mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
58,673 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

84 Commits

Author SHA1 Message Date
Markus Staab db34b59238 Prevent XSS in links which open a new browser window 2017-10-19 12:16:04 +02:00
Christoph Wurst 2e19c42bc5
Check whether an app archive can be extracted 
If extraction fails we should not continue the installation/update
process as the info.xml cannot be loaded and an unrelated error
occurs.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-09-20 14:07:17 +02:00
Joas Schilling 79d7c26b8a
Register autoloading before running migrations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-07-07 12:01:11 +02:00
Joas Schilling 7a3d83d630 Register autoloading before running migrations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-07-05 13:02:16 +02:00
Joas Schilling 183b1dbde3 Use migrations when there is no database.xml 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-07-05 13:01:19 +02:00
Morris Jobke be33234266 Remove OC_App:installApp 
* uses Installer->installApp now
* removes unused code
* fixes #4453
* added some additional checks

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-05-15 00:03:35 -05:00
Lukas Reschke 47cd976035
Add app bundles 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-26 20:07:49 +02:00
Morris Jobke c54a59d51e
Remove unused use statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 19:23:31 -05:00
Lukas Reschke 32bf8ec826
Don't use cached informations for app version 
When installing an app from the appstore the `\OC_App::getAppVersion` code is triggered twice:

- First when the downloader tries to compare the current version to the new version on the appstore to check if there is a newer version. This protects against downgrade attacks and is implemented in `\OC\Installer::downloadApp`.
- Second, when the app is actually installed the current version is written to the database. (`\OC\Installer::installApp`)

This fails however when the version is actually cached. Because in step 1 the cached version will be set to "0" and then be reused in the second step.

While this is probably not the cleanest version I assume this is an approach that is least invasive. Feedback and suggestions welcome :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-12-09 18:01:45 +01:00
Lukas Reschke 7cb0df28e2
Prevent downgrade attacks for apps 
We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature.

Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-11 18:53:26 +01:00
Joas Schilling 2f7e291101
Correctly catch the "soft errors" now 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-09 10:30:19 +01:00
Joas Schilling 224dfaf1e6
Use a better error message and point the users to the support channels 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-09 09:10:32 +01:00
Lukas Reschke 0eeef26a8e
Add tests for installer method 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 19:39:35 +01:00
Lukas Reschke 086d43f26d
Move to non-static version 
The static version is used nowhere in the code and just decreases coverage

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 18:42:19 +01:00
Lukas Reschke d805df7bb3
Use findAppInDirectories 
The other function doesn't work if the appstore is disabled

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:30:02 +01:00
Lukas Reschke 8acb54aa0b
Add update support 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:47 +01:00
Lukas Reschke 3e6dd86ee4
Add support for CRL 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:46 +01:00
Lukas Reschke 0e2aee2be6
Replace with exception instead of boolean return value 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:46 +01:00
Lukas Reschke ca7f6dec55
Make non-static 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:45 +01:00
Lukas Reschke 32cf661215
Use new appstore API 
This change introduces the new appstore API in Nextcloud.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:44 +01:00
Joas Schilling 356ac5d42f
Add app name to the call 
Regression from 69b063f4c6

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-10 16:34:14 +02:00
Arthur Schiwon ac04ba6784
register app autoload instead of loading apps 2016-08-12 13:23:14 +02:00
Arthur Schiwon ce6ad5de25
make sure shipped apps also setup their admin settings on a fresh install 2016-08-11 16:37:11 +02:00
Arthur Schiwon 0fc34c99f4
fix registration of admin settings and section on app install 2016-08-11 00:45:15 +02:00
Arthur Schiwon ceeb44bd04
Initial work on Apps page split: 
* interfaces for the Admin settings (IAdmin) and section (ISection)
* SettingsManager service
* example setup with LDAP app
 2016-08-09 18:05:09 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Morris Jobke e95c15e53a
fix more strings 2016-06-20 13:14:24 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Joas Schilling db16dc6644
Correctly register autoloading before install.php and loading commands 2016-05-11 11:18:00 +02:00
Thomas Müller 71fa0a75bf
Allow declaration of background jobs in info.xml 2016-05-03 08:58:12 +02:00
Roeland Jago Douma c96ed5c4ce
Move OC_Archive to \OC\Archive\Archive 
* Move out of legacy folder
* Move to proper namespace
* Fix calling code
 2016-05-02 19:34:32 +02:00
Thomas Müller 5e055ca6c1
Move uninstall repair step execution to the correct place 2016-05-02 09:22:26 +02:00
Thomas Müller f91e5f87d2
Fix installer file location 2016-05-02 09:06:19 +02:00