mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
40,701 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

7747 Commits

Author SHA1 Message Date
Roeland Jago Douma 3bd4e7e541 Merge pull request #6632 from nextcloud/do_not_show_hyphen 
Do not show hyphen
 2017-09-25 16:34:50 +02:00
Stephan Müller 86265320b8
do not show hyphen after instance name in emails if slogan does not exist 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-25 09:20:46 +02:00
Roeland Jago Douma c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-24 21:07:16 +02:00
John Molakvoæ (skjnldsv) 4a5eeb2ce7
Fixed webroot detection 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2017-09-22 07:20:31 +02:00
Morris Jobke 38568c362b Merge pull request #6605 from nextcloud/oc_ocs_response_is_dep 
OC_OCS_Response is deprecated
 2017-09-21 20:38:18 +02:00
Roeland Jago Douma 2207fdcd8c
Remove private legacy OC_OCS_Response 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-21 17:56:56 +02:00
Roeland Jago Douma 87e10f9e6a
OC_OCS_Response is deprecated 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-21 17:56:00 +02:00
John Molakvoæ (skjnldsv) 0e17b65bcf
Avoid error undefined index classes in log 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2017-09-21 14:00:39 +02:00
Roeland Jago Douma 8358c63f53 Merge pull request #6573 from nextcloud/nonfound-webroot-empty-string 
Fix "webroot not found" when installed to the root of the webserver
 2017-09-20 20:04:27 +02:00
Robin Appelman 5430d73a0e
Fix "webroot not found" when installed to the root of the webserver 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-09-20 14:19:15 +02:00
Roeland Jago Douma 6d7ca1092d
Read appinfo from a local cache 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-19 14:34:11 +02:00
Robin Appelman d526969a68
fix path style 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-09-18 15:16:28 +02:00
Robin Appelman d70607104e
reuse object read/write/delete logic in s3 implementations 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-09-18 15:16:27 +02:00
Robin Appelman dad18baec8
update aws sdk and move it to 3rdparty 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-09-18 15:16:27 +02:00
Roeland Jago Douma ca5c3f839a Merge pull request #6490 from nextcloud/share_pagination_query 
Improve sharing pagination
 2017-09-18 14:34:15 +02:00
Morris Jobke a0132a49a6 Merge pull request #6549 from nextcloud/fix-6534 
don't pass User object when uid string is expected
 2017-09-18 14:28:14 +02:00
Lukas Reschke 53057f2bd0 Merge pull request #5462 from nextcloud/add-frameancestor-support 
Add CSP frame-ancestors support
 2017-09-18 14:25:44 +02:00
Arthur Schiwon 0837745477
don't pass User object when uid string is expected 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-09-18 13:19:47 +02:00
Roeland Jago Douma ae1fdf73c2
Improve sharing pagination 
Basically we did in almost all cases did a query to much.
This resulted in an extra query for each share type.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-15 19:44:19 +02:00
Lukas Reschke 705432ca6f
Add filter for `shareapi_allow_share_dialog_user_enumeration` 
This adjusts the contacts menu to also support searching by email address which is relevant in scenarios where no UID is known such as LDAP, etc.

Furthermore, if `shareapi_allow_share_dialog_user_enumeration` is disabled only results are shown that match the full user ID or email address.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-09-15 15:58:04 +02:00
Thomas Citharel ecf347bd1a Add CSP frame-ancestors support 
Didn't set the @since annotation yet.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2017-09-15 15:23:10 +02:00
Tobia De Koninck 5896176d69
Fix issue when disabling the shareapi_only_share_with_group_members option + fix findOne 
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
 2017-09-15 14:31:41 +02:00
Tobia De Koninck 7dfa527da2
Improve code style 
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
 2017-09-15 14:31:40 +02:00
Tobia De Koninck f0370c0244
Some code improvements 
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
 2017-09-15 14:31:40 +02:00
Tobia De Koninck fa402c74d2
Add tests 
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
 2017-09-15 14:31:40 +02:00
Tobia De Koninck 473a1ecad1
Fix tests 
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
 2017-09-15 14:31:39 +02:00
Tobia De Koninck 92c238e0f0
Privacy enhancements for contacts menu 
- Groups, which are excluded from sharing should not see local users at all
 - If sharing is restricted to users own groups, he should only see contacts from his groups:

Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
 2017-09-15 14:31:39 +02:00
John Molakvoæ (skjnldsv) 1a0ac912b2
Fix webroot throw 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2017-09-14 08:41:10 +02:00
Morris Jobke 883574974d Merge pull request #6458 from nextcloud/rethrow-correct-exception 
Rethrow the correct exception when there was an error in an app conta…
 2017-09-14 00:32:13 +02:00
Lukas Reschke 8ef4fcb4b7 Merge pull request #6452 from lukanetconsult/hotfix/issue-6415-undefined-variable 
Fix undefined variable $tmpRoot
 2017-09-13 22:42:42 +02:00
Roeland Jago Douma 9163cf9241
Fix AppPassword 2FA auth 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-12 22:28:43 +02:00
Axel Helmert 01d4967130 Fix undefined variable $tmpRoot 
Refactoring of webroot detection left an unused variable.

Fixes: #6415
Signed-off-by: Axel Helmert <info@luka.de>
 2017-09-12 12:14:27 +02:00
Joas Schilling c4b3198ac2
Rethrow the correct exception when there was an error in an app container 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-12 11:54:13 +02:00
Julius Härtl 8391ca8792
Use IAppManager instead of private API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2017-09-12 09:28:22 +02:00
Julius Härtl b49ab065b7
Move theming related imagePath logic to ThemingDefaults 
Signed-off-by: Julius Haertl <jus@bitgrid.net>
 2017-09-12 09:22:57 +02:00
William Pain 9a63ded43b
Fix uninitialized variable $this->params 
Signed-off-by: William Pain <pain.william@gmail.com>
 2017-09-11 10:01:12 +02:00
Morris Jobke 8a79d0cc70 Merge pull request #6414 from nextcloud/share-notification-wrong-language 
Use the language of the recipient for the share notification
 2017-09-08 19:15:05 +02:00
Joas Schilling 29e1aa57e1
Ask the schema whether the table and column exist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-08 11:45:16 +02:00
Joas Schilling 7e625a8d22
Use the language of the recipient for the share notification 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-08 10:48:16 +02:00
Lukas Reschke bab313da5d Merge pull request #6360 from nextcloud/fix/session-timeout-refresh-csrf-token 
Fix failing csp/nonce check due to timed out session
 2017-09-07 19:51:59 +02:00
Lukas Reschke 11c7a98a2a Merge pull request #6380 from nextcloud/cleanup-oci-setup 
cleanup oci setup code
 2017-09-07 14:11:55 +02:00
Morris Jobke 485e22acde Merge pull request #6329 from nextcloud/ldap-password 
Don't log LDAP password when server is not available
 2017-09-07 09:25:56 +02:00
tux-rampage 7a33b9273e Refactor webroot detection in resource locator 
The current implementation breaks installations with symlinks to
directories inside the webroot (i.E. apps).

With this change both variants, directory and symlinks, will be detected
correctly.

Fixes: #6028
Signed-off-by: Axel Helmert <axel.helmert@luka.de>
 2017-09-06 21:32:48 +02:00
Morris Jobke a10c4517cb Merge pull request #5571 from Luzifer/5570_backend_admin 
Allow group backend to declare users as admins
 2017-09-06 19:50:52 +02:00
Morris Jobke 5d4540f179 Merge pull request #6364 from nextcloud/fix_login_loop 
Fix login with basic auth
 2017-09-06 17:04:00 +02:00
Joas Schilling b68609d0cf
Don't log LDAP password when server is not available 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-06 16:38:55 +02:00
Robin Appelman 2c0efae30f
cleanup oci setup code 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-09-06 15:55:05 +02:00
Morris Jobke 15cd21d252 Merge pull request #6358 from nextcloud/fix-mixup-of-id-and-name 
Set the meta data before everything
 2017-09-05 16:08:57 +02:00
Roeland Jago Douma b96485b6bd
Fix login with basic auth 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-05 12:24:41 +02:00
Christoph Wurst 87aeae21e3
Fix failing csp/nonce check due to timed out session 
The CSP nonce is based on the CSRF token. This token does not change,
unless you log in (or out). In case of the session data being lost,
e.g. because php gets rid of old sessions, a new CSRF token is gen-
erated. While this is fine in theory, it actually caused some annoying
problems where the browser restored a tab and Nextcloud js was blocked
due to an outdated nonce.
The main problem here is that, while processing the request, we write
out security headers relatively early. At that point the CSRF token
is known/generated and transformed into a CSP nonce. During this request,
however, we also log the user in because the session information was
lost. At that point we also refresh the CSRF token, which eventually
causes the browser to block any scripts as the nonce in the header
does not match the one which is used to include scripts.
This patch adds a flag to indicate whether the CSRF token should be
refreshed or not. It is assumed that refreshing is only necessary
if we want to re-generate the session id too. To my knowledge, this
case only happens on fresh logins, not when we recover from a deleted
session file.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-09-04 17:29:26 +02:00