c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-24 21:07:16 +02:00
4a5eeb2ce7
Fixed webroot detection
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-09-22 07:20:31 +02:00
38568c362b
Merge pull request #6605 from nextcloud/oc_ocs_response_is_dep
...
OC_OCS_Response is deprecated
2017-09-21 20:38:18 +02:00
2207fdcd8c
Remove private legacy OC_OCS_Response
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-21 17:56:56 +02:00
87e10f9e6a
OC_OCS_Response is deprecated
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-21 17:56:00 +02:00
0e17b65bcf
Avoid error undefined index classes in log
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-09-21 14:00:39 +02:00
38bb6e1477
Fix duplicate session token after remembered login
...
On a remembered login session, we create a new session token
in the database with the values of the old one. As we actually
don't need the old session token anymore, we can delete it right
away.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-20 21:39:31 +02:00
8358c63f53
Merge pull request #6573 from nextcloud/nonfound-webroot-empty-string
...
Fix "webroot not found" when installed to the root of the webserver
2017-09-20 20:04:27 +02:00
e8d80ed071
Merge pull request #6571 from nextcloud/cachefactory-local-locking
...
expose local and locking memcaches trough public interfaces
2017-09-20 16:04:51 +02:00
5430d73a0e
Fix "webroot not found" when installed to the root of the webserver
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-20 14:19:15 +02:00
388376c077
expose local and locking memcaches trough public interfaces
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-20 14:16:22 +02:00
2e19c42bc5
Check whether an app archive can be extracted
...
If extraction fails we should not continue the installation/update
process as the info.xml cannot be loaded and an unrelated error
occurs.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-20 14:07:17 +02:00
00e341925b
Merge pull request #6564 from nextcloud/fix-missing-unsigned
...
Fix missing "unsigned" on integer columns
2017-09-19 20:52:49 +02:00
d4da2a6dab
Fix autoloading
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-19 20:09:10 +02:00
6d7ca1092d
Read appinfo from a local cache
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-19 14:34:11 +02:00
d603d78630
[tx-robot] updated from transifex
2017-09-19 00:08:27 +00:00
e7f3c12b20
update autoloader
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-18 17:20:08 +02:00
d526969a68
fix path style
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-18 15:16:28 +02:00
d70607104e
reuse object read/write/delete logic in s3 implementations
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-18 15:16:27 +02:00
dad18baec8
update aws sdk and move it to 3rdparty
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-18 15:16:27 +02:00
ca5c3f839a
Merge pull request #6490 from nextcloud/share_pagination_query
...
Improve sharing pagination
2017-09-18 14:34:15 +02:00
a0132a49a6
Merge pull request #6549 from nextcloud/fix-6534
...
don't pass User object when uid string is expected
2017-09-18 14:28:14 +02:00
53057f2bd0
Merge pull request #5462 from nextcloud/add-frameancestor-support
...
Add CSP frame-ancestors support
2017-09-18 14:25:44 +02:00
8b1eaba417
Merge pull request #5585 from nextcloud/contacts_menu_privacy
...
Enhance privacy of contactsmenu fixes #5107
2017-09-18 14:25:16 +02:00
0837745477
don't pass User object when uid string is expected
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-18 13:19:47 +02:00
60e0de4a36
[tx-robot] updated from transifex
2017-09-18 00:08:32 +00:00
cdb6b0295a
[tx-robot] updated from transifex
2017-09-17 00:08:25 +00:00
967b563113
[tx-robot] updated from transifex
2017-09-16 00:08:23 +00:00
ae1fdf73c2
Improve sharing pagination
...
Basically we did in almost all cases did a query to much.
This resulted in an extra query for each share type.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-15 19:44:19 +02:00
705432ca6f
Add filter for `shareapi_allow_share_dialog_user_enumeration`
...
This adjusts the contacts menu to also support searching by email address which is relevant in scenarios where no UID is known such as LDAP, etc.
Furthermore, if `shareapi_allow_share_dialog_user_enumeration` is disabled only results are shown that match the full user ID or email address.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-15 15:58:04 +02:00
eb51c46549
fix typo and set @since properly
...
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
ecf347bd1a
Add CSP frame-ancestors support
...
Didn't set the @since annotation yet.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
5896176d69
Fix issue when disabling the shareapi_only_share_with_group_members option + fix findOne
...
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:41 +02:00
7dfa527da2
Improve code style
...
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:40 +02:00
f0370c0244
Some code improvements
...
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:40 +02:00
fa402c74d2
Add tests
...
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:40 +02:00
473a1ecad1
Fix tests
...
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:39 +02:00
92c238e0f0
Privacy enhancements for contacts menu
...
- Groups, which are excluded from sharing should not see local users at all
- If sharing is restricted to users own groups, he should only see contacts from his groups:
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:39 +02:00
113fd47f30
[tx-robot] updated from transifex
2017-09-15 00:08:08 +00:00
1a0ac912b2
Fix webroot throw
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-09-14 08:41:10 +02:00
7698781a1e
[tx-robot] updated from transifex
2017-09-14 00:08:12 +00:00
883574974d
Merge pull request #6458 from nextcloud/rethrow-correct-exception
...
Rethrow the correct exception when there was an error in an app conta…
2017-09-14 00:32:13 +02:00
8ef4fcb4b7
Merge pull request #6452 from lukanetconsult/hotfix/issue-6415-undefined-variable
...
Fix undefined variable $tmpRoot
2017-09-13 22:42:42 +02:00
5ce3c7003b
[tx-robot] updated from transifex
2017-09-13 00:08:12 +00:00
9163cf9241
Fix AppPassword 2FA auth
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-12 22:28:43 +02:00
01d4967130
Fix undefined variable $tmpRoot
...
Refactoring of webroot detection left an unused variable.
Fixes : #6415
Signed-off-by: Axel Helmert <info@luka.de>
2017-09-12 12:14:27 +02:00
c4b3198ac2
Rethrow the correct exception when there was an error in an app container
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-12 11:54:13 +02:00
8391ca8792
Use IAppManager instead of private API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-09-12 09:28:22 +02:00
b49ab065b7
Move theming related imagePath logic to ThemingDefaults
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-09-12 09:22:57 +02:00
88731848c6
Merge pull request #6435 from nextcloud/add-exception-to-phpdoc
...
Add exceptions to PHPDoc of interface
2017-09-11 13:01:41 +02:00
9a63ded43b
Fix uninitialized variable $this->params
...
Signed-off-by: William Pain <pain.william@gmail.com>
2017-09-11 10:01:12 +02:00
b97f48f1af
Add exceptions to PHPDoc of interface
...
Improves static code analysis here and also keeps expectations proper.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-10 20:01:36 +02:00
3f6692ee24
[tx-robot] updated from transifex
2017-09-10 00:08:23 +00:00
8a79d0cc70
Merge pull request #6414 from nextcloud/share-notification-wrong-language
...
Use the language of the recipient for the share notification
2017-09-08 19:15:05 +02:00
75c38d5d98
Merge pull request #6416 from nextcloud/make-sure-sqlite-works-without-content
...
Ask the schema whether the table and column exist
2017-09-08 19:09:38 +02:00
e9c713902e
Merge pull request #6417 from nextcloud/proper-english-nowhave
...
Improve text: 'you have now' -> 'you now have'
2017-09-08 18:29:22 +02:00
8e46e6b827
Improve text: 'you have now' -> 'you now have'
...
Signed-off-by: Leon Klingele <leon@struktur.de>
2017-09-08 13:47:11 +02:00
29e1aa57e1
Ask the schema whether the table and column exist
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-08 11:45:16 +02:00
7e625a8d22
Use the language of the recipient for the share notification
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-08 10:48:16 +02:00
194f880073
[tx-robot] updated from transifex
2017-09-08 00:08:16 +00:00
bab313da5d
Merge pull request #6360 from nextcloud/fix/session-timeout-refresh-csrf-token
...
Fix failing csp/nonce check due to timed out session
2017-09-07 19:51:59 +02:00
11c7a98a2a
Merge pull request #6380 from nextcloud/cleanup-oci-setup
...
cleanup oci setup code
2017-09-07 14:11:55 +02:00
485e22acde
Merge pull request #6329 from nextcloud/ldap-password
...
Don't log LDAP password when server is not available
2017-09-07 09:25:56 +02:00
7a33b9273e
Refactor webroot detection in resource locator
...
The current implementation breaks installations with symlinks to
directories inside the webroot (i.E. apps).
With this change both variants, directory and symlinks, will be detected
correctly.
Fixes : #6028
Signed-off-by: Axel Helmert <axel.helmert@luka.de>
2017-09-06 21:32:48 +02:00
a10c4517cb
Merge pull request #5571 from Luzifer/5570_backend_admin
...
Allow group backend to declare users as admins
2017-09-06 19:50:52 +02:00
5d4540f179
Merge pull request #6364 from nextcloud/fix_login_loop
...
Fix login with basic auth
2017-09-06 17:04:00 +02:00
b68609d0cf
Don't log LDAP password when server is not available
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-06 16:38:55 +02:00
2c0efae30f
cleanup oci setup code
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-06 15:55:05 +02:00
9d930210ee
[tx-robot] updated from transifex
2017-09-06 00:08:21 +00:00
15cd21d252
Merge pull request #6358 from nextcloud/fix-mixup-of-id-and-name
...
Set the meta data before everything
2017-09-05 16:08:57 +02:00
586cefc4f1
Add @since tag to constant
...
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2017-09-05 15:49:13 +02:00
b96485b6bd
Fix login with basic auth
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-05 12:24:41 +02:00
87aeae21e3
Fix failing csp/nonce check due to timed out session
...
The CSP nonce is based on the CSRF token. This token does not change,
unless you log in (or out). In case of the session data being lost,
e.g. because php gets rid of old sessions, a new CSRF token is gen-
erated. While this is fine in theory, it actually caused some annoying
problems where the browser restored a tab and Nextcloud js was blocked
due to an outdated nonce.
The main problem here is that, while processing the request, we write
out security headers relatively early. At that point the CSRF token
is known/generated and transformed into a CSP nonce. During this request,
however, we also log the user in because the session information was
lost. At that point we also refresh the CSRF token, which eventually
causes the browser to block any scripts as the nonce in the header
does not match the one which is used to include scripts.
This patch adds a flag to indicate whether the CSRF token should be
refreshed or not. It is assumed that refreshing is only necessary
if we want to re-generate the session id too. To my knowledge, this
case only happens on fresh logins, not when we recover from a deleted
session file.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-04 17:29:26 +02:00
e0c92c2da3
Update autoloader
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 15:42:34 +02:00
6dbb64c4a2
Merge setMetaData into constructor
...
This ensures that the meta data is set in the beginning
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-04 15:07:41 +02:00
4fd3240b5f
Merge pull request #6254 from nextcloud/async-bus-split
...
Allow configuring different command bus backends
2017-09-04 14:22:06 +02:00
1ebf91ec16
Add proper EOL
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 14:21:44 +02:00
c04a494ea7
Merge pull request #6064 from nextcloud/fix-5219-absolute-path-must-be-relative-to-files-on-theming-update
...
Still throw a locked exception when the path is not relative to $user/files/
2017-09-04 14:05:34 +02:00
c4f175d079
Merge pull request #6326 from nextcloud/fix_4654_3375
...
Pass new value to triggerChange
2017-09-04 12:03:19 +02:00
139f9bd3ca
Merge pull request #6331 from nextcloud/update-repair-step
...
Generate system wide key pair (update repair step after backport)
2017-09-04 11:59:34 +02:00
e195021926
update autoloader
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-09-04 11:59:00 +02:00
e33aa460f1
Merge pull request #6297 from te-online/add-mimetype-internet-shortcut
...
Add mimetype application/internet-shortcut for .url files
2017-09-04 11:55:05 +02:00
b09ce70117
Rebuild SCSS files if frontend controller value changes
...
fixes #6271
2017-09-03 17:32:41 +02:00
27c6dc9657
[tx-robot] updated from transifex
2017-09-02 00:08:29 +00:00
e039a4c191
move repair step to stable12
...
because we decided to backport it the repair step needs to be executed
already on stable12
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-09-01 11:05:11 +02:00
ffe1429c4f
Pass new value to triggerChange
...
it is not used. but pass in the empty string (on delete) and the new
file (on create)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-31 21:59:27 +02:00
93d539b0cf
Add mimetype support for .URL (Windows) and .webloc (macOS) files. Update places/link svg. Add filetype/link icon. Add repair step for mime types.
...
Signed-off-by: Thomas Ebert <thomas.ebert@te-online.net>
2017-08-31 16:53:07 +02:00
84ea66dca8
Merge pull request #6296 from nextcloud/improve_2fa
...
Improve 2FA
2017-08-31 10:52:40 +02:00
99dcf5036d
[tx-robot] updated from transifex
2017-08-31 00:08:31 +00:00
1e24fe858a
[tx-robot] updated from transifex
2017-08-30 00:08:26 +00:00
84b7022118
Improve 2FA
...
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-29 20:27:36 +02:00
3cfe91bf0f
Add shareWith to email template metadata
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-29 16:09:25 +02:00
8c917cbfe0
Merge pull request #6288 from nextcloud/master-6287
...
Allow the expiration date to be set to null
2017-08-29 11:32:11 +02:00
daf2d6cb96
[tx-robot] updated from transifex
2017-08-29 00:08:27 +00:00
be23f7e1de
Allow the expiration date to be set to null
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-28 17:49:16 +02:00
8e4085526d
[tx-robot] updated from transifex
2017-08-28 00:08:24 +00:00
804d97d6ff
unlock file when an exception occurs during scanning
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-08-26 18:58:06 +02:00
18908af87b
Dont swallow exception when inserting mimetypes if we're inside a transaction
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-08-26 18:58:06 +02:00
2bf15eda26
Merge pull request #6255 from nextcloud/email-meta-data
...
Add meta information to emails for better customisation
2017-08-26 18:53:52 +02:00
0b652648cc
Merge pull request #6177 from nextcloud/properly-add-slo-url
...
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
2017-08-26 18:50:52 +02:00
Roeland Jago Douma
John Molakvoæ (skjnldsv)
Morris Jobke
Christoph Wurst
Roeland Jago Douma
Robin Appelman
Joas Schilling
Nextcloud bot
Lukas Reschke
Arthur Schiwon
Thomas Citharel
Tobia De Koninck
Axel Helmert
Julius Härtl
William Pain
Leon Klingele
tux-rampage
Knut Ahlers
Bjoern Schiessle
Thomas Ebert