Commit Graph

16419 Commits

Author SHA1 Message Date
Morris Jobke 3d9fd4d0d1 Merge pull request #5817 from nextcloud/add-basic-sql-injection-checker
Add Phan plugin to check for SQL injections
2017-07-21 09:25:24 +02:00
Nextcloud bot 964d5338dc
[tx-robot] updated from transifex 2017-07-21 00:08:06 +00:00
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Björn Schießle c0e9b374f1 Merge pull request #5629 from nextcloud/add-recovery-key-on-public-upload
Add recovery key on public upload
2017-07-20 14:07:57 +02:00
Bjoern Schiessle 473824fa06
make sure that we always have a owner
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-20 11:40:17 +02:00
Bjoern Schiessle 20a6b22db6
Add recovery key on public upload
In order to decide if a recovery key needs to be added we always
need to check the files owner settings and not the settings of
the currently logged in user.

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-20 11:40:14 +02:00
Bjoern Schiessle ae8a3ce085
fix preview for public links
in case a user is already logged in on the same server from
which the public link comes from, we need to setup the owners
file system in order to show the preview

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-20 11:24:52 +02:00
Joas Schilling 0b3266531b
Fix copy and paste error on activity descriptions
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-20 09:31:14 +02:00
Nextcloud bot 26c42d3d30
[tx-robot] updated from transifex 2017-07-20 00:08:04 +00:00
Joas Schilling 3ff3c338c9 Merge pull request #5734 from nextcloud/only-readable-chars-in-share-tokens
Only use readable chars in Share Tokens
2017-07-19 16:40:18 +02:00
Roeland Jago Douma d5e3428af5 Merge pull request #5776 from nextcloud/install-phan
Run phan over code base
2017-07-19 13:45:31 +02:00
Lukas Reschke d8ec399454
Run phan over code base
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 10:28:11 +02:00
Morris Jobke e48ca730fe Add Android and iOS URLs to theming app
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-19 10:20:47 +02:00
Roeland Jago Douma e2298e0a71
Allow overwriting of IOS theming values
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-19 08:22:45 +02:00
Nextcloud bot 0ee83ac56b
[tx-robot] updated from transifex 2017-07-19 00:08:22 +00:00
Joas Schilling 984933e586
Only use readable chars in Share Tokens
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-18 15:44:34 +02:00
Roeland Jago Douma 1ac6eae7d5 Merge pull request #5739 from nextcloud/comradekingu-patch-4
Spelling: Bigversal and LDAP
2017-07-18 09:09:46 +02:00
Morris Jobke 58f72309cc Merge pull request #5736 from smueller18/patch-2
do not show hyphen in og:title if slogan does not exist
2017-07-18 09:04:47 +02:00
Roeland Jago Douma 4b1f258198 Merge pull request #5735 from nextcloud/comradekingu-patch-1
Spelling: Shortening and binding
2017-07-18 08:52:09 +02:00
Morris Jobke 99555faffd Merge pull request #5737 from nextcloud/comradekingu-patch-2
Spelling: command-line, Consider narrowing
2017-07-18 08:49:48 +02:00
Morris Jobke 7642492cfe Merge pull request #5741 from nextcloud/comradekingu-patch-6
Spelling: sent, an invitation, - successful
2017-07-18 08:49:06 +02:00
Morris Jobke 79cf7d610f Merge pull request #5740 from nextcloud/comradekingu-patch-5
Spelling: log out, : Bigversal
2017-07-18 08:48:08 +02:00
Nextcloud bot b1b843e572
[tx-robot] updated from transifex 2017-07-18 00:08:02 +00:00
Roeland Jago Douma 1956ea0e13 Merge pull request #5743 from nextcloud/comradekingu-patch-7
Spelling: - your
2017-07-17 14:42:13 +02:00
Robin Appelman 7fa02905aa
still remove the federated share even if we cant notify the remote
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-17 14:19:44 +02:00
Nextcloud bot 125767265d
[tx-robot] updated from transifex 2017-07-17 00:08:02 +00:00
Allan Nordhøy 1d24c82e38 - your
This avoids it being «"access to your "the cloud"» or similar. Italicizing %s might be a middleground here.
2017-07-15 11:39:50 +02:00
Nextcloud bot a23cdd04bb
[tx-robot] updated from transifex 2017-07-15 00:08:54 +00:00
Allan Nordhøy de6b7668c1 sent, an invitation, - successful 2017-07-14 17:28:57 +02:00
Allan Nordhøy 6ab8b90e94 log out, : Bigversal 2017-07-14 17:02:48 +02:00
Allan Nordhøy ddc804aa32 : Bigversal and LDAP 2017-07-14 15:46:05 +02:00
Allan Nordhøy 4b8c1eaa91 command-line, Consider narrowing 2017-07-14 15:32:47 +02:00
Stephan Müller 7cf3dc4e29 do not show hyphen in og:title if slogan does not exist 2017-07-14 15:26:44 +02:00
Allan Nordhøy 66cbf90853 Spelling: Shortening and binding 2017-07-14 15:24:55 +02:00
Nextcloud bot 3865c77279
[tx-robot] updated from transifex 2017-07-14 00:08:37 +00:00
Joas Schilling e335121d5e Merge pull request #5070 from nextcloud/theming-vs-themes
Prefer custom theme over the theming app
2017-07-13 13:41:31 +02:00
Nextcloud bot 261513b04a
[tx-robot] updated from transifex 2017-07-13 00:08:31 +00:00
Roeland Jago Douma 86a496d94a Merge pull request #5567 from nextcloud/public-capabilities
Public capabilities API
2017-07-12 13:04:54 +02:00
Roeland Jago Douma 08d3cb9107 Merge pull request #5685 from nextcloud/jail-propagator
Fix propagating changes within jail wrapper
2017-07-12 12:14:51 +02:00
Julius Härtl ce5ad7e7f4
Prefer custom theme over theming app
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-07-12 11:42:15 +02:00
Nextcloud bot 13295c2d1d
[tx-robot] updated from transifex 2017-07-12 00:08:43 +00:00
Morris Jobke 9e2d1caba2 Merge pull request #5681 from nextcloud/upstream-fix-circles
upstream fix circles
2017-07-11 18:03:06 +02:00
Robin Appelman dfe662ad42
Fix propagating changes within jail wrapper
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-11 17:55:04 +02:00
Morris Jobke 4153e1de79 Merge pull request #5672 from nextcloud/upload-hidden-filelist
properly block file upload to non-active filelist
2017-07-11 15:15:49 +02:00
Robin Appelman e1d6ca3c53
fix test
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-11 14:03:11 +02:00
Maxence Lange 6e7be6acfd upstream
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
2017-07-11 13:21:24 +02:00
Morris Jobke 7df7d0ff3b Merge pull request #5656 from nextcloud/fix-unselecting-items-on-multi-select-dropdowns
Fix unselecting items on multi select dropdowns
2017-07-10 23:39:43 +02:00
Morris Jobke 22693aec47 Merge pull request #5669 from nextcloud/fix-remote-share-activity-emails
Fix remote share activity emails
2017-07-10 16:16:54 +02:00
Robin Appelman 12c9b1efb0
properly block file upload to non-active filelist
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-10 14:32:10 +02:00
Roger Szabo 0ebec6f9a4 Rectify variable $uid->$user
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-07-10 18:46:39 +08:00
Joas Schilling 33cb45d4a3
Fix owner cloud id in unshare activity
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-10 12:20:56 +02:00
Joas Schilling b69ddfba8b
Fix activity emails for accept/decline of remote shares
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-10 12:10:36 +02:00
Morris Jobke c7b28064e3 Merge pull request #5649 from nextcloud/fix-5611
fix alignment of radio button and its label in encryption settings
2017-07-10 09:26:05 +02:00
Daniel Calviño Sánchez 46e813e749 Enable the toggleSelect extension in multi-select dropdowns
The toggleSelect extension for Select2 makes possible to unselect items
in a multi-select dropdown by clicking on them; this behaviour should be
enabled in all the multi-select dropdowns used in the server.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-07-10 03:38:22 +02:00
Nextcloud bot 4f7fafb5c5
[tx-robot] updated from transifex 2017-07-10 00:08:41 +00:00
Nextcloud bot cf8db31bce
[tx-robot] updated from transifex 2017-07-09 00:08:31 +00:00
Nextcloud bot f59062ce83
[tx-robot] updated from transifex 2017-07-08 00:08:27 +00:00
Arthur Schiwon c46006934c
fix alignment of radio button and its label in encryption settings
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-07-07 16:59:28 +02:00
Morris Jobke b4deba2078 Merge pull request #5483 from nextcloud/issue-5075-png-files-for-activity-emails
Use PNGs for icons in activity emails
2017-07-07 11:05:00 +02:00
Nextcloud bot d23bc9a99a
[tx-robot] updated from transifex 2017-07-07 00:08:24 +00:00
Bjoern Schiessle 001a9c02dd
adjust encryption tests to the new master key default
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:12 +02:00
Bjoern Schiessle c46b158e10
update sharing test to new master key default
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:12 +02:00
Bjoern Schiessle f186a5cfb1
fix and extend dav test to also test the master-key setup
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:11 +02:00
Bjoern Schiessle d668e17769
since the default for the master key changed we need to write the setting explicitely to the database if we migrate from a older version
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:11 +02:00
Bjoern Schiessle 66debbe18e
add occ command to disable the master key again
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:11 +02:00
Bjoern Schiessle 5f75468aa4
improve status messages
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:11 +02:00
Bjoern Schiessle 28a7e72868
after the master key was loaded we are ready to go, no re-login needed
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:10 +02:00
Bjoern Schiessle da51ec38f4
only collect detailed access list if it is really needed
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:33:08 +02:00
Bjoern Schiessle 9c5ba2f12c
make master key the new default
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:33:03 +02:00
Nextcloud bot 984953ef4a
[tx-robot] updated from transifex 2017-07-06 00:08:44 +00:00
Morris Jobke 60398b919b Merge pull request #5231 from nextcloud/migrations
Migrations
2017-07-05 17:32:40 +02:00
Morris Jobke ca565644b3 Merge pull request #5621 from nextcloud/fix-sorting-of-favorite-files-in-file-list
Fix sorting of favorite files in file list
2017-07-05 17:31:41 +02:00
Morris Jobke 6879573b2e Merge pull request #5580 from nextcloud/admin-audit-update
Admin audit update
2017-07-05 16:16:00 +02:00
Daniel Calviño Sánchez be56374c51 Fix sorting of favorite files
The sort comparator checks the "isFavorite" property of the FileInfo
objects to compare. That property is set when the file list is loaded
and the response from the server is parsed, and thus a freshly loaded
file list has the proper sorting for favorite files. However, the
property is not set in other cases, like when the FileInfo objects are
derived from FileInfoModels due to a file being marked as a favorite or
a text editor being closed, which causes the file to be sorted in the
wrong position.

There is no need to add the property in those situations, though; in all
cases the TagsPlugin adds a "tags" array property that contains an
OC.TAG_FAVORITE tag, so that tag can be checked instead of "isFavorite".
Moreover, although "isFavorite" was added by the main "_parseFileInfo"
function it did not really belong there but to the "FileInfoParser" from
the TagsPlugin; however, as that property now is not used anywhere it
was removed altogether.

A cleaner solution would have been to make the sort comparator
extensible by plugins like other behaviours of the file list and then
add the sorting logic related to favorite files to the TagsPlugin.
However, right now only the TagsPlugin would need to alter the main
sorting logic, and it seems like a corner case anyway. Even if it is
implemented as a plugin, favorite files is a core feature, so for the
time being it will be taken into account directly in the main sorting
logic; making the sort comparator extensible by plugins is defered until
there are other use cases for that.

Fixes #5410

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-07-05 15:01:23 +02:00
Joas Schilling fe6e8c2710 Fix dropping tables and handle the prefix automatically
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:02:16 +02:00
Joas Schilling 543c181ec5 Move twofactor_backupcodes to migrations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:02:16 +02:00
blizzz d8af9d4c9b Merge pull request #5557 from nextcloud/dont-log-passwords-on-dav-exceptions-either
Don't log passwords on dav exceptions
2017-07-05 11:58:32 +02:00
Morris Jobke e836efe68b Merge pull request #5569 from GitHubUser4234/ldap_password_renew_nc12fix
Ldap password renewal fixes for NC12
2017-07-05 11:49:13 +02:00
Nextcloud bot 1cbb7a18d8
[tx-robot] updated from transifex 2017-07-05 00:08:26 +00:00
Morris Jobke 67f4a79be7 Merge pull request #5549 from nextcloud/update-info
Update admin.php
2017-07-04 19:11:31 +02:00
Morris Jobke 711d861d8b Merge pull request #5556 from nextcloud/files_external_sftp_2048_4096
[Files external] Add support for 2048 and 4096 bit RSA key generation
2017-07-04 17:37:25 +02:00
Morris Jobke f3c25e177f Merge pull request #5407 from nextcloud/5157-simple-logo
Simplified Nextcloud logo icon #2
2017-07-04 12:56:05 +02:00
Nextcloud bot c94dbddd12
[tx-robot] updated from transifex 2017-07-03 00:08:21 +00:00
Marin Treselj 02dd7f5965
Revert background-size as requested, issue will be fixed separately
Signed-off-by: Marin Treselj <marin.treselj@forlagshuset.no>
2017-07-02 14:15:09 +02:00
Marin Treselj 3470d0a44e
Simplified Nextcloud logo icon
Signed-off-by: Marin Treselj <marin@pixelipo.com>
2017-07-02 14:14:49 +02:00
Nextcloud bot cc4373c901
[tx-robot] updated from transifex 2017-07-02 00:08:14 +00:00
Joas Schilling a4a99fa7b9
Log console commands
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-01 12:19:01 +02:00
Joas Schilling a5430b68ff
Listen to app enable/disable events
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-01 12:06:14 +02:00
Joas Schilling 669f684434
Move logic to Application class
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-01 11:41:21 +02:00
Joas Schilling 8260d4bf73
Move to PSR-4
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-01 11:33:20 +02:00
Nextcloud bot d49276082e
[tx-robot] updated from transifex 2017-07-01 00:08:28 +00:00
Roger Szabo 51ecc7ce11 suppress superflous php error on rejected password change
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-06-30 18:36:33 +08:00
Julius Härtl 42d9be4529
Expose theming capabilities to public
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-06-30 11:08:54 +02:00
Roeland Jago Douma e3127b8899
Remove unused member
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-06-30 09:13:36 +02:00
Nextcloud bot 2afb4857cc
[tx-robot] updated from transifex 2017-06-30 00:08:23 +00:00
blizzz 72d3bfcf56 Merge pull request #4890 from nextcloud/unify-settings
Unify settings
2017-06-29 20:02:09 +02:00
Joas Schilling b27819785e
Don't log passwords on dav exceptions
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-29 17:20:10 +02:00
Roeland Jago Douma e0ef960848 Merge pull request #5526 from nextcloud/trashbin-error-log
Improve logging of trash bin inconsistencies
2017-06-29 11:06:50 +02:00
Roeland Jago Douma 25e08bc8a0
Allow 2048 and 4096 bit SFTP keys
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-06-29 09:32:24 +02:00
Nextcloud bot 928b6a376e
[tx-robot] updated from transifex 2017-06-29 00:08:26 +00:00