Commit Graph

2977 Commits

Author SHA1 Message Date
Morris Jobke 8abf6e0ed1
fixed code 2016-06-20 18:50:56 +02:00
Lukas Reschke 202530f4f3
Soften the cookie check if no cookies are sent
When no cookies are sent it is not required to perform any check for the strict or lax cookie, it does not provide any significant security advantage.

It does however interfer with the Android client which requests thumbnails from the unofficial API at `/index.php/apps/files/api/v1/thumbnail/256/256/{filename}`. This endpoint expects the strict cookie to be existent to not leak the existence of files. The Android client authenticates against this endpoint using Basic Auth and without cookies in some cases at least. This will make these endpoints work again with such cases.

To test this issue the following cURL command once without the patch and once with:

> curl http://localhost/index.php/apps/files/api/v1/thumbnail/256/256/welcome.txt  -u admin -v

Without the patch the request is redirected (which the client does not obey) and with the patch the preview is returned.
2016-06-15 11:50:26 +02:00
Arthur Schiwon a761fd65f0
Merge branch 'stable9' of https://github.com/owncloud/core into downstream-160613 2016-06-13 23:45:21 +02:00
Roeland Douma 7863987b19 Repair job to fix permissions for avatars (#25068)
Backport of #24898

Cherry-picked:
1b66db72d9
60225284f3
28d9ad2817

But manually since we renamed stuff and the repair procedures changed
2016-06-13 12:47:02 +02:00
Lukas Reschke 470f23c8b9 Merge pull request #54 from nextcloud/backport-upload-only-shares
[stable9] Backport files drop feature
2016-06-13 00:26:47 +02:00
Lukas Reschke eb7ed2356f
[stable9] Use custom updater URL 2016-06-12 23:49:23 +02:00
Lukas Reschke 68c38ae8c2
[stable9] Backport files drop feature 2016-06-11 11:38:16 +02:00
Lukas Reschke 2c6a5fcf91
Add Same Site Cookie protection 2016-06-10 17:15:43 +02:00
Morris Jobke 34727f26d0
skip failing tests 2016-06-07 19:24:56 +02:00
Vincent Petry 8f04bf3793
Backport of share id as string fix 2016-06-01 17:48:35 +02:00
Joas Schilling 5da9f10af2
Remove the password from the validateUserPass() method as well 2016-05-19 12:11:31 +02:00
Vincent Petry de97110f58 Merge pull request #24441 from owncloud/backport-24432-never-save-app-language-into-request-lang
[9.0] Do not save the language as request lang for apps when we didn't find…
2016-05-17 16:15:05 +02:00
Lukas Reschke 3505776b6e
Make update server URL configurable
Currently testing the updates is a big problem and not really super easy possible. Since we now have a new updater server we should also make this configurable so that people can properly test updates.
2016-05-11 14:37:53 +02:00
Joas Schilling f7f9ef55b6
Do not save the language as request lang for apps when we didn't find any 2016-05-04 14:07:07 +02:00
C. Montero Luque fe753fe722 Merge branch 'stable9' into local-invalid-9 2016-04-26 16:46:23 -04:00
Robin Appelman 884c8215f8
add tests 2016-04-26 20:17:17 +02:00
Robin Appelman 1397d9a93c triger the propagator from the command line scanner 2016-04-25 18:29:57 +02:00
Thomas Müller 57b9ae18f0 Merge pull request #24196 from owncloud/backport-24183-change-background-job-sort-order
[9.0] Change the sort order of background jobs to be DESC instead of ASC
2016-04-22 17:26:26 +02:00
Joas Schilling 3e1dc64737
Change the sort order of background jobs to be DESC instead of ASC
In theory, if your instance ever creates more jobs then your system cron can
handle, the default background jobs get never executed anymore. Because
everytime when the joblist returns the next job it looks for the next ID,
however there is always a new next ID, so it will never wrap back to execute
the low IDs. But when we change the sort order to be DESC, we make sure that
these low IDs are always executed, before the system jumps back up to
execute the new IDs.
2016-04-22 14:11:26 +02:00
Vincent Petry 27d12f7a99
Throw NoUserException when attempting to init mount point for null user
In some scenarios initMountPoints is called with an empty user, and
also there is no user in the session.

In such cases, it is unsafe to let the code move on with an empty user.
2016-04-22 14:02:55 +02:00
Thomas Müller 27d6852b3e Merge pull request #24131 from owncloud/dont-transfer-files-to-not-ready-user-stable9
[9.0] Introduce isReadyForUser and verify in file transfer ownership
2016-04-22 10:33:18 +02:00
Lukas Reschke 830a080f0e
[stable9] Ignore certificate file if it starts with file:// 2016-04-21 19:00:27 +02:00
Thomas Müller df544e8dbe Introduce isReadyForUser and verify in file transfer ownership - fixes #23786 2016-04-20 20:25:22 +02:00
Roeland Jago Douma 2296552104
When the scanner detects a file is changed clear checksum
Fixes #23782 and #23783

If the file scanner detects a changed file we clear the checksum while
we update the cache.

* Unit test added
2016-04-20 19:09:26 +02:00
Joas Schilling c43713515b
Remove duplicated message 2016-04-06 15:51:25 +02:00
Victor Dubiniuk b87b27cbd9
Show hint in CLI 2016-04-06 15:34:16 +02:00
Victor Dubiniuk 118c39d472 Show cli notice for big installations 2016-04-05 17:13:31 +03:00
Victor Dubiniuk b05269826a Add releasenotes class 2016-04-05 17:13:31 +03:00
Morris Jobke 85a0dd3689 [stable9] Read available l10n files also from theme folder
* Read available l10n files also from theme folder

The old behaviour was that only languages could be used for an app
that are already present in the apps/$app/l10n folder. If there is
a themed l10n that is not present in the apps default l10n folder
the language could not be used and the texts are not translated.

With this change this is possible and also the l10n files are
loaded even if the default l10n doesn't contain the l10n file.

* Inject server root - allows proper testing and separation of concerns
2016-04-04 13:29:04 +02:00
Thomas Müller 193a33a8ad Merge pull request #23709 from owncloud/stable9-make-sure-that-encrypted-version-is-set
[stable9] Make sure that the encrypted version is set
2016-04-01 09:08:50 +02:00
Bjoern Schiessle 2cb45e71ea fix creation of versions of encrypted files on external storages
in order to create a 1:1 copy of a file if a version gets created
we need to store this information on copyBetweenStorage(). This
allows us to by-pass the encryption wrapper if we read the source file.
2016-03-31 23:18:45 +02:00
Lukas Reschke d16553d2d8 Make sure that the encrypted version is set
The code path called when using external storage with WebDAV is using `\OC\Files\Storage\Wrapper\Encryption::getMetaData` which did not contain the actual encrypted version inside the cache entry version. This lead to the following:

1. User uploaded a file
2. File is created and `\OC\Files\Storage\Wrapper\Encryption::getMetaData` is called. It has an empty `encryptedVersion` but sets `encrypted` to either `true` or `false`.
3. The call when updating the file cache will use the old version.
2016-03-31 20:39:35 +02:00
Thomas Müller 424c2b8263 Merge pull request #23652 from owncloud/stable9_23651
[Stable 9] Non moveable mount points should always be UPDATE+DELETE shareable
2016-03-30 17:01:41 +02:00
Roeland Jago Douma 2660cf80c3 Non moveable mount points should always be UPDATE+DELETE shareable
Fixes #23536

The new sharing code is much stricter in checking permissions. However
for non moveable mounts the permissions UPDATE+DELETE are not reported
on the mount point.

This is just a quick fix.

* Updated unit tests
2016-03-30 13:42:08 +02:00
Robin Appelman 3cadc45ca5 only remove avatars from the folder we store them in 2016-03-30 10:25:37 +02:00
Robin Appelman b456035aa7 dont die when we cant save the resized avatar, log instead 2016-03-25 14:13:17 +01:00
Robin Appelman 5a630c6a0e properly use fileinfo objects 2016-03-23 17:13:32 +01:00
Robin Appelman f77ce8829c pass the fileinfo to the node if available 2016-03-23 17:13:21 +01:00
Roeland Jago Douma aa75cfcf14 Block group sharing in API and in share manager
* Fix tests
2016-03-22 12:37:20 +01:00
Thomas Müller fefaa1fd87 Merge pull request #23293 from owncloud/backport-23108
[stable9] Ensure that stored version is at least 1 for cross-storage copy
2016-03-21 09:48:15 +01:00
Thomas Müller 382b18e85e Merge pull request #23309 from owncloud/backport-23164-stable9
[stable9] Prevent certain DBs throwing exceptions on same-value updates
2016-03-17 20:52:11 +01:00
Robin McCorkell aa91d50d04 Prevent certain DBs throwing exceptions on same-value updates
A PreconditionNotMetException must only be thrown if explicit
preconditions are specified for setValues(), not if the value is merely
the same as was already in the DB.
2016-03-16 14:50:00 +01:00
Lukas Reschke f9ad57ee52 Ensure that stored version is at least 1 for cross-storage copy
In case of a move operation from an unencrypted to an encrypted
storage the old encrypted version would stay with "0" while the
correct value would be "1". Thus we manually set the value to "1"
for those cases.

See also https://github.com/owncloud/core/issues/23078
2016-03-16 10:37:41 +01:00
Lukas Reschke 9ef7340dc7 Add support for custom values in integrity checker 2016-03-15 17:03:16 +01:00
Thomas Müller 5a6b2956d8 Merge pull request #23022 from owncloud/stable9_backport_22602
[stable 9]   Do not check all chunks of a chunked upload if we do not need to
2016-03-15 12:15:45 +01:00
Thomas Müller 4159187a6e Merge pull request #23229 from owncloud/backport-23218-memcached-exceptions-on-success
[9.0] Fix errors in memcached implementation
2016-03-15 12:10:23 +01:00
Roeland Jago Douma 3a5e90fa03 Generate a valid URL for link notification
fixes #23197

* Updated unit test
2016-03-15 07:34:53 +01:00
Joas Schilling 9190885b4e Fix errors in memcached implementation 2016-03-14 16:13:35 +01:00
Lukas Reschke 9bc99bb297 Explicitly check for port
The setup uses `\OCP\IRequest::getInsecureServerHost` which in some cases can also include a port. This makes the trusted domain check fail thus.

I've decided to add this here that way because adjusting the setup would require parsing the host properly. This is not something that can be done very good in PHP. Check the following example for why `parse_url` is not our friend: https://3v4l.org/k501Z
2016-03-11 14:54:20 +01:00
Roeland Jago Douma 91c7d293ca Added tests
* Unit tests for OC_Filechunking to verify the isComplete function
* Intergration tests to show that shuffling chunks is all fine
2016-03-09 14:48:42 +01:00