The current behaviour of the authenticion logic in base.php prevents REST APIs in ownCloud applications to work.
Because `!self::$CLI` is usually always a true statement the previously above block was entered which returned, thus the authentication logic for this part does not trigger in.
This can be reproduced by installing apps such as the News app and issuing the following command:
`curl -u admin:admin http://localhost/index.php/apps/news/api/v1-2/feeds`
The following parts needs to get throughly tested:
- [ ] OCS
- [ ] remote.php's DAV features
- [ ] Regular login features
This bug affects master and stable7. I'd propose that we merge this for 8.0 since this has the potential to break every component that relies on Basic Auth features. A backport would also be very nice.
Remark to myself: We really need to move out the authentication code for 8.1 out of base.php - I already have a local branch that does that somewhere which I will get in shape for 8.1... - This untested code is a night-mare.
Fixes itself.
Otherwise a fatal PHP error is thrown since the filesystem is not setup:
```
( ! ) Fatal error: Call to a member function getOwner() on null in /Users/lreschke/Programming/core/lib/private/files/filesystem.php on line 817
Call Stack
1 0.0004 247792 {main}( ) ../index.php:0
2 0.0946 5088776 OC::handleRequest( ) ../index.php:28
3 0.1423 7491280 OC\Route\Router->match( ) ../base.php:748
4 0.1664 8592152 call_user_func:{/Users/lreschke/Programming/core/lib/private/route/router.php:250} ( ) ../router.php:250
5 0.1664 8592216 __lambda_func( ) ../router.php:250
6 0.1665 8599064 require_once( '/Users/lreschke/Programming/core/apps/files_versions/ajax/getVersions.php' ) ../route.php(135) : runtime-created function:1
7 0.1801 9061096 OCA\Files_Versions\Storage::getUidAndFilename( ) ../getVersions.php:7
8 0.1801 9061144 OC\Files\Filesystem::getOwner( ) ../storage.php:45
```
Furthermore this adds the CSRF check as a nice-to-have addition, the requests accessing this are done via the jQuery AJAX methods and thus the header is automatically added to all requests already.
Otherwise when the file without any specified mimetype was accessed the error log was flooded with entries such as "Undefined index: mime", there can be multiple issues found about this in the forum and our bugtracker.
To test this access `/index.php/apps/files/ajax/mimeicon.php` with and without `$_GET['mime']`.
Fixes itself.
`$this->info` can very well contain an empty array or possibly other values. This means that when this code path is called a PHP Fatal error might get thrown which is not what we want.
* options for timeout in seconds and if it contains HTML
* if timeout is 0 it will show the message permanently
* removes the notification after a given (default: 5 seconds) timeframe
* based on work by @brantje
* provide JS unit tests for notifications
Currently if a user does not replace the .htaccess file with the new update this can lead to serious problems in case Apache is used as webserver.
This commit adds the version to the .htaccess file and the update routine fails in case not the newest version is specified in there. This obviously means that every release has to update the version specified in .htaccess as well. But I see no better solution for it.
Conflicts:
lib/private/updater.php
Whenever an external storage mount point is shared directly, its path is
empty which causes a leading slash to appear in the source path.
This fix removes the bogus leading slash in such situation.
Lukas Reschke
Vincent Petry
Morris Jobke
Thomas Müller
Andreas Fischer
Robin Appelman
Jan-Christoph Borchardt
Bjoern Schiessle
Robin Appelman
Robin McCorkell
Jenkins for ownCloud
Arthur Schiwon
Christopher Bunn
Martin