Roeland Jago Douma
df215625f1
Merge pull request #1972 from nextcloud/invalid-files-from-scanner
...
Make sure we don't scan files that can not be accessed
2016-11-22 12:55:54 +01:00
Morris Jobke
a02d0975dd
Merge pull request #2154 from nextcloud/comments-activities-update
...
Move comments activities to the new API
2016-11-22 09:56:22 +01:00
Joas Schilling
558f169671
Move the validation into one place only
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-21 09:23:37 +01:00
Morris Jobke
46768e71d9
Merge pull request #2076 from nextcloud/log_preview_access
...
Dispatch event on preview request
2016-11-18 20:45:29 +01:00
Robin Appelman
8b9ad46ba3
Merge pull request #768 from nextcloud/s3-objectstore
...
Add S3 objectstore backend
2016-11-18 14:55:07 +01:00
Morris Jobke
ccdf387041
Merge pull request #2184 from nextcloud/share-join-cache
...
Get the share root info directly when querying for shares
2016-11-18 11:33:33 +01:00
Julius Haertl
caacb6c261
Expose getAppPath to public API
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2016-11-17 19:24:24 +01:00
Robin Appelman
2f03fcab4a
let the share backend get the node cacheentry to save queries
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-17 18:48:38 +01:00
Robin Appelman
4235b18a88
allow passing a stream to StreamResponse
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:36 +01:00
Robin Appelman
c5df58ec69
phpdoc
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:28 +01:00
Robin Appelman
b56f2c9ed0
basic lockdown logic
...
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:23 +01:00
Joas Schilling
a845f7bc01
Fix wrong copyright headers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 12:20:04 +01:00
Joas Schilling
6b88d56e3a
Update the since version to 11.0.0
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:29:27 +01:00
Joas Schilling
b8958ee937
Fix activity manager tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
Joas Schilling
c2a5c1f2c6
Allow combining events
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
Joas Schilling
b2248efd75
Allow to register Providers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
Joas Schilling
72f0d9981e
Add ROS and icon support to the events
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
Joas Schilling
a366602961
Validate the input into Event already
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:44 +01:00
Joas Schilling
13ff56bfc5
Allow to register settings/types via info.xml
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:44 +01:00
Joas Schilling
280d5325c7
Allow to register activity filters via info.xml
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:40 +01:00
Morris Jobke
cb97cf559b
Merge pull request #2144 from nextcloud/fix_1303
...
Do not cache version info in the session
2016-11-15 23:13:53 +01:00
Roeland Jago Douma
f07d75a4dd
@since 9.2.0 to @since 11.0.0
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-15 18:51:52 +01:00
Roeland Jago Douma
7a8bf6ea26
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-15 18:10:17 +01:00
Roeland Jago Douma
99ada40df4
Dispatch event on preview request
...
Fixes : #73
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-10 14:28:09 +01:00
Robin Appelman
74024c8f28
fix phpdoc
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-09 16:59:03 +01:00
Joas Schilling
706b5c3fb6
Use a php class for the definitions to avoid loading problems
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-09 08:52:07 +01:00
Björn Schießle
1ad3043e4f
Merge pull request #1998 from nextcloud/share-by-mail-notification
...
add share by mail activity
2016-11-08 17:37:46 +01:00
Bjoern Schiessle
3bc643ec23
add new definition
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-08 15:42:07 +01:00
Bjoern Schiessle
087dab85b4
add activity for share by mail
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-08 15:42:07 +01:00
Donquixote
537d588726
refactoring code to reduce cyclomatic complexit
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-07 08:18:16 +01:00
Roeland Jago Douma
d720a2fb57
Moved over files_versions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-03 14:00:33 +01:00
Roeland Jago Douma
5466fbf761
Move Ipreview to more of DI thingy
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-03 14:00:33 +01:00
Lukas Reschke
6920e609c0
Adjust tests and DI for Share.php
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-02 23:26:49 +01:00
Christoph Wurst
d907666232
bring back remember-me
...
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Bjoern Schiessle
318160647a
add method to check if a share provider for a given type is loaded
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:39 +01:00
Roeland Jago Douma
5a00870a2b
Stricter signature
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-31 20:19:14 +01:00
Robin Appelman
3692769b0a
Add getShareTypesInFolder to optimize folder listening
...
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-10-31 15:55:40 +01:00
Roeland Jago Douma
e416ee7b74
Merge pull request #1937 from nextcloud/ros-for-notification-message
...
Allow rich object strings in messages as well
2016-10-31 11:51:02 +01:00
Joas Schilling
2c0b5dee19
Allow rich object strings in messages as well
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-31 10:37:37 +01:00
Roeland Jago Douma
d5159423cd
Removed depreacted functions (since 6.0)
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-29 14:27:12 +02:00
Roeland Jago Douma
740659a04c
Move away from OC_L10N
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Roeland Jago Douma
f722640a32
Proper DI of config
...
* Fixed comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 10:13:35 +02:00
Jörn Friedrich Dreyer
f8352fcb8d
introduce callForSeenUsers and countSeenUsers ( #26361 )
...
* introduce callForSeenUsers and countSeenUsers
* add tests
* oracle should support not null on clob
* since 9.2.0
2016-10-28 08:44:05 +02:00
Morris Jobke
d4969abc9d
Merge pull request #1800 from nextcloud/nextcloud-rich-object-strings
...
Nextcloud rich object strings
2016-10-27 15:30:58 +02:00
Morris Jobke
cde7f535bd
Merge pull request #1738 from nextcloud/comments-provide-displaynames-with-mentions
...
comment mentions: show displayname not uid
2016-10-26 14:02:49 +02:00
Morris Jobke
89574367bc
Merge pull request #1871 from nextcloud/use-csp-nonces
...
Use CSP nonces
2016-10-25 14:46:00 +02:00
Vincent Petry
44cf67accd
Storage 503 message improvements
...
"Storage not available" is now "Storage temporarily not available".
Exceptions are now logged in DEBUG level, not FATAL.
2016-10-24 15:43:15 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
...
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.
At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)
IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.
Implementing this offers the following advantages:
1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.
If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Robin Appelman
3a8e75a814
Allow 4byte unicode filenames on supported platforms
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-20 14:26:09 +02:00
Joas Schilling
cf2d1b2427
Move federated share notifications to ROS
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:59 +02:00