Commit Graph

52 Commits

Author SHA1 Message Date
Lukas Reschke e25a0303f4 Streamline CSRF and login check
Let's make this consistent with other pieces of the code to make it easier to auditable.
2015-01-20 12:24:13 +01:00
Lukas Reschke 3ff3f641d6 Get rid of `stripslashes()`
This conversions are actually totally unneeded and probably left-overs from ages where the safe_mode was still a valid thing.
2015-01-13 17:43:36 +01:00
Victor Dubiniuk adc7135429 Skip headers that can not be split 2014-12-08 23:43:43 +03:00
Lukas Reschke 3efac5a4f2 Prevent division by zero
Potentially fixes https://github.com/owncloud/core/issues/11742
2014-10-24 00:10:22 +02:00
Lukas Reschke 6eeb905871 Do only follow HTTP and HTTPS redirects
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

Get final redirect manually using get_headers()

Migrate to HTTPHelper class and add unit tests
2014-09-22 20:02:32 +02:00
Robin Appelman fa3393674c Better phpdoc and method naming 2014-09-04 13:26:51 +02:00
Robin Appelman 65608d7c92 Use the public api to get event sources 2014-09-03 13:36:15 +02:00
Robin Appelman d0266c0bf8 Use public api for getting l10n 2014-08-31 10:08:22 +02:00
Jörn Friedrich Dreyer f551917a3c kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Jörn Friedrich Dreyer c24957565c check quota when trying to download a file via new -> web 2014-08-08 14:35:33 +02:00
Vincent Petry 0be9de5df5 Files, trashbin, public apps use ajax/JSON for the file list
Files app:

- removed file list template, now rendering list from JSON response
- FileList.addFile/addDir is now FileList.add() and takes a JS map with all required
  arguments instead of having a long number of function arguments
- added unit tests for many FileList operations
- fixed newfile.php, newfolder.php and rename.php to return the file's
  full JSON on success
- removed obsolete/unused undo code
- removed download_url / loading options, now using
  Files.getDownloadUrl() for that
- server side now uses Helper::getFileInfo() to prepare file JSON response
- previews are now client-side only

Breadcrumbs are now JS only:

- Added BreadCrumb class to handle breadcrumb rendering and events
- Added unit test for BreadCrumb class
- Moved all relevant JS functions to the BreadCrumb class

Public page now uses ajax to load the file list:

- Added Helper class in sharing app to make it easier to authenticate
  and retrieve the file's real path
- Added ajax/list.php to retrieve the file list
- Fixed FileActions and FileList to work with the ajax list

Core:

- Fixed file picker dialog to use the same list format as files app
2014-04-02 15:33:47 +02:00
Thomas Müller 58c216d0e8 close the session on all file operations 2014-03-10 14:39:27 +01:00
Vincent Petry 797e0a614c Added extra checks for invalid file chars in newfile.php and newfolder.php
- added PHP utility function to check for file name validity
- fixes issue where a user can create a file called ".." from the files UI
- added extra checks to make sure newfile.php and newfolder.php also
  check for invalid characters
2014-02-18 17:54:32 +01:00
Vincent Petry 58c7042e70 Added error message for when target folder was removed
Whent trying to upload/rename/create files in a folder that was removed
or rename, the correct error message is now shown.

In the case of upload of multiple files, the upload is cancelled.

This situation can happen if the target folder was renamed or removed
from another browser window or client.
2014-01-29 12:46:11 +01:00
Vincent Petry 335b2f40a6 Fixed download file from URL error messages
- L10N now converted to string to make them work with json_encode
- Added specific error message when server doesn't allow fopen on URLs
- Fixed client side to correctly show error message in a notification
- Added OCP\JSON::encode() method to encode JSON with support for the
  OC_L10N_String values
2013-12-12 10:38:12 +01:00
Vincent Petry 35dd568f8f Added missing comma to make the next diff cleaner 2013-10-31 15:12:26 +01:00
Vincent Petry e62ca4ea4f Append file etag to preview URLs
Fixes #5534
2013-10-28 14:14:55 +01:00
Andreas Fischer eb2d66d1a0 Fix double not in newfile/newfolder language. 2013-10-27 11:53:14 +01:00
Jörn Friedrich Dreyer 4991a7bd06 fix translations 2013-10-23 17:02:41 +02:00
Jörn Friedrich Dreyer a9735c8a6f cleanup array value assignment 2013-10-23 11:01:05 +02:00
Jörn Friedrich Dreyer af7ec3169b cleanup precondition checking when creating new files / folders
- use i18n
- use trim when checking for empty file / folder name
- use more verbose error descriptions
2013-10-23 10:59:01 +02:00
Jörn Friedrich Dreyer bc0faa1c4e use correct filename in error result json 2013-10-23 10:59:01 +02:00
Thomas Müller bf46e0c317 fixing undefined variable $newname 2013-10-22 22:38:48 +02:00
Jörn Friedrich Dreyer 45e6d96702 prevent user from creating or renaming sth. to an existing filename
- show tooltip when violating naming constraints while typing
- when target filename exists on server fallback to dialog to interrupt the users flow because something unexpected went wrong
- fixes #5062
- also fixes some whitespace and codestyle issues in files js
- uses css selector over filterAttr in touched js files
2013-10-22 18:11:03 +02:00
Georg Ehrke 40cee5639e use gerMimeTypeDetector detectPath instead of getMimeType 2013-08-30 18:07:49 +02:00
Thomas Müller 57f7ff2dbd communicate size of newly created file back and update UI 2013-08-16 00:31:27 +02:00
Thomas Müller 7279a07ca2 Merge branch 'master' into mimetype-defaults
Conflicts:
	apps/files/ajax/newfile.php
2013-08-16 00:13:10 +02:00
Andreas Fischer beb27168de Use multiple lines for the JSON data array. 2013-08-08 22:14:21 +02:00
Andreas Fischer 0ab8850478 Adjust JSON code to stable5. 2013-08-08 22:14:21 +02:00
Andreas Fischer 1ed049a682 Do not repeat JSON success code. 2013-08-08 22:14:21 +02:00
Andreas Fischer 0718c92dc8 Do not repeat definition of $target. 2013-08-08 22:13:53 +02:00
Robin Appelman 9321eceed6 add the option to have templates for newly created files 2013-08-07 16:53:09 +02:00
Robin Appelman 3de40f7cfb Files: set the proper mimetype when creating a new text file 2013-05-06 17:55:22 +02:00
Robin Appelman 6db81afab9 move some stuff to the new api 2012-10-26 23:05:02 +02:00
Robin Appelman 7bc49d2a57 merge master into filesystem 2012-10-25 18:26:08 +02:00
Bart Visscher 43ac43d7af dir in newfile has to start with / 2012-10-25 08:37:13 +02:00
Robin Appelman 5a3d6805a2 cleanup OC_Files a bit 2012-10-24 15:52:30 +02:00
Robin Appelman aaa1b73364 don't use depricated OC_Filesystem 2012-10-10 13:18:36 +02:00
Björn Schießle f4136854b6 stripsplashes doesn't work if the slash is the only character -> creating file in root dir leads to "//filename" 2012-10-05 11:15:32 +02:00
Robin Appelman cfbca40fbe fix sharing for newly uploaded or created files 2012-09-26 13:25:11 +02:00
Robin Appelman 7da3492ab5 show the size of new files when using New->From Url 2012-09-16 17:05:08 +02:00
Bart Visscher 0e58800016 Whitespace fixes in apps 2012-08-29 20:29:43 +02:00
Thomas Mueller b64229a89e apply coding style 2012-08-29 01:39:42 +02:00
Thomas Mueller fe49cbafc7 apply coding style 2012-08-29 00:50:12 +02:00
Robin Appelman b1010160b3 CSRF protection for eventsource 2012-07-22 16:37:49 +02:00
Robin Appelman a49c07cf88 progressbar for New->From Url 2012-07-22 03:56:51 +02:00
Lukas Reschke 0abcf0a421 CSRF checks 2012-07-07 15:58:11 +02:00
Robin Appelman e6c4e53486 prevent creating files with a / the name 2012-06-06 00:02:51 +02:00
Thomas Mueller 583dce5276 removing executable bit - again 2012-05-15 00:52:00 +02:00
Robin Appelman d875191777 only emit the filesystem hooks once when creating a new file 2012-05-05 16:49:48 +02:00