This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈
Fixes https://github.com/owncloud/core/issues/14196 for core
Some code paths called the `normalizePath` functionality with types other than a string which resulted in unexpected behaviour.
Thus the function is now manually casting the type to a string and I corrected the usage in list.php as well.
`\OCA\Files\Helper::buildFileStorageStatistics` might throw an exception from `OC_Helper::getStorageInfo`, previously this lead to a uncatched exception being thrown when invoking this methods.
This was user triggable by for example calling `/index.php/apps/files/ajax/delete.php` with a not existing dir (for example `dir=asdf/../&allfiles=true`)
Furthermore a not logged-in user was able to access this page before which resulted in a Fatal PHP error since the filesystem could not get setup properly.
Otherwise when the file without any specified mimetype was accessed the error log was flooded with entries such as "Undefined index: mime", there can be multiple issues found about this in the forum and our bugtracker.
To test this access `/index.php/apps/files/ajax/mimeicon.php` with and without `$_GET['mime']`.
Fixes itself.
Moved populateTags to be done on the main file list.
This prevents the public file list to go through the same code and cause
an error when there is no user.
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)
Get final redirect manually using get_headers()
Migrate to HTTPHelper class and add unit tests
When moving files on storages that don't expose permissions, the storage
itself might throw an exception when the permission is denied.
This fix ensures that exceptions are caught and forwarded to the client
instead of just hanging.
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
Files app:
- removed file list template, now rendering list from JSON response
- FileList.addFile/addDir is now FileList.add() and takes a JS map with all required
arguments instead of having a long number of function arguments
- added unit tests for many FileList operations
- fixed newfile.php, newfolder.php and rename.php to return the file's
full JSON on success
- removed obsolete/unused undo code
- removed download_url / loading options, now using
Files.getDownloadUrl() for that
- server side now uses Helper::getFileInfo() to prepare file JSON response
- previews are now client-side only
Breadcrumbs are now JS only:
- Added BreadCrumb class to handle breadcrumb rendering and events
- Added unit test for BreadCrumb class
- Moved all relevant JS functions to the BreadCrumb class
Public page now uses ajax to load the file list:
- Added Helper class in sharing app to make it easier to authenticate
and retrieve the file's real path
- Added ajax/list.php to retrieve the file list
- Fixed FileActions and FileList to work with the ajax list
Core:
- Fixed file picker dialog to use the same list format as files app
- added PHP utility function to check for file name validity
- fixes issue where a user can create a file called ".." from the files UI
- added extra checks to make sure newfile.php and newfolder.php also
check for invalid characters
- When all files are selected, do not send the whole file list
- Download will trigger download for the parent folder, also works
with root
- Delete will send "allfiles" to the server that will find the file
list or the passed directory by itself
Whent trying to upload/rename/create files in a folder that was removed
or rename, the correct error message is now shown.
In the case of upload of multiple files, the upload is cancelled.
This situation can happen if the target folder was renamed or removed
from another browser window or client.
- L10N now converted to string to make them work with json_encode
- Added specific error message when server doesn't allow fopen on URLs
- Fixed client side to correctly show error message in a notification
- Added OCP\JSON::encode() method to encode JSON with support for the
OC_L10N_String values
Before rendering breadcrumbs or the file list, the paths are now
normalized. This prevents the UI to show "." breadcrumbs in case the
path contains sections with "/./"
Fixes#5848
Previously, the storage statistics were always for the root dir.
This means that the upload button would always show the limit for the
root dir, even when uploading to a shared dir or external storage.
This fix adds a "dir" argument to getstoragestats.php.
- show tooltip when violating naming constraints while typing
- when target filename exists on server fallback to dialog to interrupt the users flow because something unexpected went wrong
- fixes#5062
- also fixes some whitespace and codestyle issues in files js
- uses css selector over filterAttr in touched js files
Jenkins for ownCloud
Morris Jobke
Thomas Müller
Joas Schilling
Lukas Reschke
Robin Appelman
Vincent Petry
Jörn Friedrich Dreyer
Victor Dubiniuk
Bjoern Schiessle
Lukas Reschke
Luke Policinski
Andreas Fischer
kondou