mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
38,073 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

7131 Commits

Author SHA1 Message Date
Robin Appelman baec42e80a
Save the scope of an auth token in the session 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-04-05 17:58:33 +02:00
Morris Jobke fa4107893d Merge pull request #4138 from nextcloud/resources_match_fullid 
Match slashes in ../{id} resource routes
 2017-04-04 15:52:53 -05:00
Morris Jobke b78876236d Merge pull request #4192 from nextcloud/fix/custom-default-app-redirect-2fa-selection 
Redirect to 2FA selection screen
 2017-04-04 15:47:35 -05:00
Morris Jobke 52eaf6cfbb Merge pull request #3310 from duritong/patch-1 
only chmod logfile if necessary
 2017-04-04 11:42:26 -05:00
Lukas Reschke e0227cb458 Merge pull request #2095 from nextcloud/bruteforcesetttings 
Introduce bruteforce settings
 2017-04-04 11:57:43 +02:00
Roeland Jago Douma efb21a948e Merge pull request #4093 from nextcloud/endorse-password-protection 
Endorse password protection
 2017-04-04 11:04:21 +02:00
Roeland Jago Douma 31f9be7a75
Match slashes in ../{id} resource routes 
Fixes #2954

Before we could match on <prefix>/{id} however if the id contains a /
this would not match properly. But since we define the resource routes
internally we now make sure that we match all chars (up until the ?).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-04 08:37:11 +02:00
Roeland Jago Douma 2a9192334e
Don't try to parse empty body if there is no body 
Fixes #3890

If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.

See RFC 2616 Section 4.3

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-04 08:22:33 +02:00
Christoph Wurst a7cc8c86ab
Redirect to 2FA selection screen 
Apps like 'rainloop' use \OCP\Util::isLoggedIn() to check whether the
current request is authenticated. Since we redirected to the index
page before, it resulted in an infinite redirection loop. This change
sets the redirection URL to the 2FA selection page, which is the only
allowed page in that authentication state.

Fixes https://github.com/nextcloud/server/issues/3702

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-03 14:31:57 +02:00
Christoph Wurst cbe44043be Merge pull request #4131 from nextcloud/fix-jscombiner 
Fix check for cache value in JSCombiner
 2017-04-03 11:27:39 +02:00
Bjoern Schiessle b85b6f2439
feature endorse password for share links 
works like "enforce password protection", but let the
user optionally remove the password protection after the
password is set. by Timo Benk

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-04-03 10:57:52 +02:00
Morris Jobke ed00bab80b
Fixed layout of bruteforcesettings 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-02 21:19:30 +02:00
Roeland Jago Douma be674c19a5
Respect bruteforce settings in the Throttler 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-02 21:13:50 +02:00
Roeland Jago Douma dca555b7f3
Adds security section to the admin page 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-02 21:13:09 +02:00
Björn Schießle 85da9378c0 Merge pull request #4140 from nextcloud/no_encryption_no_wrapper 
Don't add the Encryption Storage Wrapper if there are no encryption modules
 2017-03-31 14:49:38 +02:00
Roeland Jago Douma 548871a9f3 Merge pull request #3832 from nextcloud/fix_1303 
Do not clear CSRF token on logout (fix for #1303)
 2017-03-30 18:25:50 +02:00
Joas Schilling a51e4dd259 Merge pull request #4150 from nextcloud/capped-memcache-push 
support pushing to CappedMemoryCache
 2017-03-30 15:16:33 +02:00
Robin Appelman 0aeb595784
user ids are strings 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 12:24:46 +02:00
Robin Appelman dc4b983639
support pushing to CappedMemoryCache 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:21:32 +02:00
Robin Appelman d4a7cfec7c
rename fun to func 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:15:06 +02:00
Robin Appelman fee818f493
Add tests for query builder (i)like 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:15:03 +02:00
Robin Appelman 3355fd549f
dont double escape 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:14:59 +02:00
Robin Appelman 4125bdeb93
fix licence headers 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:14:52 +02:00
Robin Appelman 4b7bc2af0e
Move all children of a folder in a single query 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:14:48 +02:00
Robin Appelman 4279b13270
Add function builder to the query builder 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:09:26 +02:00
Robin Appelman a65652fc1e
add support for escaping like parameters when using the query builder 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:09:22 +02:00
Robin Appelman 83f3990e06
Add MD5() to sqlite 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 11:09:19 +02:00
Lukas Reschke 1ee7e1c0b1 Merge pull request #4132 from nextcloud/fix-safari-gzip 
Fix gzip files for Safari
 2017-03-30 10:47:28 +02:00
Roeland Jago Douma 111c9f7563
Don't add the Encryption Storage Wrapper if there are no encryption modules 
fixes #4125

If there is no encryption module enabled it makes no sense to setup the
encryption wrapper (because we can't do anything anyway).

This saves reading the header of files.
Especialy on external storage/objectstore this should improve
performance

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-29 18:57:56 +02:00
Jan-Christoph Borchardt 354a24e0aa
also rename defaultMailHeaderColor to defaultColorPrimary 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-03-29 18:23:23 +02:00
Julius Härtl 698396a927
Add fallback to getMailHeaderColor so we don't break existing themes 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2017-03-29 18:23:23 +02:00
Jan-Christoph Borchardt 9a75714c22
rename confusing getMailHeaderColor to getColorPrimary, ref #3491 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-03-29 18:23:23 +02:00
Roeland Jago Douma 626d03e3d4 Merge pull request #4116 from nextcloud/swift-cache-token 
Cache swift authentication token in memcache
 2017-03-29 11:23:13 +02:00
Joas Schilling 784e06073b Merge pull request #4129 from nextcloud/remove-verbose-error-message 
Remove verbose error message
 2017-03-29 10:01:17 +02:00
Morris Jobke 9813023aab
Fix gzip files for Safari 
* Safari support gzip only if the filename does not
  end on .gz - so this renames them to .gzip

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:11:51 -06:00
Morris Jobke 1f7124a57b Merge pull request #4120 from nextcloud/newest-item-first-in-activity 
Change the order on merging activities so the newest item is first
 2017-03-28 17:51:30 -06:00
Morris Jobke dbf6b7ff86 Merge pull request #4127 from nextcloud/update-legacy-csp-policy 
Update legacy CSP policy
 2017-03-28 17:47:32 -06:00
Morris Jobke 51e5c0766c
Fix check for cache value in JSCombiner 
* fixes following log output, because there was empty string
  stored in the cache

Invalid argument supplied for foreach() at lib/private/Template/JSCombiner.php#108

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-28 17:43:39 -06:00
Morris Jobke 16b8c0c691 Merge pull request #4070 from nextcloud/gzip_scss_js 
GZip generated CSS/JS files
 2017-03-28 17:11:17 -06:00
Lukas Reschke 49ba822fef
Remove verbose error message 
There's no need to have this included in the error message.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-29 00:34:33 +02:00
Lukas Reschke 3a90ab7e0a
Update legacy CSP policy 
Aligns it with the one enforced by the AppFramework

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-28 23:55:31 +02:00
Roeland Jago Douma a40405531c
Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-28 23:13:59 +02:00
Roeland Jago Douma 4821c00ea8 Merge pull request #4004 from nextcloud/backport-27172 
Remove SharedCache::getNumericStorageId to let CacheWrapper do it
 2017-03-28 21:56:44 +02:00
Roeland Jago Douma 54f9b35f71
Allow to gzip CSS/JS files 
Since in production the SCSS files are compiled once and the javascript
files are combined once we can just as well gzip them aggresively.

This means that once they are requested and the browser supports gzip we
can just serve the gzipped file saving precious bandwidth.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-28 21:46:23 +02:00
Robin Appelman 6991b79d40
serialize the token to json instead of using php's serialize 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-28 21:33:07 +02:00
Robin Appelman 205d5586e8
cache swift tokens in memcache 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-28 12:37:41 -06:00
Robin Appelman e26f138fc5 Merge pull request #4112 from nextcloud/swift-config 
Better error messages for objectsack swift configuration
 2017-03-28 17:51:18 +02:00
Joas Schilling 644b37c7e4
Change the order on merging activities so the newest item is first 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-28 17:19:34 +02:00
Robin Appelman 8dbca71a77
better error messages for invalid regions, urltypes and service names 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-28 17:00:11 +02:00
Robin Appelman 5062d0ac50
better error messages when swift authentication fails 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-28 11:02:18 +02:00