Commit Graph

37516 Commits

Author SHA1 Message Date
Joas Schilling 5a8129f8ef Merge pull request #3886 from nextcloud/downstream-26995
Chunking NG: Assemble in natural sort order of files
2017-03-17 10:05:25 +01:00
Joas Schilling d504408efd Merge pull request #3894 from nextcloud/downstream-27008
Integration test check download without saving file locally
2017-03-17 09:17:36 +01:00
Roeland Jago Douma 51846c95d9 Merge pull request #3856 from nextcloud/escape-likes-in-database-user-backend
Escape like parameters in database user backend
2017-03-17 08:53:10 +01:00
Roeland Jago Douma 9915aa6d9c Merge pull request #3870 from nextcloud/add-base-uri-to-csp-policy
Add base-uri to CSP policy
2017-03-17 08:39:02 +01:00
Roeland Jago Douma 7a3acff782 Merge pull request #3874 from nextcloud/harden-js-by-disabling-eval-execution
Harden JS by disabling jQuery eval
2017-03-17 08:31:12 +01:00
Roeland Jago Douma 88e68b5058 Merge pull request #3875 from nextcloud/use-new-short-urls
Use cleaner social media URLs
2017-03-17 08:30:07 +01:00
Markus Goetz 075a606514
Chunking NG: Assemble in natural sort order of files
For https://github.com/owncloud/client/pull/5476

Before this, the assembly could be bogusly in the order 0,1,10,11,2,3 etc.

As per the spec "The name of every chunk should be its chunk number."
https://github.com/cernbox/smashbox/blob/master/protocol/chunking.md

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:06:31 -06:00
Vincent Petry 3740f9bc26
Integration test check download without saving file locally
Use Guzzle stream mode to download the contents instead of using a
temporary local file.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:57:16 -06:00
Morris Jobke cc077e67d7 Merge pull request #2824 from nextcloud/ext-storage-expireversions
Properly expire ext storage versions (#26601)
2017-03-16 23:00:55 -06:00
Morris Jobke ead9a10cc5 Merge pull request #3619 from nextcloud/fix-scss-for-apps
Fix SCSS usage in apps
2017-03-16 22:51:31 -06:00
Nextcloud bot 5683365a2c
[tx-robot] updated from transifex 2017-03-17 01:07:41 +00:00
Lukas Reschke 86cba3ee45
Use cleaner social media URLs
We now have nice cleaner URLs since a longer time, let's use them.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:45:49 +01:00
Lukas Reschke 39afcbd49f Merge pull request #3679 from nextcloud/socialsharing
Add social sharing
2017-03-16 23:08:47 +01:00
Lukas Reschke 148e7abb51
Harden JS by disabling jQuery eval
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.

This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:03:02 +01:00
Lukas Reschke c4fe36cc02 Merge pull request #3862 from nextcloud/dont-set-the-status-twice
Don't set the HTTP status twice
2017-03-16 22:05:47 +01:00
Lukas Reschke d134dea508
Don't call function in constructor
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 21:59:47 +01:00
Lukas Reschke 9e957d0ac9
Adjust integration test
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 20:51:40 +01:00
Morris Jobke cd4ebe2777 Merge pull request #3008 from nextcloud/appmenu-experiment
Show apps in header
2017-03-16 13:03:41 -06:00
Lukas Reschke 5f8f29508f
Adjust tests to include base-uri
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 18:12:10 +01:00
Roeland Jago Douma 2a9d1a7147 Merge pull request #3863 from nextcloud/additional-hardening-of-t
Harden t() with DOMPurify
2017-03-16 15:54:04 +01:00
Lukas Reschke adfd1e63f6
Add base-uri to CSP policy
As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 15:16:20 +01:00
Lukas Reschke 6c8d48b0f6
Harden t() with DOMPurify
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 14:17:42 +01:00
Lukas Reschke 793d7d1bd7 Merge pull request #3860 from nextcloud/fix_master_after_3802
Fix unit tests of master
2017-03-16 14:08:32 +01:00
Joas Schilling 3a53784f80
Don't set the HTTP status twice
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 13:35:41 +01:00
Roeland Jago Douma bb2ec51bbb
Fix unit tests of master
Follow up to #3802

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-16 12:46:02 +01:00
Roeland Jago Douma 57c1be8633 Merge pull request #3802 from Ko-/master
Check that set_time_limit is not disabled before calling it
2017-03-16 12:27:26 +01:00
Joas Schilling 7ca2f5f137 Merge pull request #3857 from nextcloud/issue-3901-legacy-caldav-endpoint-email-invitations
Fix scheduling plugin on legacy caldav endpoint
2017-03-16 12:14:32 +01:00
Julius Haertl b8ef616455
Fix html formating issues
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 780400302c
Rebuild menu to keep order of icons correct
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 25e18b840b
Reduce device width and hide app name when menu is open
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 1d6fba03f4
Make enabling/disabling apps work with the new menu
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl efc681dcfe
Fix positioning of popovermenu
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl f58f8f6f47
Fix popover positioning after window resize
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 267b89f5c7
Cleanup SCSS for app menu and fix mobile view
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 7eae6690ad
Make app management icon act like a normal app icon
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl 61dc78e6dc
Fix menu issues
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl a630e4629f
Generate seperate menu list for header bar
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl e3e4cb3e67
Move active app to the first slot
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl 42feab59d5
Show app icons in the header
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Ko- 786ee72146 Add warning on admin screen when set_time_limit is unavailable 2017-03-16 11:48:28 +01:00
Joas Schilling 652ee8a605
Fix scheduling plugin on legacy caldav endpoint
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 09:55:15 +01:00
Roeland Jago Douma 4d207680f2 Merge pull request #3624 from marncz/master
Update.js: countdown feedback before redirect
2017-03-16 07:56:51 +01:00
Nextcloud bot 2fafdb39ac
[tx-robot] updated from transifex 2017-03-16 01:07:36 +00:00
Lukas Reschke 085891a15d
Escape like parameters in database user backend
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-15 22:46:40 +01:00
Roeland Jago Douma 93c9a06761 Merge pull request #3788 from nextcloud/fed-share-modify
Add api to change the remote of an incoming federated share
2017-03-15 17:32:35 +01:00
Joas Schilling f2d3704e97 Merge pull request #3843 from nextcloud/encryption-fix-mail-share
take share by mail into consideration if we calculate the access list
2017-03-15 15:23:17 +01:00
Roeland Jago Douma 5ed45fc8e6 Merge pull request #3848 from nextcloud/remove-single-quotes-around-search-query
Remove single quotes around search query like in user search
2017-03-15 15:05:15 +01:00
Joas Schilling 0fe45966a0
Remove single quotes around search query like in user search
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-15 12:53:44 +01:00
Björn Schießle 5a998da206 Merge pull request #3841 from nextcloud/encyryption-trash-bin
Delete files on encryption error
2017-03-15 09:07:07 +01:00
Marcin Czarnecki 1a3617cdd6 Spacing
Signed-off-by: marncz <M.Czarnecki1@uni.brighton.ac.uk>
2017-03-15 06:35:40 +00:00