Commit Graph

25200 Commits

Author SHA1 Message Date
Lukas Reschke 4ddc2444bd Add information how to report security bugs 2015-05-29 19:28:45 +02:00
Vincent Petry 06f8c80af6 Validate target file name for some webdav ops 2015-05-29 19:14:38 +02:00
Olivier Paroz f05ac47eb6 Escape single quotes 2015-05-29 18:34:38 +02:00
Olivier Paroz 6aeaa6954b Fix for parenthesis 2015-05-29 17:49:26 +02:00
Björn Schießle 01a241f711 Merge pull request #16622 from owncloud/versions-cancelexpireforunexistingfiles
Abort expiration when file is gone
2015-05-29 15:19:04 +02:00
Olivier Paroz 4e364311f1 Get a 96x96 preview for file conflict resolution 2015-05-29 13:49:51 +02:00
Vincent Petry 9a6d253af3 Abort expiration when file is gone
Sometimes a background job for versions expiration was scheduled for a
file that has been moved or deleted since.

This prevents showing useless warnings in the log and simply bail out.
2015-05-29 13:15:12 +02:00
Thomas Müller c700f42b68 Merge pull request #16517 from owncloud/remove-logo-wide
replace logo-wide on share page as well with better icon + text
2015-05-29 12:15:02 +02:00
Morris Jobke 1152f8b444 Merge pull request #16615 from owncloud/syntaxfix
fix formatting error
2015-05-29 12:01:37 +02:00
Morris Jobke b21cc746c6 Merge pull request #16619 from mmattel/missing_translations_in_ldap
Missing translation in ldap part.wizard-server.php
2015-05-29 11:48:44 +02:00
Martin f084eb07f2 Missing translation in ldap part.wizard-server.php 2015-05-29 10:50:02 +02:00
Jenkins for ownCloud fff0fb66d6 [tx-robot] updated from transifex 2015-05-29 01:56:13 -04:00
Jan-Christoph Borchardt 9194603c31 change tests back to check for logo-wide, make them pass again 2015-05-28 23:39:55 +02:00
Carla Schroder 155150cad3 fix formatting error 2015-05-28 11:55:19 -07:00
Thomas Müller 67cef93fdd Merge pull request #16578 from owncloud/fix_16556
show txt preview when file contains text
2015-05-28 20:48:16 +02:00
Thomas Müller b95ebb76e5 Merge pull request #16607 from owncloud/ie9-textpreviewfallback
Fallback to picture preview for IE <= 9
2015-05-28 20:45:14 +02:00
Thomas Müller 863139c1e2 Merge pull request #16585 from mmattel/Missing_translation_in_External_storage_back_end
Make string 'SFTP with secret key login' translateable
2015-05-28 20:42:08 +02:00
Morris Jobke 7f83829db3 Merge pull request #16592 from owncloud/fix-16574
Add type hint for OC_Channel
2015-05-28 20:36:44 +02:00
Morris Jobke 7b50eb05f3 Merge pull request #16380 from rullzer/fix_16281
Properly format recipients
2015-05-28 20:34:04 +02:00
Vincent Petry cca7d8d561 Merge pull request #16610 from owncloud/s2s-shareinforeturn404whendisabled
Return 404 in shareinfo.php when outgoing s2s disabled
2015-05-28 20:03:18 +02:00
Morris Jobke 54613de31d Merge pull request #16613 from owncloud/quota-onlyforfiles
Only use quota stream wrapper on "files"
2015-05-28 19:44:14 +02:00
Vincent Petry e114d00242 Only use quota stream wrapper on "files"
Prevent using the quota stream wrapper on trashbin folders and other
metadata folders
2015-05-28 18:31:20 +02:00
Vincent Petry 29c68a4e61 Return 404 in shareinfo.php when outgoing s2s disabled 2015-05-28 17:59:43 +02:00
Lukas Reschke 173b147305 Merge pull request #16467 from owncloud/apps-fixsort
Sort apps by level, then by name
2015-05-28 16:10:27 +02:00
Vincent Petry 2daef7c7dc Fallback to picture preview for IE <= 9
IE 9 and below do not provide window.btoa and there is currently no way
to generate base64 strings without introducting further dependencies.

So for now the solution is to fall back to the ugly picture mode for
text files whenever IE <= 9 is used.
2015-05-28 15:36:28 +02:00
Vincent Petry ded62ff693 Merge pull request #16501 from owncloud/enc_fix_move_versions_between_storages
[encryption] fix move versions between storages
2015-05-28 15:28:25 +02:00
Vincent Petry 474c99e19a Merge pull request #16577 from owncloud/enc_improve_migration
only request encryption module for files which are not excluded
2015-05-28 11:31:33 +02:00
Björn Schießle e1483f65c3 Merge pull request #16591 from owncloud/enc_improved_error_message
improved error message for various states
2015-05-28 10:55:53 +02:00
Jenkins for ownCloud 1726d84e73 [tx-robot] updated from transifex 2015-05-28 01:55:22 -04:00
Bjoern Schiessle 68db3059ee detect migration status 2015-05-27 21:00:02 +02:00
Bjoern Schiessle 5549641f1f improve error messages displayed to the user 2015-05-27 21:00:02 +02:00
Lukas Reschke f43f4791ac Merge pull request #16595 from owncloud/scrutinizer-timeout
[scrutinizer] Increase timeout of external code coverage
2015-05-27 19:47:27 +02:00
Lukas Reschke ec7b86623a Merge pull request #16583 from owncloud/fix-code-indentation
Fix indentation
2015-05-27 18:45:32 +02:00
Morris Jobke ba58fe6bfc [scrutinizer] Increase timeout of external code coverage
Hopefully fixes problems with unfinished scrutinizer reports
2015-05-27 18:17:44 +02:00
Victor Dubiniuk 4239054383 Add type hint for OC_Channel 2015-05-27 18:03:11 +03:00
Morris Jobke 7385b5dad9 Merge pull request #16417 from owncloud/master-16415
fix theme in IE8 and IE9
2015-05-27 16:41:13 +02:00
Roeland Jago Douma bf491183c1 Properly format remote recipients
* A list of recipients can now be properly formatted with remote shares.
Before the shares where simply shown in full in the "Shared with others"
section.
* Unit tests updated and added
2015-05-27 16:22:34 +02:00
Bjoern Schiessle 0de59acb49 only request encryption module for files which are not excluded 2015-05-27 15:47:40 +02:00
Martin cdbf472c4d Make string 'SFTP with secret key login' translatable 2015-05-27 15:38:05 +02:00
Lukas Reschke ffd73ef2e4 Fix indentation 2015-05-27 14:57:19 +02:00
Georg Ehrke bb676f2799 show txt preview when file contains text 2015-05-27 14:11:33 +02:00
Morris Jobke 3de945d13d Merge pull request #16527 from owncloud/end-processing-when-404
End processing when file is not found
2015-05-27 09:36:05 +02:00
Jenkins for ownCloud fda0995e4c [tx-robot] updated from transifex 2015-05-27 01:55:34 -04:00
Björn Schießle 9366dde875 Merge pull request #15985 from owncloud/hotfix/fix-encryption-references
[enc2] fix references to legacy encryption app name
2015-05-26 17:28:27 +02:00
Thomas Müller 07c6e523b1 Merge pull request #16565 from owncloud/add-urandom-check
Add check for availability of /dev/urandom
2015-05-26 16:53:11 +02:00
Jan-Christoph Borchardt 8ec292c8b3 Merge pull request #16519 from owncloud/example-theme
add example theme
2015-05-26 15:33:40 +02:00
Thomas Müller 4c4cbd70f8 Merge pull request #16563 from owncloud/revert-16562-revert-15203-revert-15201-webdav-ng-bugfix
Revert "Revert "Revert "FIX for webdav.mediencenter.t-online.de"""
2015-05-26 14:40:16 +02:00
Thomas Müller 4513cf5967 Revert "Revert "Revert "FIX for webdav.mediencenter.t-online.de""" 2015-05-26 14:40:07 +02:00
Oliver Kohl D.Sc. bfdae9e2c7 Merge pull request #16562 from owncloud/revert-15203-revert-15201-webdav-ng-bugfix
FIX for webdav.mediencenter.t-online.de

https://webdav.mediencenter.t-online.de returns invalid response code.

e.g.
{"reqId":"f9a1c394b98108e4e5ca62bf47829c64","remoteAddr":"81.189.45.224","app":"PHP","message":"Undefined offset: 2 at \/var\/www\/owncloud\/3rdparty\/sabre\/dav\/lib\/Sabre\/DAV\/Client.php#569","level":3,"time":"2015-03-25T18:25:48+00:00","method":"GET","url":"\/index.php\/apps\/files\/ajax\/getstoragestats.php?dir=External%2FT-Cloud%2FTests"}

e.g.
{"reqId":"3407d66672b3cef206b0af883e49bff4","remoteAddr":"46.74.125.245","app":"PHP","message":"Undefined index: {DAV:}getlastmodified at \/var\/www\/owncloud\/lib\/private\/files\/storage\/dav.php#563","level":3,"time":"2015-03-25T16:33:21+00:00"}
2015-05-26 14:31:09 +02:00
Lukas Reschke bc6d17ed74 Add check for availability of /dev/urandom
Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system:

1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop
2. MTRand: chr((mt_rand() ^ mt_rand()) % 256)
3. Rand: chr((rand() ^ rand()) % 256)
4. UniqId: Plain uniqid()

An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour.

One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface.

Thanks to David Black from d1b.org for bringing this again to our attention.
2015-05-26 14:16:07 +02:00