Commit Graph

1423 Commits

Author SHA1 Message Date
Lukas Reschke 41e5850450 Prevent directory traversals in ctr of \OC\Files\View
This prevents a misusage of \OC\Files\View by calling it with user-supplied input. In such cases an exception is now thrown.
2015-02-18 18:17:33 +01:00
Clark Tomlinson 8d09cc3b91 Merge pull request #13989 from owncloud/enhancment/security/11857
Allow AppFramework applications to specify a custom CSP header
2015-02-18 10:27:29 -05:00
Morris Jobke 5d7d2adcbf Merge pull request #14207 from owncloud/propfind-optimize
Optimize quota calculation for propfind
2015-02-18 00:18:47 +01:00
Lukas Reschke 886bda5f81 Refactor OC_Request into TrustedDomainHelper and IRequest
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.

This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.

Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.

Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
2015-02-16 22:13:00 +01:00
Thomas Müller 9271059195 Merge pull request #13750 from owncloud/enhanced-code-checker
Implement php code checker to detect usage of not allowed private ...
2015-02-16 16:55:57 +01:00
Joas Schilling 8eb804b1f6 Merge pull request #13269 from owncloud/issue/13211-cache-array-implementation
Add an array implementation of cache and use it if we are not debugging
2015-02-16 15:35:20 +01:00
Joas Schilling 8848b5f067 Add an array implementation of cache and use it if we are not debugging 2015-02-16 14:55:50 +01:00
Lukas Reschke a9d1a01440 Rename to allowEval 2015-02-16 12:30:21 +01:00
Lukas Reschke b20174bdad Allow AppFramework applications to specify a custom CSP header
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.

Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```

Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
2015-02-16 11:00:41 +01:00
Robin Appelman 7bfe476030 add unit test for webdav quota 2015-02-13 18:00:01 +01:00
Robin Appelman 6ecfcde954 update test 2015-02-13 15:01:05 +01:00
Robin Appelman 134243d3e5 Dont lower the mtime of a folder when propagating changes 2015-02-13 14:30:05 +01:00
Lukas Reschke bd5440a8a3 Merge pull request #13780 from owncloud/cmreflector-inheritance
Additional controllermethodreflector inheritance tests
2015-02-12 18:34:07 +01:00
Vincent Petry fbbb9fe0fd Merge pull request #13979 from owncloud/group-share-collition-wrong-type-in-post-hook
Do not overwrite the shareType so the post hook is still correct
2015-02-11 15:23:13 +01:00
Thomas Müller d74662df7d implement php code checker to detect usage of not allowed private APIs - including console command to check local code to be used by developers 2015-02-10 11:51:24 +01:00
Thomas Müller c60dabd11b Request requires a second parameter 2015-02-09 23:06:55 +01:00
Vincent Petry 5296767393 Merge pull request #13921 from owncloud/ocs-af
Add a controller and reponse for ocs
2015-02-09 18:11:47 +01:00
Joas Schilling c17b236c19 Add a test for the post_shared hook shareType 2015-02-09 13:12:34 +01:00
Lukas Reschke 770fa761b8 Respect `mod_unique_id` and refactor `OC_Request::getRequestId`
When `mod_unique_id` is enabled the ID generated by it will be used for logging. This allows for correlation of the Apache logs and the ownCloud logs.

Testplan:

- [ ] When `mod_unique_id` is enabled the request ID equals the one generated by `mod_unique_id`.
- [ ] When `mod_unique_id` is not available the request ID is a 20 character long random string
- [ ] The generated Id is stable over the lifespan of one request

Changeset looks a little bit larger since I had to adjust every unit test using the HTTP\Request class for proper DI.

Fixes https://github.com/owncloud/core/issues/13366
2015-02-09 11:53:11 +01:00
Morris Jobke 90556cb70b Merge pull request #12283 from oparoz/sfnt-fonts
Updated the media type of some font types
2015-02-07 13:33:49 +01:00
Lukas Reschke 4d91fa4c93 Normalize before processing 2015-02-06 15:03:29 +01:00
Bernhard Posselt 9873aa3d9e fix license email 2015-02-05 14:10:16 +01:00
Bernhard Posselt b89ddcfe41 fix license email 2015-02-05 14:09:01 +01:00
Bernhard Posselt fdc64e370c add a controller and reponse for ocs 2015-02-05 14:02:17 +01:00
Bjoern Schiessle 21c45925fe detect root of mountpoint also if the trailing slash is missed 2015-02-04 12:47:04 +01:00
Bernhard Posselt 81836ccc7e another test for overriding the docblock 2015-01-29 20:35:07 +01:00
Bernhard Posselt 72d2b6f723 additional inheritance tests 2015-01-29 20:33:05 +01:00
Robin Appelman 05035ef4af Fix webdav put for single file webdav shares 2015-01-29 12:47:12 +01:00
Robin Appelman ddee63fa00 Fix resolving paths for views rooted in a file 2015-01-29 12:47:11 +01:00
Robin Appelman cec43df0f0 Add unit test 2015-01-28 13:44:39 +01:00
Robin Appelman 2124540d1d Dont remove a file from cache if the delete operation failed 2015-01-29 15:39:56 +01:00
Morris Jobke 752b94d363 Merge pull request #13717 from owncloud/storage-donotwrapnullstorage
Prevent wrapping null storage
2015-01-28 01:00:20 +01:00
Vincent Petry 6d8985b671 Prevent wrapping null storage
Can happen when trying to instantiate external storages that have
incomplete config, where the constructor throws an exception (the
exception is caught in createStorage())
2015-01-27 17:40:08 +01:00
Vincent Petry acec40fe5a Merge pull request #13561 from owncloud/trash-finaldeletewhencrossstoragefix
Call final unlink in trash wrapper's storage
2015-01-27 17:05:38 +01:00
Bjoern Schiessle 5ba19ba7fc certificate manager should always use a \OC\Files\View otherwise we will get problems for different primary storages 2015-01-26 16:58:52 +01:00
Bjoern Schiessle 67da1f7e5a certificate manager only needs the user-id, no need to pass on the complete user object 2015-01-26 16:58:52 +01:00
Thomas Müller 5da4071c45 Merge pull request #13621 from owncloud/system-config-multiset
Add a method to set/unset multiple config values with one write
2015-01-26 13:36:22 +01:00
Olivier Paroz 7fbf1a20d7 Updated the media type of some font types
TTF and TTF have now the same media type
Official since 2013 and supported by Firefox and Chrome
https://www.iana.org/assignments/media-types/application/font-sfnt

Introducing support for Type1 fonts
2015-01-24 01:49:13 +01:00
Robin Appelman 87a1b2bdc4 Preserve mtime when doing cross storage move 2015-01-23 15:11:27 +01:00
Vincent Petry 8fa3e7a6bf Do not retrieve shares through group if user has no group 2015-01-23 15:11:06 +01:00
Joas Schilling c61e9f3912 Add a method to set/unset multiple config values in one call
This reduces the number of file writes we do for config.php and therefor
hopefully helps lowering the chances for empty config.php files
2015-01-23 11:00:53 +01:00
Morris Jobke 3d42ecea37 Fix undefined offset 1 for wrong user mail address
* fixes Undefined offset: 1 at lib/private/mail.php#143
2015-01-22 16:23:50 +01:00
Morris Jobke b5b491d1bb Merge pull request #13509 from owncloud/share-deletechildrenwhenunsharefromgroup
Fix reshare permission change to not impair other deletion code
2015-01-22 10:40:29 +01:00
Vincent Petry 9f137ac259 Fix reshare permission change to not impair other deletion code
A recent change that prevents reshare permission changes to delete group
share children had the side-effect of also preventing group share
children deletion when it needed to be done.

This fix adds an extra flag to isolate the "reshare permission change"
deletion case and keep the other ones as they were before, not only to
fix the regression but also fix other potential regressions in code that
uses this method.

Also updated the comment because now Helper::delete() is no longer
limited to reshares but also applies to group share children.
2015-01-22 10:12:47 +01:00
Robin Appelman 0b9f7642a6 Add unit test 2015-01-21 17:18:47 +01:00
Joas Schilling 7eb8404040 Add a test case for memcaches to store an array 2015-01-20 10:51:04 +01:00
Vincent Petry ef8d38ca27 Fix chunked query for tags + unit test 2015-01-19 17:05:44 +01:00
Thomas Müller d2d6472e39 Merge pull request #13423 from owncloud/share-fixfindshareforuserwithmultiplegroups
Fix getItemSharedWithUser for groups
2015-01-19 12:34:28 +01:00
Lukas Reschke 744cf713f7 Merge pull request #13319 from owncloud/replace-line-breaks-in-app-description
replace line breaks in the app description by spaces - fixes #13315
2015-01-17 01:03:41 +01:00
Vincent Petry 40931a8b0d Fix getItemSharedWithUser for groups
Fixed SQL query for whenever a user has more than one group.
Added missing $owner where clause for group lookup.
Added unit tests for the group cases.
2015-01-16 18:11:13 +01:00