Commit Graph

37632 Commits

Author SHA1 Message Date
Joas Schilling ebabf81473
Clean up the test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 10:35:22 +01:00
Joas Schilling bd97b7d130
Use DI
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 10:23:04 +01:00
Roeland Jago Douma 3f331e02f9 Merge pull request #3893 from nextcloud/downstream-27069
Add integration test for trashbin
2017-03-17 10:10:00 +01:00
Joas Schilling e548d27d3a Merge pull request #3885 from nextcloud/downstream-26529
Skip FailedStorage in background scan
2017-03-17 10:06:58 +01:00
Joas Schilling 5a8129f8ef Merge pull request #3886 from nextcloud/downstream-26995
Chunking NG: Assemble in natural sort order of files
2017-03-17 10:05:25 +01:00
Joas Schilling 199405ddc0
Safer queries
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 09:59:56 +01:00
Joas Schilling 0a1135a7cc
Better output
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 09:59:25 +01:00
Joas Schilling d504408efd Merge pull request #3894 from nextcloud/downstream-27008
Integration test check download without saving file locally
2017-03-17 09:17:36 +01:00
Joas Schilling e8750f618b
Correctly escape the footer description from theming
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 09:11:41 +01:00
Roeland Jago Douma 51846c95d9 Merge pull request #3856 from nextcloud/escape-likes-in-database-user-backend
Escape like parameters in database user backend
2017-03-17 08:53:10 +01:00
Roeland Jago Douma 9915aa6d9c Merge pull request #3870 from nextcloud/add-base-uri-to-csp-policy
Add base-uri to CSP policy
2017-03-17 08:39:02 +01:00
Roeland Jago Douma 7a3acff782 Merge pull request #3874 from nextcloud/harden-js-by-disabling-eval-execution
Harden JS by disabling jQuery eval
2017-03-17 08:31:12 +01:00
Roeland Jago Douma 88e68b5058 Merge pull request #3875 from nextcloud/use-new-short-urls
Use cleaner social media URLs
2017-03-17 08:30:07 +01:00
Jörn Friedrich Dreyer 5155a5288c
Add CleanupRemoteStorages command
cleanup files, address review

Fix CleanupRemoteStoragesTest tests

Fix test expectation.
Added files count to check filecache deletion.

Sort by numeric id for deterministic test results

Removed precise order test and added storage check

Remove inaccurate removal message check which has a different order on
Oracle.

Added more checks to confirm that existing storages still exist.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:09:52 -06:00
Philipp Schaffrath 2ccf544ad7
Fixed failing test which was ignoring a required (not null) column (#26303)
* Fixed failing test which was ignoring a required (not null) column

* restored test to original, catching DriverException which also catches ConstraintViolationException

* catch ConstraintViolationException again

* removed unnecessary field from this test

* clobfield should be nullable

* clobfield now is nullable

* removed autoincrement since whenever this strategy is enabled, oracle would not throw constraint violation exceptions (needed for setValues), which mysql still does

* this field does not auto increment anymore

* mark integerfield as primary, since it is not getting marked as such through auto increment anymore,
integerfield default always has been 0 instead of null

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:09:07 -06:00
Vincent Petry 6488ed3cff
Backbone Webdav Adapter MKCOL support
Usually Backbone collections cannot be created and just simply exists.
But in the Webdav world they need to be creatable.

This enhancement makes it possible to use a Backbone Model to represent
such collections and when creating it, it will use MKCOL instead of PUT.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:08:48 -06:00
Vincent Petry aebb8c3639
Ignore exception when deleting keys of deleted user
Whenever a user was deleted for encryption where the keys are stored in
the home, we can ignore user existence exceptions because it means the
keys are already gone.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:07:23 -06:00
Vincent Petry 377fdf3860
Skip null groups in group manager (#26871) (#26956)
* Skip null groups in group manager (#26871)

* Skip null groups in group manager

* Also skip null groups in group manager's search function

* Add more group null checks in sharing code

* Add unit tests for null group safety in group manager

* Add unit tests for sharing code null group checks

* Added tests for null groups handling in sharing code

* Ignore moveShare optional repair in mount provider

In some cases, data is inconsistent in the oc_share table due to legacy
data. The mount provider might attempt to make it consistent but if the
target group does not exist any more it cannot work. In such case we
simply ignore the exception as it is not critical. Keeping the
exception would break user accounts as they would be unable to use
their filesystem.

* Adjust null group handing + tests

* Fix new group manager tests

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:07:03 -06:00
Vincent Petry cbebfaaf2b
Skip FailedStorage in background scan
The background job that scans storages must skip failed storages to
avoid potential exceptions, especially when the failed storage comes
from a shared storage where the source is not accessible.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:06:48 -06:00
Markus Goetz 075a606514
Chunking NG: Assemble in natural sort order of files
For https://github.com/owncloud/client/pull/5476

Before this, the assembly could be bogusly in the order 0,1,10,11,2,3 etc.

As per the spec "The name of every chunk should be its chunk number."
https://github.com/cernbox/smashbox/blob/master/protocol/chunking.md

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:06:31 -06:00
Vincent Petry 3740f9bc26
Integration test check download without saving file locally
Use Guzzle stream mode to download the contents instead of using a
temporary local file.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:57:16 -06:00
Morris Jobke 5d29e84118
Add drone.yml config
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:54:13 -06:00
Vincent Petry 659006c234
Add integration test for trashbin
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:53:58 -06:00
Vincent Petry 7256940524
Redirect unlink to rmdir (#27101)
Many API callers will call unlink even for directories and it can mess
up with some wrappers like the encryption wrapper

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:45:03 -06:00
Morris Jobke cc077e67d7 Merge pull request #2824 from nextcloud/ext-storage-expireversions
Properly expire ext storage versions (#26601)
2017-03-16 23:00:55 -06:00
Morris Jobke ead9a10cc5 Merge pull request #3619 from nextcloud/fix-scss-for-apps
Fix SCSS usage in apps
2017-03-16 22:51:31 -06:00
Nextcloud bot 5683365a2c
[tx-robot] updated from transifex 2017-03-17 01:07:41 +00:00
Lukas Reschke 86cba3ee45
Use cleaner social media URLs
We now have nice cleaner URLs since a longer time, let's use them.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:45:49 +01:00
Lukas Reschke 39afcbd49f Merge pull request #3679 from nextcloud/socialsharing
Add social sharing
2017-03-16 23:08:47 +01:00
Lukas Reschke 148e7abb51
Harden JS by disabling jQuery eval
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.

This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:03:02 +01:00
Lukas Reschke c4fe36cc02 Merge pull request #3862 from nextcloud/dont-set-the-status-twice
Don't set the HTTP status twice
2017-03-16 22:05:47 +01:00
Lukas Reschke d134dea508
Don't call function in constructor
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 21:59:47 +01:00
Lukas Reschke 9e957d0ac9
Adjust integration test
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 20:51:40 +01:00
Morris Jobke cd4ebe2777 Merge pull request #3008 from nextcloud/appmenu-experiment
Show apps in header
2017-03-16 13:03:41 -06:00
Lukas Reschke 5f8f29508f
Adjust tests to include base-uri
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 18:12:10 +01:00
Roeland Jago Douma 2a9d1a7147 Merge pull request #3863 from nextcloud/additional-hardening-of-t
Harden t() with DOMPurify
2017-03-16 15:54:04 +01:00
Lukas Reschke adfd1e63f6
Add base-uri to CSP policy
As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 15:16:20 +01:00
Lukas Reschke 6c8d48b0f6
Harden t() with DOMPurify
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 14:17:42 +01:00
Lukas Reschke 793d7d1bd7 Merge pull request #3860 from nextcloud/fix_master_after_3802
Fix unit tests of master
2017-03-16 14:08:32 +01:00
Joas Schilling 3a53784f80
Don't set the HTTP status twice
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 13:35:41 +01:00
Roeland Jago Douma bb2ec51bbb
Fix unit tests of master
Follow up to #3802

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-16 12:46:02 +01:00
Roeland Jago Douma 57c1be8633 Merge pull request #3802 from Ko-/master
Check that set_time_limit is not disabled before calling it
2017-03-16 12:27:26 +01:00
Joas Schilling 7ca2f5f137 Merge pull request #3857 from nextcloud/issue-3901-legacy-caldav-endpoint-email-invitations
Fix scheduling plugin on legacy caldav endpoint
2017-03-16 12:14:32 +01:00
Julius Haertl b8ef616455
Fix html formating issues
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 780400302c
Rebuild menu to keep order of icons correct
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 25e18b840b
Reduce device width and hide app name when menu is open
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 1d6fba03f4
Make enabling/disabling apps work with the new menu
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl efc681dcfe
Fix positioning of popovermenu
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl f58f8f6f47
Fix popover positioning after window resize
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 267b89f5c7
Cleanup SCSS for app menu and fix mobile view
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00