mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
49,030 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

67 Commits

Author SHA1 Message Date
Morris Jobke 060b637b70
Show a setup warning in case S3 object storage is used as primary storage 
* checks for at least 50 GB of free space

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-03-08 13:38:39 +01:00
Morris Jobke 6c7ccbecbf
Add setup check for missing UTF8MB4 on mysql 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-02-28 16:46:23 +01:00
Morris Jobke faef05730a
Add unit tests and provide better message 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-02-20 10:54:39 +01:00
Daniel Kesselberg 248e824f48
Remove check for outdated caches 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-01-02 10:46:14 +01:00
Morris Jobke 17b2827bbf
Add setup check for pending bigint conversion 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-12-05 13:42:31 +01:00
Morris Jobke f5ad80fc57
Add setup check for recommended PHP modules (i.e. Imagick, intl) 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-12-05 00:03:05 +01:00
Morris Jobke f5894b653d
Add check for missing .woff2 rule in Nginx via setup check 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-11-29 17:01:43 +01:00
Morris Jobke df6e9109c8
Merge pull request #11396 from nextcloud/wellknown-webfinger 
adding .well-known/webfinger
 2018-10-24 14:51:15 +02:00
Daniel Peukert 7a5d6ac15c Fix failing tests and add some more 
Signed-off-by: Daniel Peukert <dan.peukert@gmail.com>
 2018-10-17 18:51:01 +02:00
Moritz Beck b68661ed6e
Allow "same-origin" as "Referrer-Policy" 
Fixes #11531

Although "same-origin" is more strict than e.g. strict-origin it showed up a warning in setupcheck
Based on https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Signed-off-by: Moritz Beck <git@birkenstab.de>
 2018-10-11 13:17:26 +02:00
Daniel Calviño Sánchez d143b43a04 Make possible to set the expected status of the well known URL check 
The check is based on the HTTP status returned by the URL, and different
URLs may return different status (for example, DAV returns 207, while
a service like WebFinger would return 200), so the expected status needs
to be set depending on the URL.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2018-10-10 13:48:56 +02:00
Morris Jobke b8d54bd53a
Fix a misleading setup check for .well-known/caldav & carddav 
The problem is that the version without the slash is the correct one.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-10-10 10:41:02 +02:00
Timo Förster 006e150c87 Change check if secure randomness is possible. 
Signed-off-by: Timo Förster <tfoerster@webfoersterei.de>
 2018-08-24 23:12:02 +02:00
Michael Weimann 2bab916c53
Adds license to files. Updates the branch. 
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
 2018-08-20 20:46:23 +02:00
Michael Weimann 7aed47f776
Adds tests for the memory checks 
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
 2018-08-20 15:24:10 +02:00
Michael Weimann 1d2bc9c45e
Adds tests for the setup memory limit checks 
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
 2018-08-20 15:24:10 +02:00
Michael Weimann ebcfe33d0d
Extends the setup check js tests 
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
 2018-08-09 19:48:39 +02:00
Morris Jobke 83b1de4493
Fix unit tests - follow up to #10197 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-07-11 22:02:45 +02:00
Cthulhux f6f49c77f7
opcache module check 
Improved the speed of isOpcacheProperlySetup() (instant return instead of continuing when we're already failed), added a check for the opcache extension itself. Potentially fixes #9410

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-07-11 16:08:40 +02:00
Morris Jobke 9c4aecb539
Merge all setup checks into one controller 
* renamed hasMissingIndexes to missingIndexes

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-06-13 15:25:08 +02:00
Morris Jobke cd87a40eb3
Merge pull request #9836 from nextcloud/feature/noid/merge-tips-and-tricks-into-setup-checks 
Merge tips & tricks section into setup checks
 2018-06-13 13:18:40 +02:00
Morris Jobke 4a0b7aaf6c
Merge tips & tricks section into setup checks 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-06-13 12:05:38 +02:00
Morris Jobke 624d191ef6
Fix wrong hint about missing indexes 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-06-13 11:56:43 +02:00
Roeland Jago Douma 4b70c9f89d
Add referrer policy setup check 
Fixes #9122

Based on https://www.w3.org/TR/referrer-policy/ and
https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Setting a sane Referrer-Policy will tell the browser if/when to send
referrer headers when accessing a link from Nextcloud. When configured
properly this results in less tracking and less leaking of (possibly)
sensitive urls

* Fix tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-04 09:21:35 +02:00
Allan Nordhøy e81f30b124
Spelling: FreeType 2018-01-14 16:01:23 +01:00
Roeland Jago Douma ee20741526 Add tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-12-13 17:22:58 +01:00
Morris Jobke 4af12dcab1
Fix unit tests 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-27 08:50:44 +01:00
Markus Staab db34b59238 Prevent XSS in links which open a new browser window 2017-10-19 12:16:04 +02:00
Morris Jobke 582fb5d129 Update the URLs in tests to use example.org 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-01 11:16:04 +02:00
rakekniven f2d999aa70 Update setupchecks.js 
Fixed typo and removed doclink symbol.
Reported at transifex

Update util.php

Another l10n improvement from transifex.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-05-31 13:41:45 +02:00
Morris Jobke 1fedf450ac Update Opcache recommendation 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-05-21 18:21:28 -05:00
Joas Schilling 1c0bffe87f
Fix translations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-18 16:40:53 -05:00
Lukas Reschke 6c8d48b0f6
Harden t() with DOMPurify 
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-16 14:17:42 +01:00
Roeland Jago Douma bb2ec51bbb
Fix unit tests of master 
Follow up to #3802

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-16 12:46:02 +01:00
Morris Jobke cee8853658
Show info in admin settings about PHP opcache if disabled 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-02-22 23:45:48 -06:00
Morris Jobke a2867c0664
Properly check the data dir 
* fixes #1364

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2016-12-05 23:35:35 +01:00
Joas Schilling 0f06034239
Replace more vendor naming 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-11 08:54:21 +01:00
Arthur Schiwon 9b01574465
adjust js tests 2016-08-25 13:47:14 +02:00
Derek b236100619 Alters 'No Internet Connection' error message. #181 2016-07-20 19:12:10 -05:00
Vincent Petry fb087a0261
Use temporary htaccesstest.txt for data dir security check 2016-06-07 18:36:13 +02:00
Morris Jobke e03d289b70
Use 6 months as SSL STS header threshold 
* this uses 6 months (6 * 30 * 24 * 60 * 60 = 15552000)
* old value was half a year (365 / 2 * 24 * 60 * 60 = 15768000)
* fixes #23957
 2016-04-13 08:47:34 +02:00
Lukas Reschke 6ad957906e Consistently use rel=noreferrer 
When linking to external entities we should consistently use rel=noreferrer
 2016-03-20 15:27:20 +01:00
Lukas Reschke 2ca3c0d461 Adjust wording a bit 
**Before:**
> Your PHP version (5.4.16) is no longer supported by PHP. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by PHP.

**After:**
> You are currently running PHP 5.4.0. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by the PHP Group as soon as your distribution supports it.

Fixes https://github.com/owncloud/enterprise/issues/1170
 2016-03-11 17:39:35 +01:00
Thomas Müller 8abdcb8085 Fix error ins source language strings 
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/core/50786279
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/settings-1/50555028
 2016-02-19 15:04:16 +01:00
Vincent Chan faf48e42b7 Move data protection check to javascript 
fixes #20199
 2016-02-01 18:57:58 +01:00
Thomas Müller b1ee51f255 Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening 
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
 2016-01-13 10:33:58 +01:00
Thomas Müller 2493cfede9 Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-check 
Add config switch to disable the .well-known URL check
 2016-01-12 14:46:09 +01:00
Lukas Reschke 4d0dcd3c53 Add X-Download-Options and X-Permitted-Cross-Domain-Policies 
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
 2016-01-12 10:37:16 +01:00
Morris Jobke 8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Morris Jobke a6c7cdd75e Show the well-known URL check as info instead of error 
* ref https://github.com/owncloud/core/pull/21562#issuecomment-170344549
 2016-01-12 09:18:20 +01:00