Commit Graph

84 Commits

Author SHA1 Message Date
Markus Staab db34b59238 Prevent XSS in links which open a new browser window 2017-10-19 12:16:04 +02:00
Christoph Wurst 2e19c42bc5
Check whether an app archive can be extracted
If extraction fails we should not continue the installation/update
process as the info.xml cannot be loaded and an unrelated error
occurs.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-20 14:07:17 +02:00
Joas Schilling 79d7c26b8a
Register autoloading before running migrations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-07 12:01:11 +02:00
Joas Schilling 7a3d83d630 Register autoloading before running migrations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:02:16 +02:00
Joas Schilling 183b1dbde3 Use migrations when there is no database.xml
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:01:19 +02:00
Morris Jobke be33234266 Remove OC_App:installApp
* uses Installer->installApp now
* removes unused code
* fixes #4453
* added some additional checks

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-15 00:03:35 -05:00
Lukas Reschke 47cd976035
Add app bundles
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:49 +02:00
Morris Jobke c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Lukas Reschke 32bf8ec826
Don't use cached informations for app version
When installing an app from the appstore the `\OC_App::getAppVersion` code is triggered twice:

- First when the downloader tries to compare the current version to the new version on the appstore to check if there is a newer version. This protects against downgrade attacks and is implemented in `\OC\Installer::downloadApp`.
- Second, when the app is actually installed the current version is written to the database. (`\OC\Installer::installApp`)

This fails however when the version is actually cached. Because in step 1 the cached version will be set to "0" and then be reused in the second step.

While this is probably not the cleanest version I assume this is an approach that is least invasive. Feedback and suggestions welcome :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-09 18:01:45 +01:00
Lukas Reschke 7cb0df28e2
Prevent downgrade attacks for apps
We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature.

Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-11 18:53:26 +01:00
Joas Schilling 2f7e291101
Correctly catch the "soft errors" now
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-09 10:30:19 +01:00
Joas Schilling 224dfaf1e6
Use a better error message and point the users to the support channels
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-09 09:10:32 +01:00
Lukas Reschke 0eeef26a8e
Add tests for installer method
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 19:39:35 +01:00
Lukas Reschke 086d43f26d
Move to non-static version
The static version is used nowhere in the code and just decreases coverage

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 18:42:19 +01:00
Lukas Reschke d805df7bb3
Use findAppInDirectories
The other function doesn't work if the appstore is disabled

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:30:02 +01:00
Lukas Reschke 8acb54aa0b
Add update support
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:47 +01:00
Lukas Reschke 3e6dd86ee4
Add support for CRL
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:46 +01:00
Lukas Reschke 0e2aee2be6
Replace with exception instead of boolean return value
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:46 +01:00
Lukas Reschke ca7f6dec55
Make non-static
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:45 +01:00
Lukas Reschke 32cf661215
Use new appstore API
This change introduces the new appstore API in Nextcloud.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:44 +01:00
Joas Schilling 356ac5d42f
Add app name to the call
Regression from 69b063f4c6

Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-10 16:34:14 +02:00
Arthur Schiwon ac04ba6784
register app autoload instead of loading apps 2016-08-12 13:23:14 +02:00
Arthur Schiwon ce6ad5de25
make sure shipped apps also setup their admin settings on a fresh install 2016-08-11 16:37:11 +02:00
Arthur Schiwon 0fc34c99f4
fix registration of admin settings and section on app install 2016-08-11 00:45:15 +02:00
Arthur Schiwon ceeb44bd04
Initial work on Apps page split:
* interfaces for the Admin settings (IAdmin) and section (ISection)
* SettingsManager service
* example setup with LDAP app
2016-08-09 18:05:09 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Morris Jobke e95c15e53a
fix more strings 2016-06-20 13:14:24 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Joas Schilling db16dc6644
Correctly register autoloading before install.php and loading commands 2016-05-11 11:18:00 +02:00
Thomas Müller 71fa0a75bf
Allow declaration of background jobs in info.xml 2016-05-03 08:58:12 +02:00
Roeland Jago Douma c96ed5c4ce
Move OC_Archive to \OC\Archive\Archive
* Move out of legacy folder
* Move to proper namespace
* Fix calling code
2016-05-02 19:34:32 +02:00
Thomas Müller 5e055ca6c1
Move uninstall repair step execution to the correct place 2016-05-02 09:22:26 +02:00
Thomas Müller f91e5f87d2
Fix installer file location 2016-05-02 09:06:19 +02:00