Commit Graph

13730 Commits

Author SHA1 Message Date
Lukas Reschke 4ac9eaab03 Match for /../ 2016-07-01 15:01:48 +02:00
Lukas Reschke 5b65591d84 Do not allow directory traversal using "../"
We should not allow directory traversals using "../" here.

To test access the following URL once with and then without this patch:

http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
2016-07-01 13:36:05 +02:00
Björn Schießle 8e002b6155 Merge pull request #255 from nextcloud/dav-permission-check
add some additonal permission checks to the webdav backend
2016-06-30 14:41:23 +02:00
Bjoern Schiessle 26e14529be fix error message 2016-06-30 13:50:31 +02:00
Lukas Reschke 149218ead9 Fix tests 2016-06-30 13:46:08 +02:00
Lukas Reschke c771368c4e Add proper throws PHP docs 2016-06-30 13:19:50 +02:00
Lukas Reschke 1e7f0f7341 Add required $message parameter 2016-06-30 13:17:53 +02:00
Bjoern Schiessle 1b74cf72fb check permissions before rollback 2016-06-30 11:27:25 +02:00
Bjoern Schiessle 3571207bd9 add some additonal permission checks to the webdav backend 2016-06-30 11:16:49 +02:00
Morris Jobke 409672d981 Fix update notification text
* thanks to ungesundes_halbwissen @ transifex
2016-06-29 16:05:51 +02:00
Bjoern Schiessle 5f6944954b get only vcard which match both the address book id and the vcard uri 2016-06-28 16:11:06 +02:00
Morris Jobke b6397ef73a Merge pull request #236 from nextcloud/master-sync-upstream
[Master] sync upstream
2016-06-28 09:02:03 +02:00
Marius Blüm 52f6d97e4e Merge pull request #235 from nextcloud/fix-app-code
Add app:check-code for already compatible apps
2016-06-27 23:02:32 +02:00
Lukas Reschke e0445856b9 Merge pull request #59 from nextcloud/theming-app
Theming app
2016-06-27 21:14:40 +02:00
Lukas Reschke cd74ad55e4 Only save when value changed or enter is pressed 2016-06-27 20:46:12 +02:00
Lukas Reschke a08c4a2b13 Add tooltip 2016-06-27 20:36:23 +02:00
Lukas Reschke 6670d37658 Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-06-27 18:23:00 +02:00
Morris Jobke cee2f5dc65 Merge pull request #233 from nextcloud/allow-users-to-change-global-credentials
Allow regular users to specify global credentials password
2016-06-27 17:03:19 +02:00
Morris Jobke 5961d5aae4 Add app:check-code for already compatible apps
* admin_audit, comments, federation
* removed not needed call to OC_Util::checkAdminUser() (is already
  done by the request handler before)
2016-06-27 16:50:10 +02:00
Lukas Reschke 341dabf300 Merge pull request #190 from nextcloud/add-wnd-1
Add "Login credentials" and "User Provided"
2016-06-27 16:15:31 +02:00
Vincent Petry f8fa031e9f Merge pull request #25273 from owncloud/ext-fixsessioncredentialsnolazyload
Quickfix: do not lazy load auth mechanisms for ext storages
2016-06-27 14:57:29 +02:00
Vincent Petry 1d4c61af47 Merge pull request #25237 from owncloud/search-filelistnextpageresults
Prerender file list pages to include search results
2016-06-27 13:46:25 +02:00
Lukas Reschke 1cd255af56
Allow regular users to specify global credentials password
While the UI is existent the feature simply doesn't work because admin privileges are required for the controller. This adds proper permission checks and also unit tests.

To test this:
1. Enable external storage
2. Login as non-admin user
3. Go to personal page and try to change global credentials
2016-06-27 12:29:27 +02:00
Vincent Petry 199c8e304c Merge pull request #25250 from owncloud/linkshare-includedeletewithuploadperms
Add explicit delete permission to link shares
2016-06-27 12:14:05 +02:00
Vincent Petry 0d3de20b02 Quickfix: do not lazy load auth mechanisms for ext storages
Some auth mechanisms like SessionCredentials need to register hooks
early, so they cannot be lazy loaded.
2016-06-27 10:50:10 +02:00
Lukas Reschke f7f86d61c4 Add comment to "getMailHeaderColor" 2016-06-27 10:48:28 +02:00
Lukas Reschke 51646bb3f6 Use stream instead of rename 2016-06-27 10:47:44 +02:00
Lukas Reschke 0a5c5d9b03 Replace OC_Defaults with \OC::$server->getThemingDefaults() 2016-06-27 10:34:08 +02:00
Jan-Christoph Borchardt 261396019d design and layout fixes for Theming app 2016-06-27 10:26:24 +02:00
Bjoern Schiessle 24144b16d0 make sure that the preview gets updated every time a new image gets uploaded 2016-06-27 10:26:24 +02:00
Bjoern Schiessle 79269427d7 scale preview image 2016-06-27 10:26:24 +02:00
Lukas Reschke 433e8ea123 Disable drop zone
Otherwise dropping something somewhere can by mistake upload the file and make it available
2016-06-27 10:26:23 +02:00
Lukas Reschke a0e92b5fb0 Fix indentation 2016-06-27 10:26:23 +02:00
Lukas Reschke 27b699bdbc Migrate logic to dynamic controller
Also adds support for having custom login backgrounds
2016-06-27 10:26:23 +02:00
Bjoern Schiessle cc321bc140 add some visual feedback if the operation was succesful or not 2016-06-27 10:26:22 +02:00
Bjoern Schiessle 10f6ca20bc write theme settings to database 2016-06-27 10:26:22 +02:00
Jan-Christoph Borchardt 363b76faee basic information architecture for the theming app 2016-06-27 10:26:22 +02:00
Bjoern Schiessle 20d250a674 initial commit for the theming app 2016-06-27 10:26:22 +02:00
Vincent Petry f65787ffdc Merge pull request #25247 from owncloud/fed-unshare-fail
Remove a fed share from the local table before trying to notify the remote server
2016-06-27 09:58:13 +02:00
Jenkins for ownCloud ee90bef50a [tx-robot] updated from transifex 2016-06-27 01:55:57 -04:00
Lukas Reschke 7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync 2016-06-26 12:55:05 +02:00
Jenkins for ownCloud 52eab2a61a [tx-robot] updated from transifex 2016-06-26 01:55:53 -04:00
Jenkins for ownCloud 3d65979f0a [tx-robot] updated from transifex 2016-06-25 01:56:48 -04:00
Christoph Wurst c295523ae2 Merge pull request #25259 from owncloud/search-fixsearchfromotherfilelists
Fix search result link for file results outside default list
2016-06-24 17:12:02 +02:00
Christoph Wurst e9a0a6d83a Merge pull request #25257 from owncloud/comments-showerroronsave
Show error message when posting an invalid comment
2016-06-24 17:11:20 +02:00
Vincent Petry b4cf297758 Prerender file list pages to include search results
When filtering the file list, if a result is on an unrendered page,
make sure to call _nextPage() to prerender the pages in order to
display all matching results.
2016-06-24 13:55:14 +02:00
Vincent Petry 39b533d0d8
Hide search results after switching directory
When clicking on a folder result in the search result list, the result
box for "results in another folder" must disappear.
2016-06-24 11:32:14 +02:00
Vincent Petry bf3ee69d86
Fix search result link for file results outside default list
When outside the "All files" list, the search result link must properly
redirect to the "All files" list.
2016-06-24 11:31:29 +02:00
Vincent Petry 04e3da0cf5 Merge pull request #25171 from owncloud/files_external-list-all
Add option to `occ files_external:list` to show all configured mounts
2016-06-24 10:18:14 +02:00
Vincent Petry 56ad4cdfec
Show error message when posting an invalid comment
When an internal server error occurs while creating or updating a
comment, display a proper error notification in the UI.
2016-06-24 10:17:12 +02:00