Commit Graph

23356 Commits

Author SHA1 Message Date
Lukas Reschke 73dc02d42c Merge pull request #14798 from owncloud/enable-oci-autotest-master
Setting oci as supported database
2015-03-11 16:14:54 +01:00
Morris Jobke caa672ceeb Merge pull request #14794 from owncloud/add-console-command-user-add
Add a console command user:add to create users over the console
2015-03-11 16:09:23 +01:00
Morris Jobke 04eef93b25 Merge pull request #13648 from oparoz/sfnt-fonts-preview
Add support for font previews
2015-03-11 15:56:32 +01:00
Thomas Müller 96b223676d Don't play with config values ... 2015-03-11 15:47:24 +01:00
Lukas Reschke cf25e6f569 Merge pull request #14773 from owncloud/allow-iframes-from-self-in-share-view
Allow iframes from same domain in share view
2015-03-11 15:13:59 +01:00
Morris Jobke dbade19362 Merge pull request #13839 from owncloud/issue/13678-improve-remote-domain-detection-in-sharedropdown
Better finding the remote URL from user input in share dropdown
2015-03-11 14:38:41 +01:00
Thomas Müller cba3ec2c7f Setting oci as supported database 2015-03-11 14:29:22 +01:00
Joas Schilling b1ff21ee28 Add a console command user:add to create users over the console 2015-03-11 14:22:23 +01:00
Morris Jobke ad97ceb787 Merge pull request #13513 from owncloud/repair-legacystoragenofatalfail
Do not abort when meeting unfixable legacy storages
2015-03-11 13:32:33 +01:00
Lukas Reschke 8154ed4d2c Merge pull request #14791 from owncloud/fix-14516
Adding a more meaningful message for sabre dav exception
2015-03-11 12:52:18 +01:00
Thomas Müller 0d0f9a52d2 Merge pull request #14788 from cmeh/patch-3
Correct "one invalid characters" to "one invalid character"
2015-03-11 12:26:49 +01:00
Thomas Müller b3bb65eae5 Merge pull request #14662 from owncloud/issue/14661-show-versions-in-occ-applist
Add an option to include the installed app version in "occ app:list"
2015-03-11 12:23:22 +01:00
Thomas Müller 0f3e36fdfd Adding a more meaningful message for sabre dav exception - fixes #14516 2015-03-11 11:53:31 +01:00
Bernhard Posselt abb726c994 Merge pull request #14789 from owncloud/better-app-install-error-messages
display app update error messages
2015-03-11 11:28:28 +01:00
Thomas Müller 3df1d9338e Merge pull request #14778 from owncloud/use-occ-setup-in-autotest-master
Use occ to install ownCloud in autotest.sh
2015-03-11 11:00:49 +01:00
Thomas Müller ffe06ac5c7 display app update error messages - fixes #14611 2015-03-11 09:59:56 +01:00
cmeh 4a0c649c8a Correct "one invalid characters" to "one invalid character"
Corrected "one invalid characters" to "one invalid character" in line 1575.
2015-03-11 09:59:42 +01:00
Joas Schilling 560137ca23 Always include the installed app version in "occ app:list" 2015-03-11 09:47:41 +01:00
Thomas Müller 6c1a1234f8 Properly handle available databases at runtime and respect setup checks in command line as well 2015-03-11 09:27:12 +01:00
Thomas Müller 81fa9550a0 No need to restart the web server in cli mode 2015-03-11 09:27:12 +01:00
Thomas Müller 7181840665 Use occ to install ownCloud in autotest.sh 2015-03-11 09:27:12 +01:00
Morris Jobke cfaee93552 Merge pull request #14783 from owncloud/dont-timeout-cron-master
cron.php on cli has no time limitation - fixes #14481
2015-03-11 09:23:22 +01:00
Jenkins for ownCloud 01ea056ac8 [tx-robot] updated from transifex 2015-03-11 01:55:38 -04:00
Thomas Müller b4cf6e62bf cron.php on cli has no time limitation - fixes #14481 2015-03-11 01:09:12 +01:00
Thomas Müller 1757d01604 Merge pull request #14640 from owncloud/rescanversionsonlyonce
Only rescan versions once in trashbin
2015-03-11 00:54:20 +01:00
Morris Jobke 9a9633f84f update 3rdparty master 2015-03-10 16:06:01 +01:00
Morris Jobke f5a56355fd Merge pull request #14115 from owncloud/update-symphony-components
update symphony components to 2.6.4
2015-03-10 16:05:12 +01:00
Robin Appelman bb97256a79 update symphony components to 2.6.4 2015-03-10 15:34:45 +01:00
Lukas Reschke 284bd6647c Merge pull request #14759 from owncloud/clean-up-code
Clean-up code and use proper exception types
2015-03-10 14:18:21 +01:00
Lukas Reschke 6dc59019af Merge pull request #14346 from owncloud/storage-based-path-validation
adding storage specific filename verification
2015-03-10 11:02:47 +01:00
Thomas Müller 214fa44400 Merge pull request #14534 from owncloud/add-child-src
Add support for 'child-src' directive
2015-03-10 10:30:44 +01:00
Lukas Reschke 48243a2949 Allow iframes from same domain in share view
This is required because the PDF Viewer itself is embedded using an iframe from the same domain. The default policy is blocking this.

Going on further, we have to come up with a solution in the future how to handle previews by applications, one example might be that they call their own endpoint and not the generic share page to allow applications to have full control over how to display previews.

Anyways, to test this behaviour use a decent newer browser (such as Chrome 41) and share a PDF file, obviously the PDF viewer needs to be enabled as well. Without this patch publicly shared PDF files should not get previewed and an error is thrown. (if it isn't then your browser is probably not obeying our Content-Security-Policy and you might consider switching to another one ;))
2015-03-10 10:06:15 +01:00
Jenkins for ownCloud e069d9d3f9 [tx-robot] updated from transifex 2015-03-10 01:55:39 -04:00
Thomas Müller c8ed88f4d6 Merge pull request #14689 from owncloud/better-missing-resource-handling
Log errors and create 404 in network list when a css or js is missing
2015-03-09 23:33:25 +01:00
Thomas Müller 2f61884956 Merge pull request #14753 from owncloud/verify-csrf-token-earlier
Verify CSRF token already in update.php and not the EventSource code
2015-03-09 23:06:15 +01:00
Morris Jobke 94b7fa17c5 Merge pull request #14720 from owncloud/fix-shareetagpropagation
Fix size propagation over shared storage boundary
2015-03-09 16:24:06 +01:00
Morris Jobke d34662122d Merge pull request #14429 from owncloud/issue/14176-validate-timezone-before-using
Etc timezones don't exist for .5 and .75 offsets
2015-03-09 16:16:16 +01:00
Vincent Petry ec19d9c267 Add unit test for size propagation across share boundaries 2015-03-09 12:56:22 +01:00
Joas Schilling 01cd83a902 Merge pull request #14713 from owncloud/issue/14671-preview-delete-check-for-valid-fileid
Check whether the file id is valid, before using it to delete the previews
2015-03-09 11:56:46 +01:00
Lukas Reschke 2ac6f3a4f5 Clean-up code and use proper exception types 2015-03-09 11:48:55 +01:00
Joas Schilling a12e16e985 Check whether the file id is valid, before using it to delete the previews 2015-03-09 11:25:18 +01:00
Thomas Müller 3623f14e73 no translation service in common storage class 2015-03-09 10:38:38 +01:00
Thomas Müller 2367797c17 Respect http header 'Accept-Language' on ocs and remote.php calls 2015-03-09 10:38:38 +01:00
Thomas Müller 33b11682f9 translate error messages 2015-03-09 10:38:38 +01:00
Lukas Reschke 2f18a09a20 Optimize loop 2015-03-09 10:38:38 +01:00
Thomas Müller abacfd84da fixing js unit tests 2015-03-09 10:38:38 +01:00
Thomas Müller e28d314b53 deprecate isValidFileName() 2015-03-09 10:38:38 +01:00
Thomas Müller 49e1a81eba fixing namespaces and PHPDoc 2015-03-09 10:38:37 +01:00
Thomas Müller 4bac595068 adding storage specific filename verification - refs #13640 2015-03-09 10:38:37 +01:00
Lukas Reschke c0a02f1615 Verify CSRF token already in update.php and not the EventSource code
Issue report:
> Hum, well I upgraded the package then visited the web interface to
trigger the update and it failed; the UI would say there was a
possible CSRF attack and after that it'd be stuck in maintenance mode.
Tried a few times (by editing maintenance to false in owncloud.conf)
and same result each time.

That smells partially like an issue caused by our EventSource implementation, due to legacy concerns the CSRF verification happens within the EventSource handling and not when the actual endpoint is called, what happens here then is:

1. User has somehow an invalid CSRF token in session (or none at all)
2. User clicks the update button
3. Invalid CSRF token is sent to update.php - no CSRF check there => Instance gets set in maintenance mode
4. Invalid CSRF token is processed by the EventSource code => Code Execution is stopped and ownCloud is stuck in maintenance mode

I have a work-around for this problem, basically it verifies the CSRF token already in step 3 and cancels execution then. The same error will be shown to the user however he can work around it by refreshing the page – as stated by the error. I think that’s an acceptable behaviour for now: INSERT LINK

To verify this test:

1. Delete your ownCloud cookies
2. Increment the version in version.php
3. Try to upgrade
=> Before the patch: Instance shows an error, is set to upgrade mode and a refresh does not help
=> After the patch: Instance shows an error, a refresh helps though.

This is not really the best fix as a better solution would be to catch such situations when bootstrapping ownCloud, however, I don’t dare to touch base.php for this sake only, you never know what breaks then…

That said: There might be other bugs as well, especially the stacktrace is somewhat confusing but then again it installing ownCloud under /usr/share/owncloud/ and I bet that is part of the whole issue ;-)
2015-03-09 10:07:30 +01:00