Commit Graph

1855 Commits

Author SHA1 Message Date
Lukas Reschke 77c0adb520 Merge branch 'securityutils' of https://github.com/owncloud/core into securityutils 2014-09-03 11:04:49 +02:00
Lukas Reschke 50b430ee7c Add char consts, hash the specified password for the HMAC 2014-09-03 11:03:27 +02:00
Lukas Reschke ae3425d2da Merge branch 'master' into securityutils
Conflicts:
	lib/private/util.php
2014-08-31 15:21:09 +02:00
Lukas Reschke a197ef0f6c Merge pull request #10768 from owncloud/l10n-use-public
Use public api for getting l10n
2014-08-31 11:58:59 +02:00
Robin Appelman d0266c0bf8 Use public api for getting l10n 2014-08-31 10:08:22 +02:00
Morris Jobke 06e6f10ce4 Add optional user ID parameter for getUseFolder 2014-08-31 09:49:19 +02:00
Robin Appelman 0b88355368 Merge pull request #10721 from owncloud/kill-rand
Kill insecure random number generation
2014-08-29 19:48:00 +02:00
Morris Jobke 3a4b71ffb4 Merge pull request #10734 from owncloud/fix-10268
retrieve local users, groups and group members in a sorted way
2014-08-29 19:35:32 +02:00
Lukas Reschke 35276def1c Merge pull request #10614 from owncloud/remove-ee-hack
Remove different URL for EE
2014-08-29 18:23:15 +02:00
Jörn Friedrich Dreyer 10382ef2f0 allow empty hostname and dots in service name for oracle autosetup 2014-08-29 17:09:17 +02:00
Robin Appelman 3de69ff81b Don't register the call when rendering error pages 2014-08-29 15:44:39 +02:00
Robin Appelman dd7b8e4555 Remove insecure fallback random number generation 2014-08-29 15:44:09 +02:00
Arthur Schiwon 0bb460c9b5 retrieve local users, groups and group members in a sorted way 2014-08-29 15:17:37 +02:00
Jörn Friedrich Dreyer f551917a3c kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Lukas Reschke 9ab62ad5b7 Escape error messages 2014-08-27 17:01:51 +02:00
Clark Tomlinson cb0da1178b Merge pull request #10653 from owncloud/x-forwarded-for
Add support for getting the real client IP behind proxies
2014-08-27 10:32:34 -04:00
Björn Schießle c35d60f6d8 Merge pull request #9915 from suraia/unsharefromself-source
Allow specifying the item source in unshareFromSelf().
2014-08-27 10:31:35 +02:00
Lukas Reschke 3329e0f2b2 Use DI 2014-08-27 00:49:53 +02:00
Lukas Reschke d26a9c3c58 Add some security utilities
This adds some security utilities to core including:
- A library for basic crypto operations (e.g. to encrypt passwords)
- A better library for cryptographic actions which allows you to specify the charset
- A library for secure string comparisions

Remove .htaccess

Remove .htaccess

Fix typo

Add public API

Use timing constant comparision

Remove CBC constant

Adjust code

Remove confusing $this
2014-08-27 00:18:04 +02:00
Lukas Reschke 7acdd018a1 Add support for getting the real client IP behind proxies
Fixes https://github.com/owncloud/core/issues/10624

Fix copy paste fail

Add unittest for comma separated headers

Revert 3rdparty
2014-08-27 00:05:04 +02:00
Thomas Müller 2e8026a7b5 Merge pull request #10619 from owncloud/issue/6722
Add a test to break the slugifyPath() with folder and file afterwards
2014-08-26 10:33:18 +02:00
Lukas Reschke ca7e4c8c67 Add isAppstoreEnabled instead of hijacking the URL 2014-08-26 10:20:51 +02:00
Clark Tomlinson 6523c575f3 Merge pull request #10623 from owncloud/not-a-valid-resource-log-entries
Do not try to close the same resource multiple times
2014-08-25 12:52:06 -04:00
Vincent Petry c86824fa09 Merge pull request #10023 from owncloud/tmp-file-created-status
Log unsuccessful temp file creation and return false
2014-08-25 17:24:46 +02:00
Joas Schilling 989da69cff Do not try to close the same resource multiple times 2014-08-25 15:31:43 +02:00
Joas Schilling 1846aebfff Use md5() of the original name instead of uniqid() for slugifying
Previously we used uniqid() here.
However this means that the behaviour is not reproducable, so
when uploading files into a "empty" folder, the folders name is
different.

If there would be a md5() hash collition, the deduplicate check
will spot this and append an index later, so this should not be
a problem.

Fix #6722
2014-08-25 15:06:12 +02:00
Joas Schilling b861e1d696 Fix code layout before fixing the function 2014-08-25 15:06:10 +02:00
Jörn Friedrich Dreyer ebf7758d10 Merge pull request #10595 from owncloud/swift-stream
Stream downloads from Swift object stores without downloading it first
2014-08-25 11:26:39 +02:00
Lukas Reschke 4bc72cc4e0 Remove different URL for EE
This can now be achieved by setting `appstoreenabled` to `false` in config.php
2014-08-24 20:22:15 +02:00
Clark Tomlinson 2ad0d3f1be Throw exception if file cannot be accessed via http
Format file

Removing calls to deprecated classes and using internal method to get via http

Missed a character

Fix inverted logic
2014-08-22 19:41:30 -04:00
Thomas Müller a77d468d35 Merge pull request #10584 from owncloud/simple-wizard-trusted-domains
Add a trusted domain wizard
2014-08-22 17:12:17 +02:00
Lukas Reschke 88c3a4a31a Expose setSystemValue 2014-08-22 15:53:23 +02:00
Thomas Müller 0e8916b147 Merge pull request #7539 from owncloud/repair-legacystorageid
Added repair script to upgrade the legacy home storage ids
2014-08-22 14:22:39 +02:00
Robin Appelman 191a82e768 Stream downloads from Swift object stores without downloading it first 2014-08-22 14:11:36 +02:00
Thomas Müller b8b2ef8748 no statement caching for Oracle 2014-08-22 12:06:36 +02:00
Robin Appelman 63570df75f Add files as string to tar archives 2014-08-21 08:49:57 +02:00
Robin Appelman 88c32861bc reformat 2014-08-21 08:49:57 +02:00
Vincent Petry 8f201c7383 Explicily close the statement cursors
Fixes the issue that makes SQLite freeze on later tests.
2014-08-20 23:49:15 +02:00
Lukas Reschke 92c80dd946 Merge pull request #10518 from owncloud/fix_storage_const_autoload
Fix storage const autoload
2014-08-20 23:23:42 +02:00
Vincent Petry 068f9d10f1 Added repair step for legacy storages 2014-08-20 23:14:05 +02:00
Vincent Petry 36c88e2830 Merge pull request #10422 from owncloud/dav-disablerangerequestwhennotsupported
Return whole file if range request cannot be granted due to encryption
2014-08-20 18:14:09 +02:00
Morris Jobke 9a5e745a64 fix typo 2014-08-19 16:45:22 +02:00
Morris Jobke b3b3354809 move to public namespace 2014-08-19 14:05:08 +02:00
Stephan Peijnik 5d7deefd95 Use tabs for indentation.
Signed-off-by: Stephan Peijnik <speijnik@anexia-it.com>
2014-08-19 13:55:43 +02:00
Stephan Peijnik 2df52e54d7 Fix STORAGE_* constants usage by moving those constants into \OC\Files\Filesystem.
As constants not defined within a class cannot be automatically found by the
autoloader moving those constants into a class makes them accessible to
code which uses them.

Signed-off-by: Stephan Peijnik <speijnik@anexia-it.com>
2014-08-19 13:55:35 +02:00
Robin Appelman fdfc5c67f8 Merge pull request #9866 from owncloud/app-upgrade
Don't do app upgrades in the background
2014-08-19 13:33:38 +02:00
Thomas Müller 1c23f54d42 Merge pull request #10341 from owncloud/issue/9928
[Issue/9928] Problems with filemtime in MappedLocal Storage
2014-08-19 10:10:09 +02:00
helix84 722a119e46 fix typo in util.php 2014-08-18 15:59:36 +02:00
Robin Appelman ab590ce9a0 fix undefined variable 2014-08-18 15:30:46 +02:00
Thomas Müller 62e06cb0ba Merge pull request #10472 from owncloud/fix_undefined_index_ocsid
check if array index ocsid is set before accessing it
2014-08-18 10:43:21 +02:00