mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
28,825 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

200 Commits

Author SHA1 Message Date
Scrutinizer Auto-Fixer 453e1bf66e Scrutinizer Auto-Fixes 
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
 2015-12-07 15:43:36 +00:00
Thomas Müller 602b636d3e Merge pull request #20807 from owncloud/dont-append-redirect-url-if-user-is-already-logged-in 
Don't append redirect URL if user is logged-in
 2015-12-03 16:53:59 +01:00
Joas Schilling 44852ce324 Allow DI for OCP\Files\IMimeTypeDetector 2015-12-01 16:49:20 +01:00
Joas Schilling 3c5a6b829e Allow DI the system tag stuff without Application class 2015-11-30 17:08:29 +01:00
Lukas Reschke f4eb15d340 Show error template 
Otherwise this leads to an endless redirection in case of a CSRF exception. Also sets user expectation right.
 2015-11-30 11:25:52 +01:00
Thomas Müller bdbefe17d6 Merge pull request #20782 from mitar/better-https 
Also allow empty value for no-HTTPS
 2015-11-27 14:24:23 +01:00
Mitar 59511d97ee Also allow empty value for no-HTTPS. 
This makes it work better with old version of Nginx.
 2015-11-27 01:01:56 -08:00
Morris Jobke 7aed592957 Add full interface of server container as alias 2015-11-26 18:20:25 +01:00
Robin Appelman 2d7c9f0ba9 also match ie11 with Request::USER_AGENT_IE 2015-11-22 16:05:52 +01:00
Thomas Müller 358858c9e3 Fix undefined HTTP_USER_AGENT 2015-11-22 16:05:50 +01:00
Lukas Reschke daa388ce8d Move index.php from files to AppFramework 
1. Allows it to use the more secure CSP rules of the AppFramework.
2. Adds some unit tests.
 2015-11-16 21:10:11 +01:00
Robin Appelman d514200b56 Add escapeLikeParameter to IDBConnection 2015-11-05 16:41:30 +01:00
Lukas Reschke bafb86fb9f Use getHttpProtocol instead of $_SERVER 2015-10-30 18:05:30 +01:00
Lukas Reschke 8f09d5b67c Update license headers 2015-10-26 14:04:01 +01:00
Lukas Reschke 8133d46620 Remove dependency on ICrypto + use XOR 2015-10-21 17:33:41 +02:00
Morris Jobke a0743f12c6 Provide IAppContainer as dependency injection 2015-10-20 10:33:53 +02:00
Morris Jobke bf579a153f fix IE8 user agent detection 2015-10-09 11:19:06 +02:00
Thomas Müller 020bb33150 Merge pull request #19034 from owncloud/http-request-warning 
Prevent warning decoding content
 2015-10-08 21:51:47 +02:00
Thomas Müller 8d2c8cf2a2 Merge pull request #19607 from owncloud/use-url 
Use `/` if installed in main folder
 2015-10-08 13:01:41 +02:00
Lukas Reschke 6a4f22c61f Use `/` if installed in main folder 
Otherwise an empty string is used indicating the cookie is only valid for those resources. This can lead to eunexpected behaviour.

Fixes https://github.com/owncloud/core/issues/19196
 2015-10-06 15:24:19 +02:00
Lukas Reschke 80a232da6a Add \OCP\IRequest::getHttpProtocol 
Only allow valid HTTP protocols.

Ref https://github.com/owncloud/core/pull/19537#discussion_r41252333 + https://github.com/owncloud/security-tracker/issues/119
 2015-10-06 14:18:46 +02:00
Morris Jobke 8366ce2767 deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
Morris Jobke b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Jörn Friedrich Dreyer d81416c51d return '' instead of false 2015-09-23 12:32:49 +02:00
Joas Schilling ee75f9f594 Fix type hint errors in the container and the interface 2015-09-23 10:13:41 +02:00
Robin McCorkell 31a8949adf Prevent warning decoding content 2015-09-14 22:36:40 +01:00
Bernhard Posselt fd74522804 make resolve public to avoid boiler plate code 
add resolve to public interface
 2015-09-13 17:44:24 +02:00
Roeland Jago Douma f12caf930e Properly return 304 
The ETag set in the IF_NONE_MODIFIED header is wraped in quotes (").
However the ETag that is set in response is not (yet). Also we need to
cast the ETag to a string.

* Added unit test
 2015-09-01 11:04:41 +02:00
Robin McCorkell e60c4bada1 Decode request content only on getContent 2015-08-31 01:05:25 +01:00
Thomas Müller 534b2e407a Merge pull request #17662 from owncloud/locking-db 
Database backend for locking
 2015-08-26 03:56:37 +02:00
Lukas Reschke 8313a3fcb3 Add mitigation against BREACH 
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
 2015-08-14 01:31:32 +02:00
Thomas Müller abd3d5c6a5 Merge pull request #17982 from owncloud/appframework-sanitize-name 
Sanitize class names before registerService/query
 2015-08-12 12:19:24 +02:00
Robin McCorkell cd0a2874de Merge pull request #17852 from owncloud/register-alias-factory 
Add test for factories
 2015-08-11 13:30:56 +01:00
Robin McCorkell 8944af57cb Set default `forwarded_for_headers` to 'HTTP_X_FORWARDED_FOR' 2015-08-10 23:04:52 +02:00
Robin Appelman 58e96e53b0 add method to check if we're inside a transaction 2015-08-10 14:15:44 +02:00
Roeland Jago Douma f0b617b508 Use DI 
* Register OCP\Capability\IManager at DIContainer
* Add register capabilities to appframework
* Register capabilities in DI way
* Make unit test pass again
* Remove CapabiltiesManager from OCP
 2015-08-10 10:45:16 +02:00
Robin McCorkell fcc03e588a Add \OCP\ISession to AppFramework 2015-08-07 12:29:57 +01:00
Lukas Reschke 90a11efecd Remove "use" statement 
Ref https://bugs.php.net/bug.php?id=66773
 2015-08-05 09:31:21 +02:00
Lukas Reschke 4efa7c09b1 Use StringUtils::equals on CSRF token and add unit tests 2015-08-04 18:34:33 +02:00
Robin McCorkell 182bc17aeb Sanitize class names before registerService/query 
Leading backslashes are removed, so a `registerService('\\OC\\Foo')`
can still be resolved with `query('OC\\Foo')`.
 2015-07-30 21:02:16 +01:00
Bernhard Posselt d8673dabe3 add test for factories 
use ref for factory test

use a factory for registerAlias

Ensure we construct SimpleContainer

Use single instance of DIContainer in routing tests
 2015-07-25 01:59:30 +02:00
Thomas Müller 1f8ee61006 Merge pull request #17755 from owncloud/alias-container-alive 
Add registerAlias method to shortcut interface registration #17714
 2015-07-24 13:11:32 +02:00
Joas Schilling 20cd0ae55b Add a log message when the Doctrine Query Builder is retrieved 2015-07-21 15:53:28 +02:00
Joas Schilling 516f7e8299 Add unit tests and automatic quoting 2015-07-21 15:25:47 +02:00
Joas Schilling 1bfb944d51 Add QueryBuilder, ExpressionBuilder and CompositeExpression wrappers 2015-07-21 15:25:47 +02:00
Lukas Reschke 7dda86f371 Return proper status code in case of a CORS exception 
When returning a 500 statuscode external applications may interpret this as an error instead of handling this more gracefully. This will now make return a 401 thus.

Fixes https://github.com/owncloud/core/issues/17742
 2015-07-20 12:54:22 +02:00
Bernhard Posselt a4e3939204 add registerAlias method to shorcut interface registration 
remove unused import

add since tag

fix typo
 2015-07-18 13:43:54 +02:00
Thomas Müller bd71540c8a Fixing 'Undefined index: REMOTE_ADDR' - fixes #17460 2015-07-16 16:40:57 +02:00
Morris Jobke da45fad3eb Merge pull request #17078 from owncloud/fix-initial-server-host 
Fix undefined offset
 2015-07-01 08:55:12 +02:00
Morris Jobke f63915d0c8 update license headers and authors 2015-06-25 14:13:49 +02:00