a4a897d26d
Remove ability to trigger DEBUG mode via cookie
...
Users should not be able to enable debug mode on their own by setting a cookie. Using debug mode might leak too much information about the environment or have other unexpected behaviour.
We should backport this.
2014-08-15 11:21:56 +02:00
fd798fd982
update deprecation docs
2014-08-14 12:22:34 +02:00
54491e8c68
Merge pull request #10323 from gekmihesg/master
...
Load authentication backends before tryBasicAuth
2014-08-13 16:08:48 +02:00
578a57f0fb
Load authentication backends before tryBasicAuth
2014-08-10 13:29:32 +02:00
f2e20757f6
Fix checking of NULL or empty OC::$THIRDPARTYROOT/OC::$THIRDPARTYWEBROOT
...
Fixes #10065
2014-07-30 23:24:55 +02:00
521934ee0d
Merge pull request #10029 from owncloud/fix-thirdparty
...
Fix silent crash if 3rdparty dir is not available
2014-07-30 18:34:55 +02:00
eb9bd200fa
Replace exit with return
2014-07-30 14:03:31 +02:00
31e7fdb9bf
Fix silent crash if 3rdparty dir is not available
2014-07-30 14:03:31 +02:00
a8fbc709ce
Add registerAutoloaderCache().
2014-07-29 11:18:40 +02:00
9be8ac5867
Memcache\Factory: Remove static, use globalPrefix.
2014-07-29 11:14:36 +02:00
da391b8932
InstanceId is properly injected into factory. Remove comment.
2014-07-29 11:03:10 +02:00
a3411e3719
Merge pull request #9641 from owncloud/localuser-addressbook
...
ownCloud users are exported as address book
2014-07-28 12:18:56 +02:00
ec7a10f882
reorder if statements to remove negation, indentation correction
2014-07-25 19:39:29 +02:00
176ecbd311
ownCloud users are exported as address book
2014-07-24 17:35:02 +02:00
2594fb80aa
don't silently exit in cli-mode in case ownCloud in not yet installed
2014-07-24 13:45:06 +02:00
1c16d012ab
Remove uneeded `strip_tags`
...
This `strip_tags` seems to be completely unneeded and will cause problems with passwords containing stripped characters. (e.g. `<` or `>`)
Needs https://github.com/owncloud/core/pull/9735 to be merged first.
2014-07-19 10:17:24 +02:00
bfd59bddf4
Extract Auth Header logic into new function handleAuthHeaders().
2014-07-19 02:21:18 +02:00
fafed17c60
Deduplicate user/password extraction from alternative HTTP headers.
2014-07-19 02:06:37 +02:00
5d3e1bc023
Only calculate the WEBROOT from scriptName if it contains $SUBURI
...
If not we are most likely in CLI mode. However to be able to still
generate valid URLs, we need to use the overwrite webroot instead.
Fix #9490
2014-07-07 15:08:46 +02:00
3c45925e74
fix hook names
2014-07-03 13:52:58 +02:00
ae68a773c0
more strings to translate in utils also some fixes in defaults
2014-06-28 13:29:24 +02:00
a120d6e9a3
Bring back loadApps() in base.php
...
loadApps() had been deleted by mistake in
799205488c
2014-06-24 17:37:58 +02:00
799205488c
Prevent loadApps on upgrade
...
Moved OC::needUpgrade() to OCP\Util::needUpgrade() to make it accessible
form the router.
Moved maintenance + upgrade check to the router.
2014-06-18 11:10:07 +02:00
d4bdcb7a9b
Merge pull request #9047 from owncloud/fix_preload_fundamental_apps
...
Load fundamental apps, before any possible customizing app may follow
2014-06-18 07:29:04 +02:00
f2fc214ce0
Add deprecation notice to load* functions
...
This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way.
Port of https://github.com/owncloud/core/pull/9033
2014-06-16 20:33:04 +02:00
7b704eeb5e
Load fundamental apps, before any possible customizing app may follow
2014-06-16 13:12:21 +02:00
63c5c7bd21
set logger before registrate to an error handler
2014-06-09 10:02:23 +02:00
289accc31b
Merge pull request #8159 from owncloud/mobile-sidebar-swipe
...
Mobile sidebar swipe
2014-06-06 11:27:04 +02:00
9e56acbdc9
add snap.js script
2014-06-05 11:52:17 +02:00
7c4abce373
Move authentication to it's own call
2014-06-05 11:45:45 +02:00
ac7fb1b23e
Remove legacy routing code
...
The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application.
This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app.
Testplan:
[x] Installation works
[x] Login with DB works
[x] Logout works
[x] Login with alternate backend works (tested with user_webdavauth)
[x] Other apps are accessible
[x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled)
[x] Personal settings are accessible
[x] Admin settings are accessible
[x] Sharing files works
[x] DAV works
[x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications
2014-06-05 11:45:45 +02:00
1c20c72efe
Merge pull request #8620 from owncloud/design-navigation-two
...
Toggle app navigation not only on mobile, but on desktop as well
2014-06-05 10:53:22 +02:00
95fda3c17c
Do not load apps when upgrade is needed
...
This prevents routes like "core/js/oc.js" to automatically load apps and
trigger their update prematurely.
2014-06-04 18:52:52 +02:00
35308f5b09
hide navigation by default, not only on small screens, first step
2014-06-04 14:29:46 +02:00
ade6ed3797
Merge pull request #8701 from owncloud/slide-up-toggle
...
Create reusable data attribute for apps setting slideup
2014-06-04 11:31:04 +02:00
a244172219
Merge pull request #8853 from owncloud/design-typeface
...
Use Open Sans as typeface
2014-06-04 11:16:03 +02:00
6b2b903ea6
Merge pull request #8468 from owncloud/remove-infieldlabels
...
Remove infieldlabels
2014-06-04 09:28:20 +02:00
3a1994d001
Merge pull request #8686 from owncloud/session-early
...
Make the session available as early as possible
2014-06-03 19:23:30 +02:00
80627dfd2c
use Open Sans as typeface
2014-06-03 19:07:08 +02:00
cea7d4961e
move to updated version of placeholder
2014-06-03 16:18:06 +02:00
7177d3a496
first step of infield label removal, fix login screen
2014-06-03 15:28:59 +02:00
3e14affa9b
Add some comments
2014-06-03 10:57:18 +02:00
4e957c7b18
Merge pull request #8443 from owncloud/csrf-on-login-and-logout
...
Add CSRF check on login and logout
2014-06-02 11:27:20 +02:00
705242d390
Merge pull request #8727 from owncloud/upgrade-overview
...
Added update overview page
2014-05-29 21:28:47 +02:00
ce9d5df6df
Merge pull request #8681 from owncloud/logintimestamp
...
Record login timestamp per user. Required for new user managament.
2014-05-28 19:06:47 +02:00
f03a3d9d05
remove legacy OC_Filesystem being used in a hook callback
2014-05-28 00:13:54 +02:00
02f682b156
Now showing disabled apps as upgrade status line
...
- Added app id in update overview.
- Added status message for disabled app for CLI upgrade and web upgrade
2014-05-27 15:20:33 +02:00
146583a98d
Added update overview page
2014-05-27 14:53:08 +02:00
c2330e558e
rename to apps.js
2014-05-26 17:31:41 +02:00
c03e7fcfa9
Clarify comment
2014-05-24 10:24:42 +02:00
db1511a11d
add a slideup mechanism
2014-05-23 18:49:16 +02:00
8b56d52398
Make the session available as early as possible
2014-05-23 13:27:27 +02:00
2c89962919
clean up tryRememberLogin and save the timestamp of users last login
2014-05-21 18:03:37 +02:00
954d5b27ff
use custom logfile path if defined, otherwise use default of owncloud.log in data directory
2014-05-20 11:29:59 -04:00
f8cb8f4803
Merge branch 'master' into csrf-on-login-and-logout
...
Conflicts:
core/templates/login.php
2014-05-19 20:40:55 +02:00
dc36d30953
Remove all occurences of @brief and @returns from PHPDoc
...
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
04e6c12fe2
Merge pull request #8557 from owncloud/custom_session_handling
...
Allow apps to create custom session handlers.
2014-05-19 15:58:30 +02:00
bd3bf4b507
Change parameter order of implode
2014-05-13 19:08:14 +01:00
75bc25f906
Allow apps to create custom session handlers.
2014-05-12 11:08:28 -04:00
3cd32dcb7c
adding X-Robots-Tag to all responses of ownCloud + move addSecurityHeaders() to OC_Response, which seems to be a more reasonable place
2014-05-12 15:14:01 +02:00
fd5b2d11d6
Rename issubdirectory to isSubDirectory
2014-05-11 15:50:59 +02:00
e1e1009ccc
Redirect to index if the logout link is accessed without valid session
...
This is needed to prevent "Token expired" messages while login if a session is expired
@see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
2014-05-11 13:09:46 +02:00
73b914ddbc
Add CSRF check on login and logout
...
This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
2014-05-04 13:56:21 +02:00
906061a07b
Merge pull request #8171 from owncloud/fix-import
...
be nice and use a relative import so people can use the class without fi...
2014-05-02 22:43:19 +02:00
7c0340c63c
Merge pull request #7852 from josh4trunks/basic_auth_fix
...
Fixes login / logout when HTTP Basic Headers are avilable.
2014-04-28 21:46:52 +02:00
6935364b33
add class Pimple to autloader
2014-04-28 20:57:44 +02:00
1d9ac38da6
Remove an added t by the github webeditor
...
Notice to myself: Stick to my IDE.
2014-04-27 16:41:09 +02:00
7a8bfeae6e
Grammatical fixes
2014-04-27 16:31:04 +02:00
b6612ef04a
Clarify the trusted_domain error page
2014-04-26 23:11:29 +02:00
ff0dab6e92
This adds one more missing untranslated text from lib/share
...
Also displays the untrusted domain warning in English
2014-04-24 01:42:18 +02:00
e88731a477
Some more PHPDoc fixes
2014-04-21 15:44:54 +02:00
c123dc7de4
Fix typo
...
Thanks @DeepDiver1975
2014-04-14 10:15:31 +02:00
387d46cb98
Typo + Line breaks
2014-04-13 12:54:26 +02:00
df67a04385
Move security headers to base.php
...
Some headers were currently only added to the templates but not to other components (e.g. SabreDAV / JSON / etc...)
The migration to base.php ensures that the headers are served to all requests passing base.php
2014-04-13 11:51:03 +02:00
647abe512b
reduce code duplication, fix parse error, prevent page reload on hitting enter while changing the display name - refs #8085
2014-04-07 14:04:16 +02:00
5b402aa846
Fixed Typo
2014-04-03 22:12:57 -07:00
a266144750
Don't always $cookie_path, only set it when needed
2014-04-03 22:12:57 -07:00
d1106f1749
cookie would be useless if value is not set
2014-04-03 22:12:57 -07:00
63df8354da
Don't to set the cookie it wasn't needed.
2014-04-03 22:12:57 -07:00
4ddf5d92f2
Fixes login / logout when HTTP Basic Headers are avilable.
2014-04-03 22:12:57 -07:00
d0012e729a
Merge pull request #7879 from owncloud/sharing_cleanup_public_api
...
sharing api cleanup, first step
2014-03-28 12:23:11 +01:00
5fa8f7cf12
Merge pull request #7107 from owncloud/load-apps-proper-master
...
Load apps proper master
2014-03-28 10:33:55 +01:00
b602662578
add a "helper" and a "hooks" class. Move constants needed by multiple classes
...
to a "constants" class
2014-03-25 17:47:24 +01:00
4c8a83e82f
Merge pull request #7714 from owncloud/phpunit-config
...
Allow setting the config dir to use as enviroment variable for phpunit
2014-03-24 13:01:37 +01:00
96e6cb3db4
all authentication apps are loaded at first - everything else relies on these apps
2014-03-21 15:00:25 +01:00
6ff96b34ad
Merge branch 'master' into load-apps-proper-master
...
Conflicts:
apps/files/ajax/rawlist.php
cron.php
ocs/v1.php
2014-03-21 14:05:08 +01:00
36c0f08ec0
Merge pull request #7732 from owncloud/datafolderexistence
...
Added .ocdata file to check for data folder validity
2014-03-20 11:31:28 +01:00
756bbe8786
Merge pull request #7649 from owncloud/routing-public
...
Move routing classes to an interface and expose it in the public api
2014-03-17 21:07:05 +01:00
b619ff6076
Return 503 when a config/data dir error exists
2014-03-14 21:05:15 +01:00
a8eb7a5092
Allow setting the config dir to use as enviroment variable for phpunit
2014-03-13 13:33:09 +01:00
8048868bd7
use preDelete instead of postDelete hook
2014-03-13 03:14:42 +01:00
26793e1f94
switch OC::getRouter usages to OC::$server->getRouter
2014-03-10 14:06:47 +01:00
8ab7d18a6a
Move the router classes to a namespace and expose it with a public interface
2014-03-10 14:04:58 +01:00
ba3f5fe53a
Merge pull request #7583 from owncloud/trusteddomainerrorpage
...
[master] Show warning page when accessing server from an untrusted domain
2014-03-07 10:37:16 +01:00
421cff00bd
Show warning page when accessing server from an untrusted domain
...
Added early check for the requested domain host and show a warning
page if the domain is not trusted.
2014-03-06 11:51:08 +01:00
32b29c9d73
Merge branch 'master' into fix-7307
...
Conflicts:
core/js/router.js
settings/js/admin.js
2014-03-06 00:15:08 +01:00
1291303c5a
Replace OC.Router.generate() with OC.generateUrl()
2014-03-02 22:30:24 +01:00
da19109f40
Config to disable basic_auth username chacking
...
This can be confusing and/or annoying
2014-02-26 18:06:13 +01:00
7f05c23231
Merge pull request #3760 from IMM0rtalis/remove_logout_redirect_slash
...
- removed slash-adding for logout-header-redirect
2014-02-26 16:05:09 +01:00
27ad69eea5
Merge branch 'master' into no-css-js-delivery-via-php
2014-02-21 14:01:24 +01:00
Lukas Reschke
Jörn Friedrich Dreyer
blizzz
gekmihesg
marc0s
Morris Jobke
Victor Dubiniuk
Andreas Fischer
Thomas Müller
Lukas Reschke
Joas Schilling
Bjoern Schiessle
Volkan Gezer
Vincent Petry
Jan-Christoph Borchardt
Bernhard Posselt
Morris Jobke
Robin Appelman
Bernhard Posselt
scolebrook
Robin McCorkell
ringmaster
josh4trunks
icewind1991
Georg Ehrke
kondou
Bart Visscher