Commit Graph

13744 Commits

Author SHA1 Message Date
Björn Schießle 5b4cea4b36 Merge pull request #275 from nextcloud/master-sync-upstream
[Master] Sync upstream
2016-07-01 18:31:51 +02:00
Lukas Reschke 76c73d5ec3 Match on 405 2016-07-01 15:19:21 +02:00
Lukas Reschke 4ac9eaab03 Match for /../ 2016-07-01 15:01:48 +02:00
Lukas Reschke 5b65591d84 Do not allow directory traversal using "../"
We should not allow directory traversals using "../" here.

To test access the following URL once with and then without this patch:

http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
2016-07-01 13:36:05 +02:00
Lukas Reschke 179a355b2c Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-07-01 11:36:35 +02:00
Jenkins for ownCloud 2d2d2267f7 [tx-robot] updated from transifex 2016-07-01 01:57:04 -04:00
Björn Schießle 8e002b6155 Merge pull request #255 from nextcloud/dav-permission-check
add some additonal permission checks to the webdav backend
2016-06-30 14:41:23 +02:00
Bjoern Schiessle 26e14529be fix error message 2016-06-30 13:50:31 +02:00
Lukas Reschke 149218ead9 Fix tests 2016-06-30 13:46:08 +02:00
Lukas Reschke c771368c4e Add proper throws PHP docs 2016-06-30 13:19:50 +02:00
Lukas Reschke 1e7f0f7341 Add required $message parameter 2016-06-30 13:17:53 +02:00
Bjoern Schiessle 1b74cf72fb check permissions before rollback 2016-06-30 11:27:25 +02:00
Bjoern Schiessle 3571207bd9 add some additonal permission checks to the webdav backend 2016-06-30 11:16:49 +02:00
Vincent Petry 5cfbb9624f Prevent infinite loop in search auto-nextpage
When loading the next page of search results, make sure that the loop
can end if there are no more elements in case the total doesn't match.

Also added a check to avoid recomputing the search results whenever the
setFilter() is called with the same value. This happens when navigating
away to another folder, the search field gets cleared automatically and
it calls FileList.setFilter('').
2016-06-30 11:10:48 +02:00
Jenkins for ownCloud 1b9fa4dd5f [tx-robot] updated from transifex 2016-06-30 01:55:56 -04:00
Morris Jobke 409672d981 Fix update notification text
* thanks to ungesundes_halbwissen @ transifex
2016-06-29 16:05:51 +02:00
Vincent Petry c8fbe39801 Merge pull request #25288 from owncloud/fix-versionrevertperms
Hide revert button when no permission to revert
2016-06-29 12:51:39 +02:00
Björn Schießle 5ace6b53f3 get only vcards which match both the address book id and the vcard uri (#25294) 2016-06-29 12:13:59 +02:00
Jenkins for ownCloud 2b0f053126 [tx-robot] updated from transifex 2016-06-29 05:52:18 -04:00
Bjoern Schiessle 5f6944954b get only vcard which match both the address book id and the vcard uri 2016-06-28 16:11:06 +02:00
Vincent Petry f22af90c09 Hide revert button when no permission to revert 2016-06-28 13:00:58 +02:00
Morris Jobke b6397ef73a Merge pull request #236 from nextcloud/master-sync-upstream
[Master] sync upstream
2016-06-28 09:02:03 +02:00
Jenkins for ownCloud 894b7d93f6 [tx-robot] updated from transifex 2016-06-28 01:57:10 -04:00
Marius Blüm 52f6d97e4e Merge pull request #235 from nextcloud/fix-app-code
Add app:check-code for already compatible apps
2016-06-27 23:02:32 +02:00
Robin Appelman 2a72eff9ee Fix getting the certificate bundle for dav external storage (#25274)
* Fix getting the certificate bundle for dav external storages

* Log the original exception in dav external storage
2016-06-27 22:26:43 +02:00
Robin Appelman 88ef163276 handle unavailable fed shares while testing for availability (#25277)
* More explicit http status codes

* handle unavailable fed shares while testing for availability
2016-06-27 21:34:28 +02:00
Georg Ehrke 3c399be6ec fix a ImageExportPlugin Test (#25215) 2016-06-27 21:26:56 +02:00
Lukas Reschke e0445856b9 Merge pull request #59 from nextcloud/theming-app
Theming app
2016-06-27 21:14:40 +02:00
Lukas Reschke cd74ad55e4 Only save when value changed or enter is pressed 2016-06-27 20:46:12 +02:00
Lukas Reschke a08c4a2b13 Add tooltip 2016-06-27 20:36:23 +02:00
Lukas Reschke 6670d37658 Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-06-27 18:23:00 +02:00
Morris Jobke cee2f5dc65 Merge pull request #233 from nextcloud/allow-users-to-change-global-credentials
Allow regular users to specify global credentials password
2016-06-27 17:03:19 +02:00
Morris Jobke 5961d5aae4 Add app:check-code for already compatible apps
* admin_audit, comments, federation
* removed not needed call to OC_Util::checkAdminUser() (is already
  done by the request handler before)
2016-06-27 16:50:10 +02:00
Lukas Reschke 341dabf300 Merge pull request #190 from nextcloud/add-wnd-1
Add "Login credentials" and "User Provided"
2016-06-27 16:15:31 +02:00
Vincent Petry f8fa031e9f Merge pull request #25273 from owncloud/ext-fixsessioncredentialsnolazyload
Quickfix: do not lazy load auth mechanisms for ext storages
2016-06-27 14:57:29 +02:00
Vincent Petry 1d4c61af47 Merge pull request #25237 from owncloud/search-filelistnextpageresults
Prerender file list pages to include search results
2016-06-27 13:46:25 +02:00
Lukas Reschke 1cd255af56
Allow regular users to specify global credentials password
While the UI is existent the feature simply doesn't work because admin privileges are required for the controller. This adds proper permission checks and also unit tests.

To test this:
1. Enable external storage
2. Login as non-admin user
3. Go to personal page and try to change global credentials
2016-06-27 12:29:27 +02:00
Vincent Petry 199c8e304c Merge pull request #25250 from owncloud/linkshare-includedeletewithuploadperms
Add explicit delete permission to link shares
2016-06-27 12:14:05 +02:00
Vincent Petry 0d3de20b02 Quickfix: do not lazy load auth mechanisms for ext storages
Some auth mechanisms like SessionCredentials need to register hooks
early, so they cannot be lazy loaded.
2016-06-27 10:50:10 +02:00
Lukas Reschke f7f86d61c4 Add comment to "getMailHeaderColor" 2016-06-27 10:48:28 +02:00
Lukas Reschke 51646bb3f6 Use stream instead of rename 2016-06-27 10:47:44 +02:00
Lukas Reschke 0a5c5d9b03 Replace OC_Defaults with \OC::$server->getThemingDefaults() 2016-06-27 10:34:08 +02:00
Jan-Christoph Borchardt 261396019d design and layout fixes for Theming app 2016-06-27 10:26:24 +02:00
Bjoern Schiessle 24144b16d0 make sure that the preview gets updated every time a new image gets uploaded 2016-06-27 10:26:24 +02:00
Bjoern Schiessle 79269427d7 scale preview image 2016-06-27 10:26:24 +02:00
Lukas Reschke 433e8ea123 Disable drop zone
Otherwise dropping something somewhere can by mistake upload the file and make it available
2016-06-27 10:26:23 +02:00
Lukas Reschke a0e92b5fb0 Fix indentation 2016-06-27 10:26:23 +02:00
Lukas Reschke 27b699bdbc Migrate logic to dynamic controller
Also adds support for having custom login backgrounds
2016-06-27 10:26:23 +02:00
Bjoern Schiessle cc321bc140 add some visual feedback if the operation was succesful or not 2016-06-27 10:26:22 +02:00
Bjoern Schiessle 10f6ca20bc write theme settings to database 2016-06-27 10:26:22 +02:00