41e5850450
Prevent directory traversals in ctr of \OC\Files\View
...
This prevents a misusage of \OC\Files\View by calling it with user-supplied input. In such cases an exception is now thrown.
2015-02-18 18:17:33 +01:00
8d09cc3b91
Merge pull request #13989 from owncloud/enhancment/security/11857
...
Allow AppFramework applications to specify a custom CSP header
2015-02-18 10:27:29 -05:00
097d455213
provide case-insensitive natural sorting
...
This makes OC's naturalsort_defaultcollator case-insensitive
2015-02-18 15:49:03 +01:00
e4bf3fcb53
Merge pull request #14330 from owncloud/revert-13879-add_debug_log_for_memcache_instantiation
...
Revert "add debug log for memcache instantiation"
2015-02-18 15:45:38 +01:00
5542fafd36
allow overwriting the appmanager in oc_util by subclassing
2015-02-18 14:24:50 +01:00
cd4c064ebf
Revert "add debug log for memcache instantiation"
2015-02-18 14:16:14 +01:00
a666f804c7
Use the untrusted domain in the installer
2015-02-18 13:59:37 +01:00
2b1f39cd6b
Merge pull request #14308 from owncloud/fix-14247
...
Add mapping for a broken varchar type.
2015-02-18 10:05:33 +01:00
ceaa193df2
Merge pull request #14273 from owncloud/require-at-least-apcu-4-0-6
...
Use APCu only if available in version 4.0.6 and higher
2015-02-18 01:07:54 +01:00
5d7d2adcbf
Merge pull request #14207 from owncloud/propfind-optimize
...
Optimize quota calculation for propfind
2015-02-18 00:18:47 +01:00
090db867d5
Add mapping for a broken varchar type. Fixes #14247
2015-02-17 23:22:57 +03:00
e672f8cc8f
Use appmanager in OC_App::enable/disable
2015-02-17 15:05:29 +01:00
04628cf368
better name for getAppsEnabledForUser
2015-02-17 15:05:29 +01:00
434835b326
also set user in UserSession when doing OC_User::setUserId
2015-02-17 15:05:29 +01:00
409453bc60
better user group caching
2015-02-17 15:05:29 +01:00
5c68c81d00
Update cache when enabling/disabling apps
2015-02-17 15:05:25 +01:00
b701bbd8c5
Use APCu only if available in version 4.0.6 and higher
...
APCu before 4.0.6 is unbelievable buggy and tend to segfault the PHP process (i.e. the whole webserver)
This potentially fixes https://github.com/owncloud/core/issues/14175
Requires a backport to stable8
2015-02-17 13:28:02 +01:00
535757bc42
DAV authentication: also use Owncloud's internal user for short-circuit
...
It still works otherwise, but without this, the performance optimization
of #13416 is defeated in these situations.
2015-02-16 23:47:39 +01:00
1377ebc7e9
DAV authentication: use Owncloud's internal user instead of HTTP-supplied one
...
Fixes : #14048 , #14104 , calendar#712
2015-02-16 23:34:49 +01:00
cebf9f6a5a
Incorporate review changes
2015-02-16 22:13:03 +01:00
992164446c
Add blackmagic due to cyclic dependency 🙈
2015-02-16 22:13:01 +01:00
9f91d64918
Make scrutinizer happy
2015-02-16 22:13:00 +01:00
886bda5f81
Refactor OC_Request into TrustedDomainHelper and IRequest
...
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.
This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.
Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.
Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
2015-02-16 22:13:00 +01:00
bdfc9b57bd
Skip primary index if the table has one
2015-02-16 20:30:28 +01:00
87db136508
add debug log for memcache instantiation
2015-02-16 18:05:43 +01:00
5a5d6bf4db
Merge pull request #14128 from owncloud/drop-unused-methods
...
Remove unused function and correct PHPDoc
2015-02-16 17:37:36 +01:00
9271059195
Merge pull request #13750 from owncloud/enhanced-code-checker
...
Implement php code checker to detect usage of not allowed private ...
2015-02-16 16:55:57 +01:00
8eb804b1f6
Merge pull request #13269 from owncloud/issue/13211-cache-array-implementation
...
Add an array implementation of cache and use it if we are not debugging
2015-02-16 15:35:20 +01:00
23ab25e93a
Use the app manager from oc_app
2015-02-16 15:16:13 +01:00
2b58e8489f
Add getInstalledApps and getAppsForUser to the app manager
2015-02-16 15:15:35 +01:00
9c47ab91f2
Merge pull request #14194 from owncloud/url-encode-logout-attribute
...
URLEncode logout attribute
2015-02-16 15:04:20 +01:00
8848b5f067
Add an array implementation of cache and use it if we are not debugging
2015-02-16 14:55:50 +01:00
c6705ab574
Merge pull request #13890 from owncloud/add-no-referrer
...
Add `rel="noreferrer"` where possible and switch to HTTPS
2015-02-16 14:36:44 +01:00
7e45f5d27b
Remove unused function and correct PHPDoc
2015-02-16 13:46:45 +01:00
8791f1992e
Add noreferrer to footer URI
2015-02-16 13:37:54 +01:00
78febb2ee5
Merge pull request #14201 from owncloud/propagator-dont-decrease-mtime
...
Dont lower the mtime of a folder when propagating changes
2015-02-16 11:32:17 +01:00
b20174bdad
Allow AppFramework applications to specify a custom CSP header
...
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.
Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```
Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
2015-02-16 11:00:41 +01:00
d5ca5c7bcc
Merge pull request #14138 from owncloud/fix-image-flip-php53
...
Don't flip image in PHP 5.4
2015-02-16 10:26:56 +01:00
9abaa0cc61
pass fileinfo to getStorageInfo
2015-02-13 17:59:58 +01:00
fb2a3284df
Cache quota info for directories
2015-02-13 17:50:53 +01:00
134243d3e5
Dont lower the mtime of a folder when propagating changes
2015-02-13 14:30:05 +01:00
276bfe5f33
Merge pull request #14197 from owncloud/ensure-that-passed-file-path-is-always-a-string
...
Ensure that passed argument is always a string
2015-02-13 13:30:54 +01:00
95860d8113
Merge pull request #14086 from hlop/master
...
App install behind a Proxy
2015-02-13 12:56:01 +01:00
9904b30070
Ensure that passed argument is always a string
...
Some code paths called the `normalizePath` functionality with types other than a string which resulted in unexpected behaviour.
Thus the function is now manually casting the type to a string and I corrected the usage in list.php as well.
2015-02-13 12:49:34 +01:00
025110821f
URLEncode logout attribute
...
Otherwise logout can fail if the requesttoken contains a +
2015-02-13 12:08:23 +01:00
6c349c00bb
Order methods to by grouped by their task
2015-02-13 11:55:06 +01:00
be63e18b0a
Check whether filter is valid, before doing stuff for it
2015-02-13 11:50:55 +01:00
c02de748e5
Cache some values from the extensions
2015-02-13 11:36:34 +01:00
8e8acad550
Merge pull request #14145 from owncloud/no-whitespace-from-themes-master
...
catch any whitespaces which might get written to the output buffer while...
2015-02-12 17:23:28 +01:00
fc7f279d90
catch any whitespaces which might get written to the output buffer while loading a theme
2015-02-12 16:42:17 +01:00
2f80be45b0
Remove internal annotation
...
PHPStorm complained about those functions being declared as Internal. I doubt that this is actually the case since they are even in the public API.
2015-02-12 16:35:47 +01:00
780024e252
Merge pull request #14071 from owncloud/add_timeout_for_post_requests
...
add timeout to curl request
2015-02-12 11:38:35 +01:00
f4182d2dc9
Merge pull request #10993 from owncloud/scanner-reuse-fileid
...
Reuse known fileids and cache data in the scanner
2015-02-12 10:53:00 +01:00
4155252379
add timeout to curl request
2015-02-12 10:51:39 +01:00
a496c34aea
Check if imageflip is available
...
* imageflip() isn't available in PHP < 5.5
* fixes #14130
2015-02-12 10:21:20 +01:00
86139fcce8
Deprecate `OC_JSON` and `OCP\JSON`
...
This deprecates – but not removes – those two classes and all functions in it. There is no reason that new developments should use those methods as with the AppFramework there is a replacement that allows testable code.
With the `@deprecated` annotation IDEs like PHPStorm will point out to the developer that a functionality is deprecated and that there is a better suited replacement.
2015-02-12 00:56:13 +01:00
9ecb36e81f
integrate code checker in the installer
2015-02-11 23:37:51 +01:00
99a97649f2
Merge pull request #14097 from yanntech/fix/utf8-check
...
in some case charset can be in lower case.
2015-02-11 18:04:54 +01:00
fbbb9fe0fd
Merge pull request #13979 from owncloud/group-share-collition-wrong-type-in-post-hook
...
Do not overwrite the shareType so the post hook is still correct
2015-02-11 15:23:13 +01:00
9df18ffe75
only read permissions once
2015-02-11 13:11:31 +01:00
9bbfeada6b
Only try to scan the children of directories
2015-02-11 13:11:31 +01:00
dc6468c2aa
Cast mtimes and size to int
2015-02-11 13:11:28 +01:00
4242dd0d9d
Reuse cache data of existing files during scan
2015-02-11 13:08:28 +01:00
1fcea6f1bd
in some case charset can be in lower case.
...
Add strtoupper() in UTF-8 check to avoid error message
2015-02-11 11:59:33 +01:00
531c89a610
App install behind a Proxy
2015-02-11 07:47:50 +01:00
45dcca2fcb
Merge pull request #13861 from owncloud/remove-disabled-files-repair-step
...
Revert "enabled disabled files app in repair step"
2015-02-10 22:46:53 +01:00
11283c57d9
Merge pull request #11056 from AdamWill/9885-opcode
...
add function to invalidate one opcache file, use it if possible #9885
2015-02-10 17:21:15 +01:00
d74662df7d
implement php code checker to detect usage of not allowed private APIs - including console command to check local code to be used by developers
2015-02-10 11:51:24 +01:00
1bb6de7c1b
Merge pull request #13425 from owncloud/phpdoc_cleanup
...
Cleanup of PHPDoc return types
2015-02-10 01:14:00 +01:00
068f6107c6
Merge pull request #13842 from owncloud/is_file_2_is_readable
...
check if cache files are readable
2015-02-09 23:45:32 +01:00
74de345c7f
Merge pull request #13511 from owncloud/naturalsort_speeeeeed
...
NaturalSort performance improvements
2015-02-09 18:39:52 +01:00
c4d9ae8af4
Merge pull request #13928 from owncloud/prevent_ghost_files_master
...
prevent creation of ghost directories
2015-02-09 18:15:45 +01:00
5296767393
Merge pull request #13921 from owncloud/ocs-af
...
Add a controller and reponse for ocs
2015-02-09 18:11:47 +01:00
605e2357a1
Merge pull request #13852 from owncloud/cache-app-versions
...
Cache app versions
2015-02-09 18:03:19 +01:00
c7fcd42edb
Merge pull request #13870 from owncloud/drop-oc-preferences-2
...
drop OC\Preferences
2015-02-09 17:49:05 +01:00
b7b8c0c2e5
Merge pull request #13869 from owncloud/drop-oc-preferences
...
drop OC_Preferences
2015-02-09 17:48:36 +01:00
47c7eb4e70
Merge pull request #13973 from owncloud/enhancement/security/13366
...
Respect `mod_unique_id` and refactor `OC_Request::getRequestId`
2015-02-09 17:35:19 +01:00
a79757bc37
Store FileInfo::getType() result for future use
2015-02-09 16:34:11 +00:00
44c330aa5d
Performance improvements for NaturalSort
...
A combination of using isset() instead of count() or strlen(), caching the
chunkify function, and replacing is_numeric() with some comparisons
2015-02-09 16:32:43 +00:00
5d8f1a1de3
Merge pull request #13854 from owncloud/avatar-exists
...
Add a better way to check if an avatar exists for the user
2015-02-09 17:06:24 +01:00
31b93ac19a
Do not overwrite the shareType so the post hook is still correct
2015-02-09 12:59:29 +01:00
45e3cbefc9
Check directory handle before we use it
2015-02-09 12:36:18 +01:00
770fa761b8
Respect `mod_unique_id` and refactor `OC_Request::getRequestId`
...
When `mod_unique_id` is enabled the ID generated by it will be used for logging. This allows for correlation of the Apache logs and the ownCloud logs.
Testplan:
- [ ] When `mod_unique_id` is enabled the request ID equals the one generated by `mod_unique_id`.
- [ ] When `mod_unique_id` is not available the request ID is a 20 character long random string
- [ ] The generated Id is stable over the lifespan of one request
Changeset looks a little bit larger since I had to adjust every unit test using the HTTP\Request class for proper DI.
Fixes https://github.com/owncloud/core/issues/13366
2015-02-09 11:53:11 +01:00
0e604aa875
Merge pull request #13948 from owncloud/cache-move-transaction
...
Use transactions when renaming directory contents
2015-02-08 19:08:52 +01:00
90556cb70b
Merge pull request #12283 from oparoz/sfnt-fonts
...
Updated the media type of some font types
2015-02-07 13:33:49 +01:00
11ded92a73
Merge pull request #13830 from owncloud/fix-redirect-404
...
Don't encode url unecessary twice
2015-02-07 13:24:47 +01:00
6c00521e8b
Use transactions when renaming directory contents
2015-02-06 15:20:53 +01:00
bc56fef619
Merge pull request #13932 from owncloud/revert-sabredav-etag-master
...
Revert "adding OC-ETag header"
2015-02-06 12:05:32 +01:00
4d91fa4c93
Normalize before processing
2015-02-06 15:03:29 +01:00
8210200770
Revert "adding OC-ETag header"
...
This reverts commit 96a931929e
2015-02-05 20:43:37 +01:00
1448f281b7
for password protected link shares the password is stored in shareWith, so we need to set this manually to null for the hooks
2015-02-05 17:23:59 +01:00
fdc64e370c
add a controller and reponse for ocs
2015-02-05 14:02:17 +01:00
adf9a4e4eb
Dont bother updating the cache when working with part files
2015-02-05 13:59:50 +01:00
842d0e227c
Dont update the cache after fopen
2015-02-05 13:47:32 +01:00
486f49ed72
Merge pull request #13881 from owncloud/upload_to_root_of_mountpoint
...
detect root of mountpoint also if the trailing slash is missed
2015-02-04 14:44:02 +01:00
21c45925fe
detect root of mountpoint also if the trailing slash is missed
2015-02-04 12:47:04 +01:00
4df7c0a1ed
drop OC\Preferences
2015-02-04 00:31:09 +01:00
909a53e087
drop OC_Preferences
2015-02-04 00:06:29 +01:00
b168c191bc
Revert "enabled disabled files app in repair step"
...
This reverts commit d70160c607
2015-02-03 17:06:57 +01:00
23c6a0cf99
Merge pull request #13843 from owncloud/fix-files-disabled
...
Fix disabled files app
2015-02-03 16:13:15 +01:00
Lukas Reschke
Clark Tomlinson
AW-UC
Robin Appelman
Thomas Müller
Morris Jobke
Victor Dubiniuk
Christian Seiler
Jörn Friedrich Dreyer
Joas Schilling
Björn Schießle
Bjoern Schiessle
Vincent Petry
Yann VERRY
Witali Rott
Robin McCorkell
Bernhard Posselt