Commit Graph

596 Commits

Author SHA1 Message Date
Arthur Schiwon af91efd315
when downloading from web, skip files that are not accessible
* avoids a 403, but enables download of resources that are not restricted
* single file downloads still cause 403

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-12-19 13:05:10 +01:00
Julius Härtl 9e5d6114d5
Use files node API for single file downloads
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-12-19 13:05:09 +01:00
Christoph Wurst 723f017b12
Deprecate hooks, emitter and Symfony dispatcher mechanisms
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-11 10:04:36 +01:00
Roeland Jago Douma 47bc0cc8a8
Do not disable authentication apps
For #18249

If an app encounters an error during loading of app.php the app is
normally disabled. However. We should make sure that this doesn't happen
for authentication apps (looking at your user_saml).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-10 12:02:16 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Christian Oliff 417fd12d3a
HTTPS link to https://en.wikipedia.org/wiki/Server-sent_events
prevents a redirect
2019-11-15 16:19:28 +09:00
Arthur Schiwon af6c788efc
pass through ServerNotAvailableException on app init
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-14 17:20:14 +01:00
Roeland Jago Douma c0398e9a38
Merge pull request #17830 from nextcloud/global-quota-return-quota
actually return the quote when getting global storage info
2019-11-07 23:53:04 +01:00
Arthur Schiwon f9bfd48e12
switch to Files Node API for zip generation
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-07 09:45:23 +01:00
Robin Appelman 5df98d7265
actually return the quote when getting global storage info
prevents 'undefined' index errors when 'include external storage in quota' is enabled

Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-06 10:18:47 +01:00
Roeland Jago Douma e71f222082
Cleanup theming mess
* Do not do translations in the constructor. This gets called to early
so there is no user yet. Which means we can't obtain the locale. Which
means we store the wrong translation instance.

* Same for the theming app magic. Just use the parent call when needed.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-25 13:31:19 +02:00
Julius Härtl a9c089064b
Deprecate TemplateManager
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-10-16 09:54:17 +02:00
Joas Schilling ad7d13a87c
Print the error pages as error so we load less scripts and might be able to view it
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-16 19:38:43 +02:00
Roeland Jago Douma b3f663b8aa
Merge pull request #16859 from PhrozenByte/patch-1
Add IAppManager::getAppWebPath()
2019-09-09 12:20:27 +02:00
Daniel Rudolf 2d56664e35
Improve usage of IAppManager::getAppWebPath()
Deprecate \OC_App::getAppWebPath() and \OC_App::getAppPath()

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2019-09-05 18:35:40 +02:00
Samuel CHEMLA 94eb77a535 Fix sanity checks #16963
Signed-off-by: Samuel CHEMLA <chemla.samuel@gmail.com>
2019-09-01 22:27:08 +02:00
Joas Schilling 92862c51f5
Always check via http and https whether htaccess is working
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-23 14:33:58 +02:00
Joas Schilling 810ee7d811
Make the auto-disabled list more broad
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-15 11:12:45 +02:00
Arthur Schiwon d0409548c6
instead of upsert, fallback to default query on PgSQL <= 9.4
because there is no upsert yet

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-14 09:05:11 +02:00
J0WI 1b074f48d8
Remove duplicated spaces
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI 3f2932c75a
Sort headers
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI 76cbd7db6e
Add X-Frame-Options header to .htaccess
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:49 +02:00
Roeland Jago Douma 323f40a493
Merge pull request #16461 from nextcloud/fix/noid/pgsql-version
fixes the check for postgresql
2019-07-26 12:32:04 +02:00
Arthur Schiwon 8b1126e6d2
fixes the check for postgresql
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-18 18:34:10 +02:00
Morris Jobke 605d0874a4
Removes unused OC_API::register
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-18 11:27:09 +02:00
Joas Schilling 9d121985dc
Merge pull request #15540 from nextcloud/bugfix/noid/prevent-faulty-logs-from-nested-setupFS-calls
Prevent faulty logs from nested setupFS calls
2019-06-21 12:00:22 +02:00
Christoph Wurst 7d1fc2b8e8
Fix missing login hook wih Apache/SAML
Without this patch the hook does not transport the information whether the login is
done with an app password or not. The suspicious login app requires the parameter
to function correctly, hence adding it will make suspicious login detection also possible
with SAML users.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-06-11 07:29:00 +02:00
Joas Schilling 22fa6421e5
Prevent faulty logs from nested setupFS calls
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-05-15 10:22:51 +02:00
Morris Jobke 361836675c
Show supported apps in app management
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-05-13 13:36:02 +02:00
Morris Jobke f095bd1642
Use non-absolute logout URL to fix wrong URL in reverse proxy scenario
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-05-08 18:02:00 +02:00
Roeland Jago Douma 3b1e16458d
Forbid eval on legacy responses
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-04-09 09:58:23 +02:00
Roeland Jago Douma 769cb629ae
allow enforcing apps to ignore the max version
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-03-20 15:16:11 +01:00
Joas Schilling c6a69ba925
Remove the upload and memory setting
* Remove unneeded private method phpFileSize()
* Bump autoloader
* Remove setUploadLimit tests
* Remove integrity check hacks for upload limit

Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-03-04 12:14:22 +01:00
Joas Schilling 0c77cd21f9
Make sure maintenance mode is always casted to bool
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-02-22 08:25:41 +01:00
Roeland Jago Douma 65964a537a
Move jquery.ocdialog.scss to bundle
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-14 13:38:24 +01:00
Roeland Jago Douma ea951136d1
Move jquery-ui-fixes to bundle
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-14 13:31:49 +01:00
Roeland Jago Douma a498b72dec
Move the contactsmenu handlebars templates to the bundle
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-04 10:56:52 +01:00
Roeland Jago Douma f1b0332920
Do not try to load js moved to bundle
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-01 10:39:47 +01:00
Morris Jobke 5fe151f7c4
Merge pull request #13927 from nextcloud/remove-dead-code
Don't call apc_delete_file and apc_clear_cache anymore
2019-02-01 10:17:55 +01:00
Daniel Kesselberg 9104e028a3
Remove deleteFromOpcodeCache & clearOpcodeCache
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-01-30 17:36:14 +01:00
Daniel Kesselberg 1638f89e89
Don't call apc_delete_file and apc_clear_cache anymore
There is no apc for PHP7+ so there is no need to check if exist.
accelerator_reset looks even more ancient.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-01-30 16:28:47 +01:00
Robert Dailey a170bf80ec
Improve data directory write checking for NFS mounts
If `is_writable()` fails, fall back to logic that attempts to create a file
and then checks if it exists. If this check fails, an error occurs as it
did before.

Discussion on this solution was found here:
https://help.nextcloud.com/t/write-errors-for-nfs-mount/23328

Fixes #7124

Signed-off-by: Robert Dailey <rcdailey@gmail.com>
2019-01-24 20:39:52 -06:00
Roeland Jago Douma e3de4edc51
Urlencode the requesttoken
Followup of #13757

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-23 16:16:31 +01:00
Roeland Jago Douma ebd9f30d85
Request plain logout url
By requesting the plain logout url we allow it to be properly cached by
the caching router. We just add the requesttoken manually.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-23 14:06:03 +01:00
Christoph Wurst 83068c39e5
Update select2, include css
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-01-09 15:02:01 +01:00
Christoph Wurst 1e80259051
Remove core.js
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-01-09 15:02:00 +01:00
Christoph Wurst 208788173d
Npmize (vendor) scripts
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-01-09 15:01:59 +01:00
Daniel Kesselberg 5ee6e5b8c6
Use OC_Util::getVersion instead of getSystemValue
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-12-07 11:42:12 +01:00
Daniel Kesselberg 6016d45ca9
Use version to generate docversion
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-12-07 11:42:12 +01:00
Morris Jobke ea6ea7f4c3
PHP module is named mbstring
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-12-04 17:22:11 +01:00
Peter Kraume 79b8703f29 Set Referrer-Policy also in addSecurityHeaders()
Fix: #12689
Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
2018-11-27 16:39:06 +01:00
Christoph Wurst 1b85ef4bf2
Fix string doc type casing
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-11-15 11:57:05 +01:00
Joas Schilling ea21aa3f7a
Use numeric placeholders if there are multiple, so that RTL languages can operate better
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 14:32:14 +02:00
Morris Jobke db345e4c6d
Deprecate unused, private OC_Helper::linkToPublic
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-08 18:29:52 +02:00
Morris Jobke 7971ba5cc6
Merge pull request #10898 from nextcloud/feature/10684/default-logo-color-theme-colors
Switches the default logo color depending on the primary color
2018-10-08 10:33:22 +02:00
Morris Jobke e0ed64366c
Merge pull request #11613 from nextcloud/add-missing-throw-statement
add missing throw statement to doc block
2018-10-04 16:28:08 +02:00
Bjoern Schiessle 1d4a80f37d
add missing throw statement to doc block
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-04 15:23:07 +02:00
Morris Jobke cdb3ffb293
Remove unused code in legacy classes
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-03 22:07:51 +02:00
Michael Weimann d855c38e07
Moves the logo files to logo
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-10-02 08:37:54 +02:00
Daniel Kesselberg d4dec43f8f
Dont use find to lookup binaries
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-29 20:25:19 +02:00
Roeland Jago Douma c9e93b8084
Compile contactmenu handlebars templates
Fixes #11029
For https://github.com/orgs/nextcloud/projects/18

Ship the compiled handlebars templates. This makes it possible to have a
scricter CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-27 20:33:58 +02:00
Bjoern Schiessle bb86a8ca36
add back-end as parameter to the pre-login hook
This is needed for the Global Scale setup to allow the master
node to perform different operations during login, depending
on the user management. Because in case of SAML, the authentication
at the idp happens at the master node.

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-09-14 17:23:06 +02:00
Robin Appelman be9ab8b879
also catch exceptions when loading apps
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-08-24 17:16:54 +02:00
Daniel Kesselberg bfa49410a2
Drop support for xcache
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-08-12 17:14:08 +02:00
Roeland Jago Douma c74a5250e5
Check if HTTP_USER_AGENT is set before using it
Sentry reported some errors regarding this. Apparently not everybody
sets a user agent. If it is not set we assume this is not IE ;)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-08-08 13:32:03 +02:00
Morris Jobke 7eb74186ef
Merge pull request #8380 from nextcloud/bugfix/noid/reenable-disabled-apps
Re-enable apps that got automatically disabled while updating
2018-07-25 11:37:10 +02:00
John Molakvoæ (skjnldsv) da0bdd1391 Design structure fixes
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-21 16:09:13 +02:00
Morris Jobke e0d9c43c95
Merge pull request #8188 from arnowelzel/master
Avoid error messages for restricted opcache API
2018-07-20 11:48:44 +02:00
John Molakvoæ (skjnldsv) a24cad1a1c
Fix accessibility invert
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 08:16:58 +02:00
Morris Jobke 478b95cc20
Try to not run into the white page of death and still log something in the web server error log
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-29 11:22:05 +02:00
Morris Jobke b0a296e2e1
Do not use HTTP code OC_Response constants anymore
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-26 16:14:15 +02:00
Morris Jobke 79d9841bce
Replace hardcoded status headers with calls to http_response_code()
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-26 16:14:15 +02:00
Morris Jobke 1399f6bece
Server exception error pages by default with a 500 status code
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-26 11:44:24 +02:00
Morris Jobke 8c155cd51c
Server error/hint pages with a 500 error code to avoid it being seen instead of the actual resource
* found while reviewing #7205
* allow to specify a special status code

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-26 11:44:24 +02:00
Eric Masseran a34f70ce0a
Change status code when config is write protected
Add hint msg, you can make config file read only

If the config.php is not writable, print an error message: #6893
 - set config writable
 - or set option to keep it read only

Signed-off-by: Eric Masseran <rico.masseran@gmail.com>
2018-06-26 09:36:17 +02:00
Joas Schilling 4b49f810b7
Re-enable apps that got automatically disabled while updating
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-06-26 09:15:52 +02:00
Roeland Jago Douma 8ebc3d90a0
Merge pull request #9518 from nextcloud/feature/5986/public_share_controller_middleware
Public share middleware & controller
2018-06-21 10:09:20 +02:00
John Molakvoæ (skjnldsv) 71ce8f3107
Split css variables and fix url variables
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-06-20 19:17:06 +02:00
Roeland Jago Douma 366981fba6
Move public preview endpoint over
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
John Molakvoæ (skjnldsv) 21441fad9b
Added new search standard
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-06-19 23:53:20 +02:00
John Molakvoæ (skjnldsv) e5f08620d4
Better design for core search, fixes and style to scss
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-06-19 23:53:19 +02:00
Julius Härtl b4a7be20c8
Properly clear cache
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-06-06 11:40:09 +02:00
Julius Härtl 1a034ce699
Implement update functionality
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-06-06 11:40:09 +02:00
Roeland Jago Douma f7b518fdbf
Get correct version of an app
Related to #8929

We should get the version of the app. Not of the appfolder. Else there
is no way to properly compare the versions.

Now note that installing in 1 go will still fail. But at least on the
next page load the new version will be properly detected.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-03 08:22:03 +02:00
Roeland Jago Douma db96b0bb0b
Make it possible to make external storages read only
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-01 15:18:56 +02:00
Arthur Schiwon 38a90130ce
move log constants to ILogger
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 10:45:52 +02:00
Robin Appelman 46d0d0cda1
fix appinfo parsing when a single localized option is provided
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-04-17 11:14:03 +02:00
Daniel Calviño Sánchez 90fdf83ca7
Use zip32 only if there are less than 65536 files
A zip32 file can contain, at most, 65535 files (and folders), so take
that constraint into account.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:30 +02:00
Roeland Jago Douma 4a73f645e5
Use zip32 if possible
* OSX doesn't handle 64zip that well
* Some other implentations don't handle it perfectly either
* If the file is belog 4GiB (some overhead) => zip32
* This covers the 99% case I bet

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 15:59:30 +02:00
Roeland Jago Douma b2e34167eb
Merge pull request #8976 from nextcloud/dep_user_code
Remove deprecated functions from OCP\User
2018-03-28 08:23:57 +02:00
Roeland Jago Douma 1e13b3a8fa
Merge pull request #8994 from nextcloud/deprecate-theme-sync-clients
Deprecate theme sync clients
2018-03-28 08:23:16 +02:00
Julius Härtl cf4d27b115
Use customclient_* values by default and do not use them in custom themes anymore
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-26 19:26:36 +02:00
Roeland Jago Douma 91cc44a4e6
Remove deprecated OC_Group_Backend
* Private class
* Has been deprecated since NC10

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-26 14:19:04 +02:00
Roeland Jago Douma 7ebd96416c
Remove deprecated OCP\User::getDisplayname
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-25 20:42:03 +02:00
Roeland Jago Douma 6c8caa1641
Remove deprecated \OCP\User::getUsers
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-25 20:33:24 +02:00
Morris Jobke f843b7edfe
Merge pull request #8506 from nextcloud/use-appmanager
Use isInstalled of AppManger instead of reimplement it
2018-03-22 09:55:19 +01:00
Morris Jobke 78211a58e6
Remove unused methods of OC_Json
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-21 14:36:34 +01:00
Morris Jobke 514de5dfa1
Use isInstalled of AppManger instead of reimplement it
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-21 11:34:18 +01:00
Roeland Jago Douma 68871caf3c
Remove unused private function
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-19 11:32:10 +01:00