Douma
e73a11d106
Fix permision mask
...
If we move a file from the temp part file to the original file we don't
need update permissions.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Morris Jobke
8a231a4223
Merge pull request #1829 from nextcloud/downstream-26256
...
Fix login page handling for disabled users
2016-10-24 21:35:53 +02:00
Morris Jobke
ced3aeacb1
dump autoloader
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 21:31:03 +02:00
Morris Jobke
567e28b01a
Merge pull request #1885 from nextcloud/downstream-26295
...
App dependencies are now analysed on app enable as well - not only on…
2016-10-24 21:26:50 +02:00
Roeland Jago Douma
72b5206c44
Merge pull request #1886 from nextcloud/downstream-26385
...
Remove checks about running on Windows
2016-10-24 21:15:54 +02:00
Morris Jobke
f920153f16
Throw exception because the logger causes session issues anyway that early in the request cycle
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 21:14:44 +02:00
Jörn Friedrich Dreyer
2e0e68b57f
log error when setting timezone to UTC fails ( #26354 )
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:14:40 +02:00
Jörn Friedrich Dreyer
817729dc3f
add upgrade command before repair, handle NeedsUpgradeExcaption better
2016-10-24 17:52:49 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
RealRancor
14b1d946a8
Remove checks whether OC is running on Windows pt. 2
2016-10-24 16:12:17 +02:00
Thomas Müller
03ec052b4e
App dependencies are now analysed on app enable as well - not only on app install.
2016-10-24 15:59:46 +02:00
Vincent Petry
44cf67accd
Storage 503 message improvements
...
"Storage not available" is now "Storage temporarily not available".
Exceptions are now logged in DEBUG level, not FATAL.
2016-10-24 15:43:15 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
...
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.
At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)
IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.
Implementing this offers the following advantages:
1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.
If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Morris Jobke
169faf8c32
Remove sensible information from exception message
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 11:42:04 +02:00
Olivier Mehani
19ad058d06
Add message to NotSquareException thrown from Avatar
...
This prevents cryptic messages such as the following, from `user_ldap`:
Could not set avatar for uid=user,ou=People,dc=example,dc=net, because:
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
Add message to NotPermittedException thrown from Files\Nodes\Folder
Ditto.
Don't use translation macros here as this seems to be pretty low-level
errors that generally get caught and prettified, and I don't want to
unduly clog down the lower layers.
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
fixup! Add message to NotPermittedException thrown from Files\Nodes\Folder
2016-10-24 11:27:27 +02:00
Roeland Jago Douma
ab91fa2660
Merge pull request #1820 from nextcloud/4byte-filenames
...
Allow 4byte unicode filenames on supported platforms
2016-10-24 10:38:25 +02:00
Roeland Jago Douma
7998689bc9
Added method to DB and fix test
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 09:45:04 +02:00
Lukas Reschke
1be6213ba4
Merge pull request #1832 from nextcloud/select2-into-core
...
Select2 into core
2016-10-22 14:35:07 +02:00
John Molakvoæ
3e5e07aa64
Template css order
...
Select2 systemtags removal
Settings again
Fix Script
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2016-10-21 16:56:31 +02:00
Joas Schilling
0b1fb180a5
Make AppConfig part of the public API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00
Morris Jobke
2799b0a821
Merge pull request #1835 from nextcloud/downstream-24948
...
Move OC\Files\Storage\Shared to the right namespace
2016-10-20 23:48:15 +02:00
Vincent Petry
9e9fef46d9
Get rid of very old oc:// stream wrapper ( #26381 )
2016-10-20 20:46:30 +02:00
Morris Jobke
d9aeee2aa1
Merge pull request #1826 from nextcloud/downstream-26391
...
Fix post_unshareFromSelf hook parameter format
2016-10-20 20:44:05 +02:00
Vincent Petry
fca8bd44ab
Fix shared storage namespace in DecryptAll class
2016-10-20 20:36:50 +02:00
Joas Schilling
246bb9f33d
Move OC\Files\Storage\Shared to the right namespace
2016-10-20 20:27:44 +02:00
Sergio Bertolín
0417cbafd0
Changed request to not add a prefix to the url ( #26256 )
...
* Changed request to not add a prefix to the url
* Expecting forbidden instead of service unavailable
* Handling login exceptions
2016-10-20 17:21:08 +02:00
Vincent Petry
d4976e5554
Fix post_unshareFromSelf hook parameter format
...
When unsharing from self in a group share situation, the share items
passed to the post_unshareFromSelf hook were using the wrong format in
which the attribute names (ex: "share_type") have non camel-case format.
This fix makes sure that in group sharing case we use the correct
format. It looks like the code was already producing it but in
array_merge it was not using it and adding the unprocessed one.
2016-10-20 16:09:08 +02:00
Thomas Müller
ef842ef20a
Ensure $commands being an array - fixes #26073
2016-10-20 15:40:27 +02:00
Robin Appelman
3a8e75a814
Allow 4byte unicode filenames on supported platforms
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-20 14:26:09 +02:00
Joas Schilling
cf2d1b2427
Move federated share notifications to ROS
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:59 +02:00
Joas Schilling
b35d2fd8f2
Allow rich object subjects for Notifications
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:59 +02:00
Joas Schilling
2098648850
Add Rich Object Definitions and a validator
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:51 +02:00
Morris Jobke
f7ca3ec201
Remove unneeded compatibility polyfills
...
- `Object.create` supported with IE9+: https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Object/create#Browser_compatibility
- `Object.keys` supported with IE9+: https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Object/keys#Browser_compatibility
- `Array.prototype.filter` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter#Browser_compatibility
- `Array.prototype.indexOf` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf#Browser_compatibility
- `Array.prototype.map` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/map#Browser_compatibility
- `Function.prototype.bind` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/bind#Browser_compatibility
- `String.prototype.trim` supported with IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim#Browser_compatibility
- `outerHTML` supported with Firefox 11+: https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML#Browser_compatibility
- `window.devicePixelRatio` supported in IE11+: http://caniuse.com/#feat=devicepixelratio
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-20 10:17:18 +02:00
Morris Jobke
a8cf110ec6
Remove unneeded placeholder polyfill
...
* placeholders are supported in IE11+
* http://caniuse.com/#feat=input-placeholder
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-20 00:00:25 +02:00
Arthur Schiwon
5d98ab83e9
resolve displayname via manager and registerable resolvers
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-19 00:34:00 +02:00
Arthur Schiwon
fea3e20a80
move mention extraction to (I)Comment and report mentions via DAV
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-19 00:33:55 +02:00
Joas Schilling
64c9ef96c4
Fix like queries in the QueryBuilder
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Joas Schilling
15bbe02106
Ignore failures of collation change in the pre update step
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Joas Schilling
9356a0e583
Correctly save and pass on the charset
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Thomas Müller
a7245ea082
Fixing ctor call
2016-10-19 00:15:01 +02:00
Morris Jobke
cc28f82b36
Add config option to update charset of mysql to utf8mb4
...
* fully optional
* requires additional options set in the database
2016-10-19 00:15:01 +02:00
Lukas Reschke
c55a737b26
Merge pull request #1734 from nextcloud/setvalue_opt
...
AllConfig setUserValue opt
2016-10-18 17:16:25 +02:00
Morris Jobke
deb59d3d48
Merge pull request #1722 from nextcloud/hide-storage-warnings
...
hide storage wrapper warning for the readonly storage
2016-10-18 16:15:52 +02:00
Nextcloud bot
943d9737e4
[tx-robot] updated from transifex
2016-10-18 00:06:51 +00:00
Morris Jobke
96f8f209b9
Merge pull request #1449 from nextcloud/comments-user-mention
...
Notifications for simple @-mentioning in comments
2016-10-17 09:30:47 +02:00
Nextcloud bot
00ed841559
[tx-robot] updated from transifex
2016-10-15 00:06:56 +00:00
Lukas Reschke
62e19dfa80
Merge pull request #1441 from nextcloud/getby-id-less-queries
...
optimize Folder::getById to use less queries
2016-10-14 15:18:23 +02:00
Christoph Wurst
53eb0f7f42
Merge pull request #1037 from nextcloud/no-double-token-update
...
dont update the auth token twice
2016-10-14 14:53:17 +02:00
Roeland Jago Douma
77272ea52d
Use cache to determine if value need to be updated
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-13 19:40:40 +02:00
Morris Jobke
4d2835802f
hide storage wrapper warning for the readonly storage
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-13 14:37:31 +02:00
Nextcloud bot
9aae4a0d02
[tx-robot] updated from transifex
2016-10-13 00:07:02 +00:00
Arthur Schiwon
1bcd2ca8e3
emit pre-update event for comments
...
* notifications can be cleaned up, no polluted DB
* updating comments will re-notify users or remove notifications, depending on the message
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-12 18:06:22 +02:00
Robin Appelman
1484d01ff6
explicitly cast to int
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-12 16:12:39 +02:00
Robin Appelman
240538d9e6
reuse share node when creating a share
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-12 16:12:36 +02:00