Commit Graph

6037 Commits

Author SHA1 Message Date
Roeland Jago Douma ea47974a08
Add OCSMiddleware to catch OCS exceptions
* OCSException
* OCSBadRequestException
* OCSForbiddenException
* OCSNotFoundException
2016-07-20 20:03:49 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Morris Jobke e9c85e02ac Merge pull request #462 from nextcloud/master-explode
[master] Use explode() instead of split()
2016-07-20 18:31:11 +02:00
Björn Schießle 7cdf6402ff Merge pull request #472 from nextcloud/show-app-name-in-errormsg
Show app name in error message if app could not be loaded. (#25441)
2016-07-20 18:20:49 +02:00
Morris Jobke 1264e9644f Merge pull request #402 from nextcloud/smb-notifications
smb update notifications
2016-07-20 16:19:21 +02:00
Klaas Freitag 99316ec02c
Show app name in error message if app could not be loaded. (#25441) 2016-07-20 15:16:16 +02:00
Aaron Wood 7c0de08cc4
Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Lukas Reschke 4f90447150
[master] Use explode() instead of split()
Sync from https://github.com/owncloud/core/pull/25488
2016-07-20 14:36:39 +02:00
Björn Schießle 8735a05d93 Merge pull request #441 from nextcloud/fix-maintenance-mode
Fix maintenance mode
2016-07-19 16:59:24 +02:00
Roeland Douma 13a25535d2 Merge pull request #400 from nextcloud/ocs_appframework
OCS routes use AppFramework
2016-07-19 12:21:14 +02:00
Morris Jobke 544c3c1565 Merge pull request #436 from nextcloud/public-regex-to-match-our-clients
Copy the regexes to the public interface
2016-07-19 11:35:10 +02:00
Joas Schilling 80168613be
Fix maintenance mode
When the server is in maintenance mode, apps are not loaded.
That means apps/theming/ is not in the allowed paths. So we
need to check without autoloading, whether the class exists.
2016-07-19 09:54:42 +02:00
Björn Schießle ea470f8777 Merge pull request #405 from nextcloud/theming-fixes
Theming fixes
2016-07-18 15:59:47 +02:00
Joas Schilling b1d652e8b0
Copy the regexes to the public interface 2016-07-18 15:11:44 +02:00
Joas Schilling 9781312648
Prevent syntax error when creating user or changing password 2016-07-18 11:44:10 +02:00
Roeland Jago Douma 0bda09236e
Add route tests 2016-07-18 11:09:49 +02:00
Roeland Jago Douma 94cd83ca00
Make the router handle OCS AppFramework Routes 2016-07-18 11:09:04 +02:00
Roeland Jago Douma 1ff4b7f63d
Allow registering of OCS routes with the appframework 2016-07-18 11:09:04 +02:00
Morris Jobke 5157c5a9c4 Merge pull request #418 from nextcloud/remove_asset_pipeline
Remove asset pipelin
2016-07-18 09:44:35 +02:00
Roeland Jago Douma 72464f1ce4
Remove asset pipelin
Fixes #215

The asset pipeline has shown to do more harm than good. Some apps fail
hard with it. Also it makes sure that you download a huge file on each
unvisited page.
2016-07-15 20:14:11 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Robin Appelman 29eeeb2273 Save the files external mount id in the mount cache table 2016-07-13 16:34:08 +02:00
Robin Appelman e5d7612a19 dont check for pgsql extension during setup 2016-07-12 14:38:24 +02:00
Robin Appelman 7ffda5d10f use pdo for postgres setup 2016-07-12 14:38:24 +02:00
Robin Appelman 8a79d314cf Remove duplicate database connect logic in mysql setup 2016-07-12 14:38:24 +02:00
Bjoern Schiessle 7c64e1973f
add test for needsRebundling() check 2016-07-11 15:51:48 +02:00
Lukas Reschke 0c1cf5f7eb Merge pull request #347 from nextcloud/drop-windows-foo
Remove unneeded checks if it runs on a Windows machine
2016-07-11 13:16:03 +02:00
Joas Schilling 103417fd9c Merge pull request #350 from nextcloud/fix-check-certificate-bundles
fix check if the certificate bundle needs to be updated
2016-07-11 11:04:49 +02:00
Bjoern Schiessle 49cad153af
always check the mtime of the system bundle and additionally the user specific certificate bundle if a user is given 2016-07-08 18:24:37 +02:00
Morris Jobke c2d88a08b7
Remove unneeded checks if it runs on a Windows machine
* the setup check is still there
2016-07-08 15:55:17 +02:00
Morris Jobke 390a996297
Sanitize more config options and stack traces 2016-07-08 14:13:16 +02:00
Lukas Reschke c8ba8f637e Merge pull request #314 from jernst/master
Allow wildcard * to be used in trusted domains
2016-07-07 19:34:11 +02:00
Morris Jobke 2791b8f00d Revert "occ web executor (#24957)"
This reverts commit 854352d9a0.
2016-07-07 12:14:45 +02:00
Morris Jobke ba16fd0d33 Merge branch 'master' into sync-master 2016-07-07 11:29:46 +02:00
Johannes Ernst 66a134e69e Disallow certain malformed domain names even if they match the trusted domain expression
Stricter checking for valid domain names
2016-07-06 23:51:04 +00:00
Johannes Ernst 2b4ceae620 Trusted domain wildcard checking made shorter, supporting multiple *
Added test cases
2016-07-06 23:38:30 +00:00
Vincent Petry dc21a38a85 Use named parameter instead of direct value for system tags search param (#25380) 2016-07-06 22:39:34 +02:00
Thomas Pulzer 0638937ada Changed the input option for database-port to required when parameter was provided.
Added casting database port to int for input sanitation in pgsql and oci connections.
2016-07-06 11:31:28 +02:00
Thomas Pulzer d367318088 Added occ install option for database-port.
Extended the database setup to store the database port.
Changed the PostgreSQL connection error message for clarification.
2016-07-06 09:58:38 +02:00
Johannes Ernst 3516b58be6 Duh, no 'next' in PHP.
Use === instead of == for extra paranoia.
2016-07-06 04:51:49 +00:00
Johannes Ernst b1867dc8d1 Allow wildcard * to be used in trusted domains, to support setups where no reliable DNS entry is available (e.g. mDNS) or for simple-to-setup aliasing (e.g. *.example.com) 2016-07-05 18:49:18 +00:00
Thomas Müller d2d99a91a0 fix swift primary object store test (#25281)
* Wait for socket to be open

* Fix call on null

* Allow DB access for MountProviderTest

Makes unit tests pass when using object store, since their FS access is
actually oc_filecache DB access. It is currently not possible to mock
or bypass the logic from "SharedMount::verifyMountPoint()" triggered by
this test.
2016-07-05 08:54:51 +02:00
Thomas Pulzer bca4f42e14 Merge branch 'master' of https://github.com/nextcloud/server 2016-07-04 12:06:52 +02:00
Thomas Pulzer 90b7f74da7 Changed name of default logfile from owncloud.log to nextcloud.log. 2016-07-04 11:50:32 +02:00
Lukas Reschke dc5fea504b [master] Use paramterized parameter for \OC\SystemTag\SystemTagManager
$nameSearchPattern was passed in and directly appended to the SQL query. Luckily the code path isn't reached anywhere in Nextcloud or the included apps.
2016-07-03 16:54:41 +02:00
Hendrik Leppelsack 11be3d6276 remove png references in core 2016-07-01 16:36:37 +02:00
Lukas Reschke 179a355b2c Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-07-01 11:36:35 +02:00
Thomas Müller b55ab6d22a Various database migration fixes (#25209)
* String columns with a length higher then 4000 are converted into a CLOB columns automagically - we have to respect this when migrating

* Adding schema migration tests to prevent unnecessary and non-sense migration steps
Fix Oracle autoincrement and unsigned handling

* Fix sqlite integer type for autoincrement

* Use lower case table names - fixes pg

* Fix postgres with default -1 - this only affect pg 9.4 servers - 9.5 seems to work fine
2016-06-29 14:54:41 +02:00
Morris Jobke b6397ef73a Merge pull request #236 from nextcloud/master-sync-upstream
[Master] sync upstream
2016-06-28 09:02:03 +02:00
Robin Appelman 2a72eff9ee Fix getting the certificate bundle for dav external storage (#25274)
* Fix getting the certificate bundle for dav external storages

* Log the original exception in dav external storage
2016-06-27 22:26:43 +02:00
Christoph Wurst 1710de8afb Login hooks (#25260)
* fix login hooks

* adjust user session tests

* fix login return value of successful token logins

* trigger preLogin hook earlier; extract method 'loginWithPassword'

* call postLogin hook earlier; add PHPDoc
2016-06-27 22:16:22 +02:00
Robin Appelman 88ef163276 handle unavailable fed shares while testing for availability (#25277)
* More explicit http status codes

* handle unavailable fed shares while testing for availability
2016-06-27 21:34:28 +02:00
Lukas Reschke e0445856b9 Merge pull request #59 from nextcloud/theming-app
Theming app
2016-06-27 21:14:40 +02:00
Lukas Reschke 6670d37658 Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-06-27 18:23:00 +02:00
Bjoern Schiessle 2a990a0db5
verify user password on change 2016-06-27 14:08:11 +02:00
Bjoern Schiessle d4989c8037
remove old hook, no longer needed 2016-06-27 14:05:27 +02:00
Bjoern Schiessle 630e4b1b46
check password for link shares 2016-06-27 14:05:27 +02:00
Vincent Petry 199c8e304c Merge pull request #25250 from owncloud/linkshare-includedeletewithuploadperms
Add explicit delete permission to link shares
2016-06-27 12:14:05 +02:00
Vincent Petry 7269611722 Merge pull request #25258 from owncloud/integritycheck-whennotinstalled
Make code integrity check work when OC is not installed yet
2016-06-27 11:58:35 +02:00
Lukas Reschke 89e889c832 Check if server is installed
AppManager has a dependency on Nc being installed
2016-06-27 10:26:23 +02:00
Lukas Reschke 27b699bdbc Migrate logic to dynamic controller
Also adds support for having custom login backgrounds
2016-06-27 10:26:23 +02:00
Bjoern Schiessle 10f6ca20bc write theme settings to database 2016-06-27 10:26:22 +02:00
Lukas Reschke 7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync 2016-06-26 12:55:05 +02:00
Christoph Wurst 89198e62e8 check login name when authenticating with client token 2016-06-24 13:57:09 +02:00
Vincent Petry e677ad56fd Make code integrity check work when OC is not installed yet 2016-06-24 10:24:41 +02:00
Vincent Petry 0ad065cb8d Repair step to adjust link share delete permissions 2016-06-24 09:48:48 +02:00
Vincent Petry 955635c7aa Add explicit delete permission to link shares
Link shares always allowed deletion, however internally the permissions
were stored as 7 which lacked delete permissions. This created an
inconsistency in the Webdav permissions.

This fix makes sure we include delete permissions in the share
permissions, which now become 15.

In case a client is still passing 7 for legacy reasons, it gets
converted automatically to 15.
2016-06-24 09:48:48 +02:00
Vincent Petry 3db5de95bd Merge pull request #25172 from owncloud/token-login-validation
Token login validation
2016-06-22 13:58:56 +02:00
VicDeo 854352d9a0 occ web executor (#24957)
* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
2016-06-22 13:12:36 +02:00
Vincent Petry c49ff83f18 Merge pull request #25208 from owncloud/uploadfolder-firemkdirhooksforparents
Fire hooks for mkdir for folder upload
2016-06-22 10:21:00 +02:00
karakayasemi c8b7a059b4
Fire hooks for mkdir for folder upload
fromTmpFile function, usual mkdir call is only working for file's parent
directory. Does not care upper parent folders. I added a recursive
function that creates parent non-existing folders with usual mkdir.
2016-06-21 17:10:52 +02:00
Christoph Wurst 7f22aeb5d6 redirect to new login route (#25099)
* redirect to new login route

* encode anchor in url and restore it client-side
2016-06-21 16:14:51 +02:00
Lukas Reschke 097cba8b38 Merge pull request #185 from nextcloud/fix-permission-issue
Show error message if config file is not readable
2016-06-21 12:14:24 +02:00
Morris Jobke 191a6c65d9
Show error message if config file is not readable
* when the config file is not writable there is a error message shown
* same happens now if the config file is not readable
* fixes #180
2016-06-21 11:25:38 +02:00
Lukas Reschke 2b493e2f9d
Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-06-21 11:18:22 +02:00
Christoph Wurst b805908dca
update session token password on user password change 2016-06-21 10:24:25 +02:00
Vincent Petry 88b9f5a357 Merge pull request #25162 from owncloud/password-login-forbidden-hint
Password login forbidden hint
2016-06-20 17:05:20 +02:00
Morris Jobke e95c15e53a
fix more strings 2016-06-20 13:14:24 +02:00
Thomas Müller 2951a70fcb Update ExcludeFileByNameFilterIterator.php (#25184)
Gentoo & derivatives use a tool named webapp-config which places two files in a webapp-config manager web application:
1: .webapp    tag with more detailed info on the configuration done by webapp-config
2: .webapp-appname   with the list of files installed by the tool to be able to later only delete stuff that was installed (in case of upgrade) and updated configurations.
2016-06-20 12:02:23 +02:00
Christoph Wurst 56199eba37
fix unit test warning/errors 2016-06-20 10:41:23 +02:00
Vincent Petry e2b0a0f18f Merge pull request #25174 from owncloud/tokenmapper-close-cursor
close cursor after loading a token
2016-06-20 09:54:15 +02:00
Vincent Petry 01041045da Merge pull request #25168 from owncloud/capped-user-cache
Capped cache for user config
2016-06-20 09:53:58 +02:00
Christoph Wurst 9d74ff02a4
fix nitpick 2016-06-20 09:13:47 +02:00
Florian Preinstorfer f6e9322f1e Remove obsolete contacts_cards_properties table
The table contacts_cards_properties was part of the contacts app until
ownCloud 8.2. It got replaced with cards_properties (part of dav).

See also: ownCloud/core #21889
2016-06-19 15:40:37 +02:00
Florian Preinstorfer 217144dd95 Drop obsolete tables: gallery_albums and gallery_photos
Commit 34a21a63ce renamed gallery_albums
to pictures_images_cache and removed gallery_photos entirely.
2016-06-19 14:01:42 +02:00
Christoph Wurst b0f2878f6e
close cursor after loading a token 2016-06-17 16:13:28 +02:00
Christoph Wurst 1889df5c7c
dont create a session token for clients, validate the app password instead 2016-06-17 15:42:28 +02:00
Christoph Wurst 0c0a216f42
store last check timestamp in token instead of session 2016-06-17 15:42:28 +02:00
Christoph Wurst c4149c59c2
use token last_activity instead of session value 2016-06-17 15:42:28 +02:00
Jörn Friedrich Dreyer 66560b8ed9 Capped cache for user config 2016-06-17 12:58:55 +02:00
Vincent Petry 73e284e1e1
Use getLazyRootFolder from RemoveRootShares repair step
This prevents the command registration to setup the FS too early when
FS-related apps might need upgrading.
2016-06-17 11:09:12 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Vincent Petry 82beee57e4 Merge pull request #25132 from owncloud/2fa-load-apps-before-query
load 2FA provider apps before querying classes
2016-06-16 17:04:19 +02:00
Jörn Friedrich Dreyer 592ac6f7da emit correct signal when disabling an app 2016-06-16 14:17:06 +02:00
Christoph Wurst a40d64ff7f
load 2FA provider apps before querying classes 2016-06-16 10:12:16 +02:00
Vincent Petry 9c328de4ab Merge pull request #24415 from owncloud/optimize_sharingdisabled_for_user
Optimize isSharingDisabledForUser
2016-06-16 09:27:48 +02:00
Vincent Petry 1251df3e17 Merge pull request #25075 from owncloud/fix_23265
Remove shares of the root folder
2016-06-16 09:27:06 +02:00
Vincent Petry 5de6432441 Merge pull request #25056 from owncloud/fs-usermountcache-capped
Capped cache for cache info in UserMountCache
2016-06-15 13:01:28 +02:00
Vincent Petry 05967a6904 Merge pull request #25093 from owncloud/issue-12816-clean-tags-from-deleted-users
Clean up tags of deleted users
2016-06-15 12:20:29 +02:00
Vincent Petry f163eedfa2 Merge pull request #25102 from owncloud/preview-delete-performance
Preview delete performance
2016-06-15 11:58:50 +02:00