Thomas Müller
6317ba8cb4
Merge pull request #21135 from owncloud/add-polyfill
...
Add polyfills for PHP55, PHP56 and PHP70 functionalities
2015-12-11 11:40:51 +01:00
Lukas Reschke
f3360d51c6
Use PHP polyfills
2015-12-11 08:47:36 +01:00
Scrutinizer Auto-Fixer
ffc49a24f0
Scrutinizer Auto-Fixes
...
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-12-10 16:43:37 +01:00
Lukas Reschke
7c45eaa70b
Add type description
...
Allows IDEs and static code analyzers. Would have saved me some minutes today :)
2015-12-08 15:20:54 +01:00
Scrutinizer Auto-Fixer
453e1bf66e
Scrutinizer Auto-Fixes
...
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-12-07 15:43:36 +00:00
Thomas Müller
602b636d3e
Merge pull request #20807 from owncloud/dont-append-redirect-url-if-user-is-already-logged-in
...
Don't append redirect URL if user is logged-in
2015-12-03 16:53:59 +01:00
Joas Schilling
44852ce324
Allow DI for OCP\Files\IMimeTypeDetector
2015-12-01 16:49:20 +01:00
Joas Schilling
3c5a6b829e
Allow DI the system tag stuff without Application class
2015-11-30 17:08:29 +01:00
Lukas Reschke
f4eb15d340
Show error template
...
Otherwise this leads to an endless redirection in case of a CSRF exception. Also sets user expectation right.
2015-11-30 11:25:52 +01:00
Thomas Müller
bdbefe17d6
Merge pull request #20782 from mitar/better-https
...
Also allow empty value for no-HTTPS
2015-11-27 14:24:23 +01:00
Mitar
59511d97ee
Also allow empty value for no-HTTPS.
...
This makes it work better with old version of Nginx.
2015-11-27 01:01:56 -08:00
Morris Jobke
7aed592957
Add full interface of server container as alias
2015-11-26 18:20:25 +01:00
Robin Appelman
2d7c9f0ba9
also match ie11 with Request::USER_AGENT_IE
2015-11-22 16:05:52 +01:00
Thomas Müller
358858c9e3
Fix undefined HTTP_USER_AGENT
2015-11-22 16:05:50 +01:00
Lukas Reschke
daa388ce8d
Move index.php from files to AppFramework
...
1. Allows it to use the more secure CSP rules of the AppFramework.
2. Adds some unit tests.
2015-11-16 21:10:11 +01:00
Robin Appelman
d514200b56
Add escapeLikeParameter to IDBConnection
2015-11-05 16:41:30 +01:00
Lukas Reschke
bafb86fb9f
Use getHttpProtocol instead of $_SERVER
2015-10-30 18:05:30 +01:00
Lukas Reschke
8f09d5b67c
Update license headers
2015-10-26 14:04:01 +01:00
Lukas Reschke
8133d46620
Remove dependency on ICrypto + use XOR
2015-10-21 17:33:41 +02:00
Morris Jobke
a0743f12c6
Provide IAppContainer as dependency injection
2015-10-20 10:33:53 +02:00
Morris Jobke
bf579a153f
fix IE8 user agent detection
2015-10-09 11:19:06 +02:00
Thomas Müller
020bb33150
Merge pull request #19034 from owncloud/http-request-warning
...
Prevent warning decoding content
2015-10-08 21:51:47 +02:00
Thomas Müller
8d2c8cf2a2
Merge pull request #19607 from owncloud/use-url
...
Use `/` if installed in main folder
2015-10-08 13:01:41 +02:00
Lukas Reschke
6a4f22c61f
Use `/` if installed in main folder
...
Otherwise an empty string is used indicating the cookie is only valid for those resources. This can lead to eunexpected behaviour.
Fixes https://github.com/owncloud/core/issues/19196
2015-10-06 15:24:19 +02:00
Lukas Reschke
80a232da6a
Add \OCP\IRequest::getHttpProtocol
...
Only allow valid HTTP protocols.
Ref https://github.com/owncloud/core/pull/19537#discussion_r41252333 + https://github.com/owncloud/security-tracker/issues/119
2015-10-06 14:18:46 +02:00
Morris Jobke
8366ce2767
deduplicate @xenopathic
2015-10-06 09:52:19 +02:00
Morris Jobke
b945d71384
update licence headers via script
2015-10-05 21:15:52 +02:00
Jörn Friedrich Dreyer
d81416c51d
return '' instead of false
2015-09-23 12:32:49 +02:00
Joas Schilling
ee75f9f594
Fix type hint errors in the container and the interface
2015-09-23 10:13:41 +02:00
Robin McCorkell
31a8949adf
Prevent warning decoding content
2015-09-14 22:36:40 +01:00
Bernhard Posselt
fd74522804
make resolve public to avoid boiler plate code
...
add resolve to public interface
2015-09-13 17:44:24 +02:00
Roeland Jago Douma
f12caf930e
Properly return 304
...
The ETag set in the IF_NONE_MODIFIED header is wraped in quotes (").
However the ETag that is set in response is not (yet). Also we need to
cast the ETag to a string.
* Added unit test
2015-09-01 11:04:41 +02:00
Robin McCorkell
e60c4bada1
Decode request content only on getContent
2015-08-31 01:05:25 +01:00
Thomas Müller
534b2e407a
Merge pull request #17662 from owncloud/locking-db
...
Database backend for locking
2015-08-26 03:56:37 +02:00
Lukas Reschke
8313a3fcb3
Add mitigation against BREACH
...
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:
1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data
Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.
To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
Thomas Müller
abd3d5c6a5
Merge pull request #17982 from owncloud/appframework-sanitize-name
...
Sanitize class names before registerService/query
2015-08-12 12:19:24 +02:00
Robin McCorkell
cd0a2874de
Merge pull request #17852 from owncloud/register-alias-factory
...
Add test for factories
2015-08-11 13:30:56 +01:00
Robin McCorkell
8944af57cb
Set default `forwarded_for_headers` to 'HTTP_X_FORWARDED_FOR'
2015-08-10 23:04:52 +02:00
Robin Appelman
58e96e53b0
add method to check if we're inside a transaction
2015-08-10 14:15:44 +02:00
Roeland Jago Douma
f0b617b508
Use DI
...
* Register OCP\Capability\IManager at DIContainer
* Add register capabilities to appframework
* Register capabilities in DI way
* Make unit test pass again
* Remove CapabiltiesManager from OCP
2015-08-10 10:45:16 +02:00
Robin McCorkell
fcc03e588a
Add \OCP\ISession to AppFramework
2015-08-07 12:29:57 +01:00
Lukas Reschke
90a11efecd
Remove "use" statement
...
Ref https://bugs.php.net/bug.php?id=66773
2015-08-05 09:31:21 +02:00
Lukas Reschke
4efa7c09b1
Use StringUtils::equals on CSRF token and add unit tests
2015-08-04 18:34:33 +02:00
Robin McCorkell
182bc17aeb
Sanitize class names before registerService/query
...
Leading backslashes are removed, so a `registerService('\\OC\\Foo')`
can still be resolved with `query('OC\\Foo')`.
2015-07-30 21:02:16 +01:00
Bernhard Posselt
d8673dabe3
add test for factories
...
use ref for factory test
use a factory for registerAlias
Ensure we construct SimpleContainer
Use single instance of DIContainer in routing tests
2015-07-25 01:59:30 +02:00
Thomas Müller
1f8ee61006
Merge pull request #17755 from owncloud/alias-container-alive
...
Add registerAlias method to shortcut interface registration #17714
2015-07-24 13:11:32 +02:00
Joas Schilling
20cd0ae55b
Add a log message when the Doctrine Query Builder is retrieved
2015-07-21 15:53:28 +02:00
Joas Schilling
516f7e8299
Add unit tests and automatic quoting
2015-07-21 15:25:47 +02:00
Joas Schilling
1bfb944d51
Add QueryBuilder, ExpressionBuilder and CompositeExpression wrappers
2015-07-21 15:25:47 +02:00
Lukas Reschke
7dda86f371
Return proper status code in case of a CORS exception
...
When returning a 500 statuscode external applications may interpret this as an error instead of handling this more gracefully. This will now make return a 401 thus.
Fixes https://github.com/owncloud/core/issues/17742
2015-07-20 12:54:22 +02:00