mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
33,048 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

33048 Commits

Author SHA1 Message Date
Lukas Reschke 4ac9eaab03 Match for /../ 2016-07-01 15:01:48 +02:00
Lukas Reschke 5b65591d84 Do not allow directory traversal using "../" 
We should not allow directory traversals using "../" here.

To test access the following URL once with and then without this patch:

http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
 2016-07-01 13:36:05 +02:00
Björn Schießle 8e002b6155 Merge pull request #255 from nextcloud/dav-permission-check 
add some additonal permission checks to the webdav backend
 2016-06-30 14:41:23 +02:00
Marius Blüm 2cdee70305 Merge pull request #258 from nextcloud/set-disposition 
Set content-type to "application/octet-stream"
 2016-06-30 14:27:43 +02:00
Bjoern Schiessle 26e14529be fix error message 2016-06-30 13:50:31 +02:00
Lukas Reschke 149218ead9 Fix tests 2016-06-30 13:46:08 +02:00
Morris Jobke 5d0f5f175b Merge pull request #253 from nextcloud/fix-versions 
check permissions before rollback
 2016-06-30 13:42:45 +02:00
Lukas Reschke c771368c4e Add proper throws PHP docs 2016-06-30 13:19:50 +02:00
Lukas Reschke 1e7f0f7341 Add required $message parameter 2016-06-30 13:17:53 +02:00
Lukas Reschke 700a57d8b6 Set content-type to "application/octet-stream" 
Some browsers such as Firefox on Microsoft Windows otherwise do offer to open the file directly which is kinda silly.
 2016-06-30 12:47:46 +02:00
Lukas Reschke b32b296ed7 Add integration tests 2016-06-30 12:21:01 +02:00
Bjoern Schiessle 1b74cf72fb check permissions before rollback 2016-06-30 11:27:25 +02:00
Bjoern Schiessle 3571207bd9 add some additonal permission checks to the webdav backend 2016-06-30 11:16:49 +02:00
Morris Jobke f7a69c765a Merge pull request #247 from nextcloud/l10n-fixes 
Fix update notification text
 2016-06-30 09:11:54 +02:00
Morris Jobke 3acdc1339d Merge pull request #206 from nextcloud/ci-mysql 
Add mysql job to CI
 2016-06-30 09:06:19 +02:00
Morris Jobke 83a046a0fb Merge pull request #248 from nextcloud/tx-fixes 
Update transifex config
 2016-06-29 16:41:45 +02:00
Morris Jobke 9a1e393470 Merge pull request #245 from nextcloud/fix-243 
targets 3rdparty submodule from Nc instead of oC
 2016-06-29 16:34:29 +02:00
Morris Jobke 409672d981 Fix update notification text 
* thanks to ungesundes_halbwissen @ transifex
 2016-06-29 16:05:51 +02:00
Morris Jobke 01829e8d7c mysql only works with 3 byte UTF-8 2016-06-29 15:53:23 +02:00
Morris Jobke c1d990d547 Update transifex config 2016-06-29 14:36:30 +02:00
Morris Jobke cf798edfec Merge pull request #242 from nextcloud/fix-229 
get only vcard which match both the address book id and the vcard uri
 2016-06-29 11:41:23 +02:00
Vincent Chan eb0d740c1d targets 3rdparty submodule from Nc instead of oC 2016-06-28 18:39:51 +02:00
Bjoern Schiessle 5f6944954b get only vcard which match both the address book id and the vcard uri 2016-06-28 16:11:06 +02:00
Morris Jobke b6397ef73a Merge pull request #236 from nextcloud/master-sync-upstream 
[Master] sync upstream
 2016-06-28 09:02:03 +02:00
Morris Jobke 300f0965ae Merge pull request #238 from nextcloud/lgtm-self-approval-fix 
Get rid of LGTM self approvals
 2016-06-28 00:28:26 +02:00
Marius Blüm 69937933e1 Get rid of LGTM self approvals 
* add missing spaces
 2016-06-27 23:18:01 +02:00
Marius Blüm 52f6d97e4e Merge pull request #235 from nextcloud/fix-app-code 
Add app:check-code for already compatible apps
 2016-06-27 23:02:32 +02:00
Lukas Reschke e0445856b9 Merge pull request #59 from nextcloud/theming-app 
Theming app
 2016-06-27 21:14:40 +02:00
Lukas Reschke cd74ad55e4 Only save when value changed or enter is pressed 2016-06-27 20:46:12 +02:00
Lukas Reschke a08c4a2b13 Add tooltip 2016-06-27 20:36:23 +02:00
Lukas Reschke 6670d37658 Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-06-27 18:23:00 +02:00
Morris Jobke cee2f5dc65 Merge pull request #233 from nextcloud/allow-users-to-change-global-credentials 
Allow regular users to specify global credentials password
 2016-06-27 17:03:19 +02:00
Morris Jobke ed25d73d31 Merge pull request #221 from nextcloud/password_policy_events 
add events to check passwords with the password policy app
 2016-06-27 16:55:16 +02:00
Morris Jobke 5961d5aae4 Add app:check-code for already compatible apps 
* admin_audit, comments, federation
* removed not needed call to OC_Util::checkAdminUser() (is already
  done by the request handler before)
 2016-06-27 16:50:10 +02:00
Lukas Reschke 341dabf300 Merge pull request #190 from nextcloud/add-wnd-1 
Add "Login credentials" and "User Provided"
 2016-06-27 16:15:31 +02:00
Vincent Petry f8fa031e9f Merge pull request #25273 from owncloud/ext-fixsessioncredentialsnolazyload 
Quickfix: do not lazy load auth mechanisms for ext storages
 2016-06-27 14:57:29 +02:00
Bjoern Schiessle 2a990a0db5
verify user password on change 2016-06-27 14:08:11 +02:00
Bjoern Schiessle d4989c8037
remove old hook, no longer needed 2016-06-27 14:05:27 +02:00
Bjoern Schiessle 630e4b1b46
check password for link shares 2016-06-27 14:05:27 +02:00
Vincent Petry 1d4c61af47 Merge pull request #25237 from owncloud/search-filelistnextpageresults 
Prerender file list pages to include search results
 2016-06-27 13:46:25 +02:00
Vincent Petry 579bc57d16 Merge pull request #25261 from owncloud/app-password-login-name 
show which login name to use for the new app password
 2016-06-27 13:40:20 +02:00
Lukas Reschke 1cd255af56
Allow regular users to specify global credentials password 
While the UI is existent the feature simply doesn't work because admin privileges are required for the controller. This adds proper permission checks and also unit tests.

To test this:
1. Enable external storage
2. Login as non-admin user
3. Go to personal page and try to change global credentials
 2016-06-27 12:29:27 +02:00
Christoph Wurst b14376419d Merge pull request #25263 from owncloud/decryptall-keepencryptionenabledforsingleuser 
Keep encryption enabled if decrypting for single user
 2016-06-27 12:19:45 +02:00
Vincent Petry 199c8e304c Merge pull request #25250 from owncloud/linkshare-includedeletewithuploadperms 
Add explicit delete permission to link shares
 2016-06-27 12:14:05 +02:00
Vincent Petry 7269611722 Merge pull request #25258 from owncloud/integritycheck-whennotinstalled 
Make code integrity check work when OC is not installed yet
 2016-06-27 11:58:35 +02:00
Vincent Petry 0d3de20b02 Quickfix: do not lazy load auth mechanisms for ext storages 
Some auth mechanisms like SessionCredentials need to register hooks
early, so they cannot be lazy loaded.
 2016-06-27 10:50:10 +02:00
Lukas Reschke f7f86d61c4 Add comment to "getMailHeaderColor" 2016-06-27 10:48:28 +02:00
Lukas Reschke 51646bb3f6 Use stream instead of rename 2016-06-27 10:47:44 +02:00
Morris Jobke b9edcd78bf Merge pull request #25252 from owncloud/authtoken-removetooltipondisconnect 
Remove tooltip when disconnecting token
 2016-06-27 10:42:35 +02:00
Lukas Reschke 0a5c5d9b03 Replace OC_Defaults with \OC::$server->getThemingDefaults() 2016-06-27 10:34:08 +02:00