Commit Graph

1984 Commits

Author SHA1 Message Date
Lukas Reschke 77c0adb520 Merge branch 'securityutils' of https://github.com/owncloud/core into securityutils 2014-09-03 11:04:49 +02:00
Lukas Reschke 50b430ee7c Add char consts, hash the specified password for the HMAC 2014-09-03 11:03:27 +02:00
Olivier Paroz 0c3c72aec0 Libreoffice config folder needs to be set
In order to avoid conflicts between multiple instances installed on one server, it's required to define a LibreOffice configuration folder per instance.

Just like with my PR for the documents app (https://github.com/owncloud/documents/pull/353), I propose to use /tmp/owncloud-instanceid
2014-09-03 03:12:35 +02:00
Olivier Paroz b559b21dc3 Converts TIFF files to PNG 2014-09-02 22:56:39 +02:00
Olivier Paroz 1e600a0d36 Adding support for tiff files 2014-09-02 22:53:41 +02:00
Vincent Petry e05b95636b Fix upgrade process when apps enabled for specific groups
Fix issue where the currently logged user was causing side-effects when
upgrading.
Now setting incognito mode (no user) on update to make sure the whole
apps list is taken into account with getEnabledApps() or isEnabled().
2014-09-02 17:16:14 +02:00
Robin Appelman a9a37b5363 Don't automatically setup the filesystem the moment we load OC\Files\FileSystem 2014-09-02 16:15:42 +02:00
cbhp 969b41c1c9 added missing User-Agents
header "User-Agent" was missed
2014-08-31 19:44:06 +02:00
Morris Jobke 4024960a0e Merge pull request #10780 from owncloud/config-public
Extend public config interface
2014-08-31 15:54:35 +02:00
Lukas Reschke 8009df0b60 Merge pull request #10420 from owncloud/external-share-self-signed
Make external shares work with imported self signed certificates
2014-08-31 15:50:30 +02:00
Robin Appelman 0a1e5aebf1 Extend public config interface 2014-08-31 15:27:36 +02:00
Lukas Reschke ae3425d2da Merge branch 'master' into securityutils
Conflicts:
	lib/private/util.php
2014-08-31 15:21:09 +02:00
Lukas Reschke a197ef0f6c Merge pull request #10768 from owncloud/l10n-use-public
Use public api for getting l10n
2014-08-31 11:58:59 +02:00
Robin Appelman bfa0c4b78a Explicitly set the timezones 2014-08-31 11:06:18 +02:00
Lukas Reschke 4efe6f6240 Add unit tests and fix rootcerts creation bug 2014-08-31 10:47:50 +02:00
Robin Appelman e64aa330fd check for blacklisted file certificate filenames 2014-08-31 10:47:50 +02:00
Robin Appelman 79d896e830 Rename namespace 2014-08-31 10:47:50 +02:00
Robin Appelman 6044ad0e17 Cleanup certificate code 2014-08-31 10:47:50 +02:00
Robin Appelman ba8416a04f move certificate classes to their own namespace 2014-08-31 10:47:50 +02:00
Robin Appelman c158db7200 Add certificate class 2014-08-31 10:47:50 +02:00
Robin Appelman c1b11571ea Move certificate management interface from files_external to core 2014-08-31 10:47:50 +02:00
Robin Appelman 4efdbff6df No need for this folder to be world accessible 2014-08-31 10:45:11 +02:00
Robin Appelman dcc4f96d3e Verify names of certificates 2014-08-31 10:45:11 +02:00
Robin Appelman ecdbf00628 Move certificate management code to core 2014-08-31 10:45:10 +02:00
Robin Appelman d0266c0bf8 Use public api for getting l10n 2014-08-31 10:08:22 +02:00
Morris Jobke 06e6f10ce4 Add optional user ID parameter for getUseFolder 2014-08-31 09:49:19 +02:00
Duane Johnson ccf440495e Ensure db connection before changing cache state
When trying to upgrade from 7.0.0 to 7.0.2, the manual upgrade path
(e.g. ` sudo -u www-data /usr/bin/php5 ./occ upgrade`) exits with the
following fatal error:

```
/var/www/owncloud# php occ upgrade
PHP Fatal error:  Call to a member function
  disableQueryStatementCaching() on a non-object in
  /var/www/owncloud/lib/private/db.php on line 423
```

This is caused by the self::$connection static variable having not
been initialized at the point of call. Adding a self::connect() fixes
the issue.

See https://forum.owncloud.org/viewtopic.php?f=29&t=23398&p=68556#p68556
2014-08-30 15:46:56 -06:00
cetra3 6b24aa5224 Refactor internal session to write directly to $_SESSION 2014-08-30 08:48:13 +00:00
Robin Appelman 0b88355368 Merge pull request #10721 from owncloud/kill-rand
Kill insecure random number generation
2014-08-29 19:48:00 +02:00
Morris Jobke 3a4b71ffb4 Merge pull request #10734 from owncloud/fix-10268
retrieve local users, groups and group members in a sorted way
2014-08-29 19:35:32 +02:00
Lukas Reschke 35276def1c Merge pull request #10614 from owncloud/remove-ee-hack
Remove different URL for EE
2014-08-29 18:23:15 +02:00
Jörn Friedrich Dreyer 10382ef2f0 allow empty hostname and dots in service name for oracle autosetup 2014-08-29 17:09:17 +02:00
Robin Appelman 3de69ff81b Don't register the call when rendering error pages 2014-08-29 15:44:39 +02:00
Robin Appelman dd7b8e4555 Remove insecure fallback random number generation 2014-08-29 15:44:09 +02:00
Arthur Schiwon 0bb460c9b5 retrieve local users, groups and group members in a sorted way 2014-08-29 15:17:37 +02:00
Thomas Müller 96a931929e adding OC-ETag header 2014-08-29 12:09:33 +02:00
Thomas Müller 647120fb36 adding new webdav property containing the folder size 2014-08-29 11:39:02 +02:00
Jörn Friedrich Dreyer f551917a3c kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Lukas Reschke 9ab62ad5b7 Escape error messages 2014-08-27 17:01:51 +02:00
Clark Tomlinson cb0da1178b Merge pull request #10653 from owncloud/x-forwarded-for
Add support for getting the real client IP behind proxies
2014-08-27 10:32:34 -04:00
Pascal de Bruijn 49da0a7943 defaults: add customizable defaultiTunesAppId 2014-08-27 14:07:39 +02:00
Björn Schießle c35d60f6d8 Merge pull request #9915 from suraia/unsharefromself-source
Allow specifying the item source in unshareFromSelf().
2014-08-27 10:31:35 +02:00
Lukas Reschke 3329e0f2b2 Use DI 2014-08-27 00:49:53 +02:00
Lukas Reschke d26a9c3c58 Add some security utilities
This adds some security utilities to core including:
- A library for basic crypto operations (e.g. to encrypt passwords)
- A better library for cryptographic actions which allows you to specify the charset
- A library for secure string comparisions

Remove .htaccess

Remove .htaccess

Fix typo

Add public API

Use timing constant comparision

Remove CBC constant

Adjust code

Remove confusing $this
2014-08-27 00:18:04 +02:00
Lukas Reschke 7acdd018a1 Add support for getting the real client IP behind proxies
Fixes https://github.com/owncloud/core/issues/10624

Fix copy paste fail

Add unittest for comma separated headers

Revert 3rdparty
2014-08-27 00:05:04 +02:00
Thomas Müller 2e8026a7b5 Merge pull request #10619 from owncloud/issue/6722
Add a test to break the slugifyPath() with folder and file afterwards
2014-08-26 10:33:18 +02:00
Lukas Reschke ca7e4c8c67 Add isAppstoreEnabled instead of hijacking the URL 2014-08-26 10:20:51 +02:00
Clark Tomlinson 6523c575f3 Merge pull request #10623 from owncloud/not-a-valid-resource-log-entries
Do not try to close the same resource multiple times
2014-08-25 12:52:06 -04:00
Vincent Petry c86824fa09 Merge pull request #10023 from owncloud/tmp-file-created-status
Log unsuccessful temp file creation and return false
2014-08-25 17:24:46 +02:00
Joas Schilling 989da69cff Do not try to close the same resource multiple times 2014-08-25 15:31:43 +02:00
Joas Schilling 1846aebfff Use md5() of the original name instead of uniqid() for slugifying
Previously we used uniqid() here.
However this means that the behaviour is not reproducable, so
when uploading files into a "empty" folder, the folders name is
different.

If there would be a md5() hash collition, the deduplicate check
will spot this and append an index later, so this should not be
a problem.

Fix #6722
2014-08-25 15:06:12 +02:00
Joas Schilling b861e1d696 Fix code layout before fixing the function 2014-08-25 15:06:10 +02:00
Jörn Friedrich Dreyer ebf7758d10 Merge pull request #10595 from owncloud/swift-stream
Stream downloads from Swift object stores without downloading it first
2014-08-25 11:26:39 +02:00
Lukas Reschke 4bc72cc4e0 Remove different URL for EE
This can now be achieved by setting `appstoreenabled` to `false` in config.php
2014-08-24 20:22:15 +02:00
Clark Tomlinson 2ad0d3f1be Throw exception if file cannot be accessed via http
Format file

Removing calls to deprecated classes and using internal method to get via http

Missed a character

Fix inverted logic
2014-08-22 19:41:30 -04:00
Thomas Müller a77d468d35 Merge pull request #10584 from owncloud/simple-wizard-trusted-domains
Add a trusted domain wizard
2014-08-22 17:12:17 +02:00
Lukas Reschke 88c3a4a31a Expose setSystemValue 2014-08-22 15:53:23 +02:00
Thomas Müller 0e8916b147 Merge pull request #7539 from owncloud/repair-legacystorageid
Added repair script to upgrade the legacy home storage ids
2014-08-22 14:22:39 +02:00
Robin Appelman 191a82e768 Stream downloads from Swift object stores without downloading it first 2014-08-22 14:11:36 +02:00
Thomas Müller b8b2ef8748 no statement caching for Oracle 2014-08-22 12:06:36 +02:00
Robin Appelman 63570df75f Add files as string to tar archives 2014-08-21 08:49:57 +02:00
Robin Appelman 88c32861bc reformat 2014-08-21 08:49:57 +02:00
Vincent Petry 8f201c7383 Explicily close the statement cursors
Fixes the issue that makes SQLite freeze on later tests.
2014-08-20 23:49:15 +02:00
Lukas Reschke 92c80dd946 Merge pull request #10518 from owncloud/fix_storage_const_autoload
Fix storage const autoload
2014-08-20 23:23:42 +02:00
Vincent Petry 068f9d10f1 Added repair step for legacy storages 2014-08-20 23:14:05 +02:00
Vincent Petry 36c88e2830 Merge pull request #10422 from owncloud/dav-disablerangerequestwhennotsupported
Return whole file if range request cannot be granted due to encryption
2014-08-20 18:14:09 +02:00
Morris Jobke 9a5e745a64 fix typo 2014-08-19 16:45:22 +02:00
Morris Jobke b3b3354809 move to public namespace 2014-08-19 14:05:08 +02:00
Stephan Peijnik 5d7deefd95 Use tabs for indentation.
Signed-off-by: Stephan Peijnik <speijnik@anexia-it.com>
2014-08-19 13:55:43 +02:00
Stephan Peijnik 2df52e54d7 Fix STORAGE_* constants usage by moving those constants into \OC\Files\Filesystem.
As constants not defined within a class cannot be automatically found by the
autoloader moving those constants into a class makes them accessible to
code which uses them.

Signed-off-by: Stephan Peijnik <speijnik@anexia-it.com>
2014-08-19 13:55:35 +02:00
Robin Appelman fdfc5c67f8 Merge pull request #9866 from owncloud/app-upgrade
Don't do app upgrades in the background
2014-08-19 13:33:38 +02:00
Thomas Müller 1c23f54d42 Merge pull request #10341 from owncloud/issue/9928
[Issue/9928] Problems with filemtime in MappedLocal Storage
2014-08-19 10:10:09 +02:00
helix84 722a119e46 fix typo in util.php 2014-08-18 15:59:36 +02:00
Robin Appelman ab590ce9a0 fix undefined variable 2014-08-18 15:30:46 +02:00
Thomas Müller 62e06cb0ba Merge pull request #10472 from owncloud/fix_undefined_index_ocsid
check if array index ocsid is set before accessing it
2014-08-18 10:43:21 +02:00
Thomas Müller c933848c55 Merge pull request #10156 from owncloud/issue/9968
Check return of fopen() before using it
2014-08-18 10:35:04 +02:00
Frank Karlitschek ddeb301ad6 Merge pull request #10456 from kroimon/skeleton_dir_config
Make skeleton directory configurable.
2014-08-17 20:01:02 -04:00
Georg Ehrke 7347174636 check if array index ocsid is set before accessing it 2014-08-17 22:26:14 +02:00
Lukas Reschke a2677c14c8 Remove X-Mailer header from mails 2014-08-17 18:55:13 +02:00
Stefan Rado ccc46be740 Make skeleton directory configurable. 2014-08-16 01:07:42 +02:00
Lukas Reschke a822a31ce3 Merge pull request #10442 from owncloud/move-failed-logins
Move authentication failed logging to checkPassword
2014-08-15 16:50:28 +02:00
Lukas Reschke 98fc56831d Merge pull request #9275 from NormalRa/master
Add .apk mimetype.
2014-08-15 14:41:53 +02:00
Lukas Reschke a82cd1ff67 Fix unit test 2014-08-15 14:15:27 +02:00
Lukas Reschke 5bb4772858 Move authentication failed logging to checkPassword
Fixes https://github.com/owncloud/core/issues/10366
2014-08-15 12:13:00 +02:00
Jörn Friedrich Dreyer 799fb46927 add missing @deprecated annotation to legacy classes 2014-08-14 22:18:12 +02:00
Thomas Müller c1102b1671 Merge pull request #10417 from owncloud/update_deprecation_doc
update deprecation docs
2014-08-14 17:54:23 +02:00
Björn Schießle 64c3fe670c Merge pull request #10399 from owncloud/fix_setSendMailStatus
[sharing] fix mail notification
2014-08-14 17:45:39 +02:00
Joas Schilling 4d32e3548b Ensure that filename is prefixed with a slash 2014-08-14 16:48:30 +02:00
Clark Tomlinson 4502eaf9f8 Merge pull request #10414 from owncloud/relax-code-checker
in order to prevent false-positives on the code checker - exec and eval ...
2014-08-14 09:35:20 -04:00
Vincent Petry cc8c1d8e07 Return whole file if range request cannot be granted due to encryption
Whenenver range headers are set and encryption is enabled, it is not
possible to automatically fseek() to the proper position.

To avoid returning corrupt/invalid data or causing a decryption error,
the range headers are stripped so that the SabreDAV code in httpGet()
returns the whole file.
2014-08-14 15:18:49 +02:00
Jörn Friedrich Dreyer fd798fd982 update deprecation docs 2014-08-14 12:22:34 +02:00
Morris Jobke 987a0565fb Merge pull request #10395 from owncloud/close-filehandle-lib-files
Close open file handles in files library
2014-08-14 10:57:54 +02:00
Thomas Müller a4932dc5e2 in order to prevent false-positives on the code checker - exec and eval will not longer be grepped for 2014-08-14 10:48:42 +02:00
Thomas Müller 6d94fc846d Merge pull request #10394 from owncloud/close-filehandle-lib-image
Close file handle if exception occurs in image class
2014-08-13 22:41:33 +02:00
Robin Appelman bba59bf815 Cast file id's to int so we can compare them properly 2014-08-13 19:18:34 +02:00
Bjoern Schiessle d9f35d8c15 we need the recipient as a additional parameter to know for which share the notification was send 2014-08-13 17:02:51 +02:00
Morris Jobke c6bf51c457 Close open file handles in files library
ref #10392
2014-08-13 15:48:32 +02:00
Morris Jobke f61658945f Close file handle if exception occurs in image class
ref #10392
2014-08-13 15:19:58 +02:00
Robin Appelman 174805f5e3 Merge pull request #9762 from owncloud/owner-public
Return the proper owner for home storages
2014-08-12 14:29:17 +02:00
Normal Ra 1633ec5c87 APK mimetype icon to be a generic package icon. 2014-08-12 14:10:49 +02:00
Clark Tomlinson e63853a353 Merge pull request #10335 from owncloud/fix-emptyapplist
Fix issue when no apps are enabled
2014-08-11 16:16:18 -04:00
Thomas Müller 3e493501da Merge pull request #9890 from owncloud/check-php-charset-master
setting and checking default_charset in php.ini to be UTF-8
2014-08-11 22:11:11 +02:00
Vincent Petry a32eac1477 Fix issue when no apps are enabled
Properly initialize $apps array
2014-08-11 20:36:51 +02:00
Joas Schilling 564bf23c1b Do not filemtime() on "." directory. Use empty string instead
Fix #9928
2014-08-11 17:39:37 +02:00
Joas Schilling d7666d9d3d Remove doubled slash between folder and path 2014-08-11 16:50:52 +02:00
Thomas Müller 13d44f8f7f Merge pull request #10251 from owncloud/fix-dav-attributes-master
shared files/folders are not mounted
2014-08-11 14:40:47 +02:00
Vincent Petry 79fa2bc391 Merge pull request #10301 from owncloud/fix-internal-mail-share-links
Don't use /Shared as a base for links in share email
2014-08-11 13:33:39 +02:00
Vincent Petry f2001a48a4 Fixed sort algo for additional cases 2014-08-11 13:28:53 +02:00
Vincent Petry 173059f6d0 Fixed file list sorting
Now using a natural sort algorithm that is more consistent between JS
and PHP (although not perfect in some corner cases)

- added OC.Util.naturalSortComparator that uses the same algo that was
  used for the user list
- changed user list and files list to use OC.Util.naturalSortComparator
- removed toLowerCase() and changed the comparator to use
  String.localeCompare()
- added unit tests
- added OC_NaturalSort that is used by OCP\Util::naturalSortCompare()
2014-08-11 13:28:53 +02:00
Thomas Müller b83d00f847 Merge pull request #10249 from mroi/patch-1
file size on non-(Linux/BSD/Windows)-installations
2014-08-11 13:02:01 +02:00
Tom Needham aeef10eb47 Add scrollto to the url if sharing a file for long file lists 2014-08-09 00:21:29 +01:00
Tom Needham 16dafa9cac Fix link to files and folders in internal share emails 2014-08-09 00:08:45 +01:00
Bjoern Schiessle 6dda30b5a2 remove share permissions if user is excluded from sharing 2014-08-08 12:16:54 +02:00
Morris Jobke b6a2a85bb8 Merge pull request #9953 from owncloud/fix_text_preview_for_systems_without_ttf
implement a txt preview fallback for the case that ttf is not support
2014-08-07 22:55:06 +02:00
Thomas Müller 520f6422ac Merge pull request #10079 from owncloud/Improve_scanner_message
Improved scanner error message
2014-08-07 16:09:52 +02:00
Thomas Müller 9d2cff50ed shared files/folders are not mounted 2014-08-07 16:01:13 +02:00
Michael Roitzsch cde1a9241d file size on non-(Linux/BSD/Windows)-installations
Determining the file size using the exec() method is implemented for Linux, BSD, and Windows. However, on systems matching neither platform name (like SunOS), the fall-through path will return a file size result constituting a zero size instead of an invalid null return value.
2014-08-07 15:41:58 +02:00
Thomas Müller e33fc2807c Merge pull request #10142 from owncloud/fix-#9283-gzip_support
Removed broken tar cutter, added tar and fixed extension switch.
2014-08-07 14:53:31 +02:00
Robin Appelman f1091280de Merge pull request #10184 from owncloud/getbyid-node
Fix Folder::getById
2014-08-07 13:40:17 +02:00
Thomas Müller d2365afad6 Merge pull request #8915 from owncloud/MorrisJobke-travis
Travis support for PRs and master, stable5 and stable6
2014-08-07 11:33:13 +02:00
Volkan Gezer 173538befb typo fix from transifex suggestion 2014-08-06 20:48:26 +02:00
Robin Appelman 12207ec0c7 Fix SharedCache::getPathById 2014-08-06 13:38:14 +02:00
Robin Appelman 1deb6aadd3 return null instead of throwing an exception 2014-08-06 12:06:41 +02:00
Thomas Müller a72dae6842 Merge pull request #10144 from owncloud/issue/9972
Issue/9972 Fix issues with group and username `0`
2014-08-06 09:53:13 +02:00
Morris Jobke 9fb79c86f0 Merge pull request #10191 from owncloud/sharing_rm_trailing_slash
[sharing] remove trailing slash
2014-08-05 23:13:35 +02:00
Bjoern Schiessle 48c57b80e3 remove trailing slash from path 2014-08-05 20:34:32 +02:00
Björn Schießle d35bfc9a4c Merge pull request #9520 from owncloud/theme_urls
Add ability to theme iOS and Android client URLs just like desktop URLs.
2014-08-05 17:53:18 +02:00
Robin Appelman bf8f910a32 Fix Folder::getById 2014-08-05 16:58:10 +02:00
Morris Jobke 676fa459d7 Minor fixes
* instanceof \OC\Files\View
* fix misplaced paranthesis
* remove misplaced character in comment
2014-08-05 16:53:28 +02:00
Robin Appelman 244d4e1399 Make View->shouldEmitHooks more robust 2014-08-05 16:53:28 +02:00
Morris Jobke 8561d0dfca remove escaping because it's unneeded 2014-08-05 13:18:38 +02:00
Morris Jobke 7b222c4ab5 fix uppercase issue 2014-08-05 13:16:51 +02:00
scolebrook 2e127d2c5e Add ability to theme iOS and Android client URLs just like desktop URLs. 2014-08-05 13:16:51 +02:00
Bjoern Schiessle 41cca70a63 don't display share permission if resharing was disabled by the admin 2014-08-05 10:57:51 +02:00
Morris Jobke c0e78d9841 Merge pull request #10151 from owncloud/issue/9912
Increase word wrap limit for emails to 78 characters
2014-08-05 08:20:57 +02:00
Joas Schilling 303f6da76f Check return of fopen() before using it
Fix #9968
2014-08-04 17:53:06 +02:00
Joas Schilling f4c7e3c1e9 Merge pull request #10083 from th3fallen/fix-9969-take-two
Fix 9969
2014-08-04 17:41:03 +02:00
Joas Schilling c1b8d93cb0 Increase word wrap limit for emails to 78 characters 2014-08-04 16:05:09 +02:00
Joas Schilling 4865c52aa6 Fix isLoggedIn() check for user '0'
Fix #9972
2014-08-04 15:53:55 +02:00
Joas Schilling f80baf03d4 Fix getting group '0' from database backend
Fix #9972
2014-08-04 15:53:55 +02:00
Remco Brenninkmeijer cb842ba793 Previous commit was not based on master, retry. Removed broken tar cutter, double extensions are not possible in temp files. Added tar support. Fixed extension switch. 2014-08-04 14:10:09 +02:00
Robin Appelman 8b4d3c065c only set core version at the end 2014-08-04 13:42:16 +02:00
Robin Appelman ae263da69a Also set the app version when updating from app store 2014-08-04 13:41:05 +02:00
Robin Appelman 776cc45a5a Allow loading app without checking the upgrade 2014-08-04 13:41:05 +02:00
Robin Appelman 4602d1f2a6 extract upgrade parts to their own methods 2014-08-04 13:41:05 +02:00
Robin Appelman 4608f8a3b5 Throw an exception when we try to load an app that needs to be upgraded 2014-08-04 13:41:04 +02:00
Robin Appelman 43d790239d Extend OC_Util::needUpgrade to also catch app upgrades 2014-08-04 13:41:04 +02:00
Thomas Müller 65903a012a Merge pull request #10025 from owncloud/l10n-typo
typo fix from transifex suggestion
2014-08-04 11:03:50 +02:00
Volkan Gezer 7a07690b25 expire -> expiration 2014-08-02 04:02:39 +02:00
Jörn Friedrich Dreyer a0ab4c2434 fix return documentation 2014-08-01 13:42:35 +02:00