Commit Graph

273 Commits

Author SHA1 Message Date
Lukas Reschke 9904b30070 Ensure that passed argument is always a string
Some code paths called the `normalizePath` functionality with types other than a string which resulted in unexpected behaviour.

Thus the function is now manually casting the type to a string and I corrected the usage in list.php as well.
2015-02-13 12:49:34 +01:00
Morris Jobke 108f3327e6 Merge pull request #13502 from owncloud/streamline-authentication-in-newfile
Streamline CSRF and login check
2015-02-07 13:27:46 +01:00
Lukas Reschke cc80ce70b4 Catch exception properly
`\OCA\Files\Helper::buildFileStorageStatistics` might throw an exception from `OC_Helper::getStorageInfo`, previously this lead to a uncatched exception being thrown when invoking this methods.

This was user triggable by for example calling `/index.php/apps/files/ajax/delete.php` with a not existing dir (for example `dir=asdf/../&allfiles=true`)
2015-02-04 15:58:16 +01:00
Lukas Reschke e25a0303f4 Streamline CSRF and login check
Let's make this consistent with other pieces of the code to make it easier to auditable.
2015-01-20 12:24:13 +01:00
Lukas Reschke 003fc183a2 Remove stripslashes() from newfolder.php 2015-01-19 14:12:36 +01:00
Lukas Reschke 96cd7c017a Check for existence of $_GET keys
`$dir` may for example very well not get passed at well.
2015-01-14 14:16:18 +01:00
Lukas Reschke 3ff3f641d6 Get rid of `stripslashes()`
This conversions are actually totally unneeded and probably left-overs from ages where the safe_mode was still a valid thing.
2015-01-13 17:43:36 +01:00
Morris Jobke 2a03568623 Merge pull request #13279 from owncloud/upload-original-name
Send the proper original name for uploaded files
2015-01-12 17:48:12 +01:00
Robin Appelman 6daedaf344 Send the proper original name for uploaded files 2015-01-12 15:30:47 +01:00
Lukas Reschke f65cf498f4 Check for existence of $_GET keys
Otherwise PHP errors are thrown in the error log.
2015-01-09 17:46:14 +01:00
Lukas Reschke 199276bcbb Verify existence of $_GET key
Otherwise when the file without any specified mimetype was accessed the error log was flooded with entries such as "Undefined index: mime", there can be multiple issues found about this in the forum and our bugtracker.

To test this access `/index.php/apps/files/ajax/mimeicon.php` with and without `$_GET['mime']`.

Fixes itself.
2015-01-09 02:31:59 +01:00
Robin Appelman 64e3ebae74 Add error handling to getstoragestats.php 2015-01-06 15:56:06 +01:00
Vincent Petry 4b1b93507d Only populate tags in main file list
Moved populateTags to be done on the main file list.
This prevents the public file list to go through the same code and cause
an error when there is no user.
2014-12-18 15:36:18 +01:00
Morris Jobke e969fe6b12 Merge pull request #12698 from owncloud/handle_readonly_shared_files
Handle readonly shared files
2014-12-12 08:34:28 +01:00
Jörn Friedrich Dreyer c615b3527f show readonly message in file conflict dialog, make it always selected 2014-12-11 16:32:27 +01:00
Victor Dubiniuk adc7135429 Skip headers that can not be split 2014-12-08 23:43:43 +03:00
Robin Appelman 4321d7522e Check if files are deletable before trying to delete them 2014-11-26 12:14:35 +01:00
Morris Jobke c5fa8f1bdc Merge pull request #12421 from owncloud/issue/6101-remove-namespace-permission-constants
Issue/6101 remove namespace permission constants
2014-11-26 08:31:23 +01:00
Joas Schilling 2c39aec8cb Replace deprecated constant with new class constant 2014-11-25 16:30:21 +01:00
Bjoern Schiessle 1d33503487 we no longer need to keep the session open for encryption 2014-11-25 13:37:11 +01:00
Lukas Reschke 3efac5a4f2 Prevent division by zero
Potentially fixes https://github.com/owncloud/core/issues/11742
2014-10-24 00:10:22 +02:00
Jörn Friedrich Dreyer 18e3856092 log exceptions when listing files 2014-10-08 18:49:43 +02:00
Lukas Reschke 6eeb905871 Do only follow HTTP and HTTPS redirects
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

Get final redirect manually using get_headers()

Migrate to HTTPHelper class and add unit tests
2014-09-22 20:02:32 +02:00
Lukas Reschke c3d90b96c8 Merge pull request #10922 from owncloud/explicit-scan-transactions
Use bigger transactions when doing explicit file system scans
2014-09-09 23:32:32 +02:00
Lukas Reschke 70abce0482 Merge pull request #10739 from owncloud/eventsource-public
Add EventSource to the public API
2014-09-08 18:46:27 +02:00
Robin Appelman 644755df66 Use bigger transactions when doing explicit file system scans 2014-09-08 14:15:41 +02:00
Vincent Petry e43c9b84c4 Catch exceptions when moving files
When moving files on storages that don't expose permissions, the storage
itself might throw an exception when the permission is denied.

This fix ensures that exceptions are caught and forwarded to the client
instead of just hanging.
2014-09-05 14:54:06 +02:00
Robin Appelman fa3393674c Better phpdoc and method naming 2014-09-04 13:26:51 +02:00
Robin Appelman 65608d7c92 Use the public api to get event sources 2014-09-03 13:36:15 +02:00
Robin Appelman d0266c0bf8 Use public api for getting l10n 2014-08-31 10:08:22 +02:00
Jörn Friedrich Dreyer f551917a3c kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Bjoern Schiessle 043cd1d02b set incognitoMode to true, getUser should always return false during public upload 2014-08-18 16:39:25 +02:00
Björn Schießle 27d94e9273 Merge pull request #10295 from owncloud/file_actions_error_handling
file actions improved error handling
2014-08-14 11:44:50 +02:00
Bjoern Schiessle 5b75b15292 no error if we try to delete a file which no longer exists 2014-08-11 12:03:08 +02:00
Bjoern Schiessle 5bbecdb9ee no special action for folder named 'Shared' needed 2014-08-11 12:03:08 +02:00
Jörn Friedrich Dreyer c24957565c check quota when trying to download a file via new -> web 2014-08-08 14:35:33 +02:00
Robin Appelman 8339618ead More error catching in list.php 2014-07-01 14:58:17 +02:00
Robin Appelman 4526bc0ba6 Handle StorageNotAvailableException in ajax/list.php 2014-06-30 16:12:12 +02:00
Joas Schilling c98b7fe7fc Merge if statements 2014-06-23 18:10:08 +02:00
Vincent Petry 909e505c2e Remove warning when deleting all entries
When deleting all entries, only "allfiles" is defined but not "file" or
"files", which caused a PHP warning to be logged.
2014-06-23 15:57:45 +02:00
Vincent Petry 9ef7410abe Fixed uploading by drag and drop into folder 2014-06-19 16:14:10 +02:00
Thomas Müller 201cc59fe0 php upload errors are written to log 2014-05-22 12:20:27 +02:00
Vincent Petry 688f6162da Add sorting to files list, trashbin and public files 2014-04-28 17:42:04 +02:00
Thomas Müller 6d373e97c3 remove unused exit() 2014-04-07 23:02:49 +02:00
Thomas Müller 3587c88fe9 Merge branch 'master' of https://github.com/lukepolo/core-1 into lukepolo-master
Conflicts:
	apps/files/js/file-upload.js
2014-04-07 22:28:16 +02:00
Vincent Petry 7c9537f33a Fixed dirInfo check for non existing dir in files ajax call 2014-04-03 17:04:13 +02:00
Vincent Petry 0be9de5df5 Files, trashbin, public apps use ajax/JSON for the file list
Files app:

- removed file list template, now rendering list from JSON response
- FileList.addFile/addDir is now FileList.add() and takes a JS map with all required
  arguments instead of having a long number of function arguments
- added unit tests for many FileList operations
- fixed newfile.php, newfolder.php and rename.php to return the file's
  full JSON on success
- removed obsolete/unused undo code
- removed download_url / loading options, now using
  Files.getDownloadUrl() for that
- server side now uses Helper::getFileInfo() to prepare file JSON response
- previews are now client-side only

Breadcrumbs are now JS only:

- Added BreadCrumb class to handle breadcrumb rendering and events
- Added unit test for BreadCrumb class
- Moved all relevant JS functions to the BreadCrumb class

Public page now uses ajax to load the file list:

- Added Helper class in sharing app to make it easier to authenticate
  and retrieve the file's real path
- Added ajax/list.php to retrieve the file list
- Fixed FileActions and FileList to work with the ajax list

Core:

- Fixed file picker dialog to use the same list format as files app
2014-04-02 15:33:47 +02:00
Thomas Müller 5fa8f7cf12 Merge pull request #7107 from owncloud/load-apps-proper-master
Load apps proper master
2014-03-28 10:33:55 +01:00
Vincent Petry e72b2e6e3b Fix public upload to not close session when encryption is on
The encryption app needs to create keys when uploading files, so the
session needs to be kept open in such case.
2014-03-24 17:34:37 +01:00
Thomas Müller 6ff96b34ad Merge branch 'master' into load-apps-proper-master
Conflicts:
	apps/files/ajax/rawlist.php
	cron.php
	ocs/v1.php
2014-03-21 14:05:08 +01:00