Roeland Jago Douma
8c4c4b700f
Move workflowengine to compiled handlebars
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-15 14:55:25 +02:00
Patrick Conrad
1806baaeaf
Remove cookies from Clear-Site-Data Header
...
In 2f87fb6b45
this header was introduced. The referenced documentation says:
> When delivered with a response from https://example.com/clear , the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/ ).
This also applies if `https://nextcloud.example.com/ ` sends the `Clear-Site-Data: "cookies"` header.
This is not the behavior we want at this point!
So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.
Signed-off-by: Patrick Conrad <conrad@iza.org>
2018-10-15 14:46:06 +02:00
Roeland Jago Douma
6f835aff31
Merge pull request #11838 from nextcloud/bugfix/noid/fix-default-types-of-members
...
Fix default types of activity event member variables
2018-10-15 14:09:44 +02:00
Julius Härtl
b9a87a69cf
Use IAccountManager constants
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-10-15 13:30:31 +02:00
Julius Härtl
90cdd0a12a
Update autoloader
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-10-15 13:30:31 +02:00
Julius Härtl
9381e681a9
Add tests for new account api classes
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-10-15 13:30:31 +02:00
Julius Härtl
d05080f56a
Add \OCP\Account public API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-10-15 13:30:31 +02:00
Georg Ehrke
2db26d87c4
filter null values for UserManager::getByEmail
...
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-10-15 13:27:58 +02:00
Georg Ehrke
b83918ed6d
convert source column in calendarsubscription table to (long) text
...
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-10-15 13:16:31 +02:00
Björn Schießle
1ce8672276
Merge pull request #11714 from nextcloud/lookupserver-and-global-scale
...
always query the lookup server in a global scale setup
2018-10-15 12:14:04 +02:00
Joas Schilling
909745acfd
Fix default types of activity event member variables
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-15 11:45:17 +02:00
Morris Jobke
8177fdb0f6
Merge pull request #11765 from nextcloud/feature/mandatory-2fa-for-groups
...
Mandatory 2FA for groups
2018-10-15 10:58:05 +02:00
Roeland Jago Douma
d65438f931
Compile federationscope menu handlebars template
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-15 10:44:24 +02:00
Morris Jobke
e36d4a990d
Merge pull request #10439 from eugulixes/improve-encrypt-all-and-decrypt-all-commands
...
Check if TTY is invalid in encryption:encrypt-all and encryption:decrypt-all
2018-10-15 09:15:58 +02:00
Christoph Wurst
83e994c11f
Make it possible to enforce mandatory 2FA for groups
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-15 08:22:52 +02:00
Roeland Jago Douma
82a5833217
Merge pull request #11028 from nextcloud/feature/no_eval_csp
...
Move to stricter CSP
2018-10-14 21:17:43 +02:00
Roeland Jago Douma
056a74e323
Fix plural function to be hardcoded
...
No more weird eval to construct a plural function.
We just use the plural function from symfony.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-14 20:45:36 +02:00
Christoph Wurst
365f68372f
Use jQuery.getScript to dynamically load script
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-14 20:45:36 +02:00
Roeland Jago Douma
5b61ef9213
Disallow unsafe-eval by default
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-14 20:45:34 +02:00
Evgeny Golyshev
ec2f02f4a0
Check if TTY is invalid in encryption:encrypt-all and encryption:decrypt-all
...
Signed-off-by: Evgeny Golyshev <eugulixes@gmail.com>
2018-10-14 15:06:14 +03:00
Patrik Kernstock
0fca815b4d
Merge pull request #11782 from nextcloud/bugfix/11099/fix-htaccess-referrer
...
Add "Referrer-Policy" to htaccess file, addresses issue #11099
2018-10-13 18:17:22 +02:00
Roeland Jago Douma
78589a2f9b
Merge pull request #11802 from nextcloud/bugfix/noid/fix-password_by_talk-not-a-boolean
...
Fix a case where "password_by_talk" was not a boolean
2018-10-13 11:10:48 +02:00
Morris Jobke
24a2107e03
Fix a case where "password_by_talk" was not a boolean (e.g. null or "0") and actively cast it to a boolean
...
This was the error message that we have seen:
```
Argument 1 passed to OC\\Share20\\Share::setSendPasswordByTalk() must be of the type boolean, null given, called in apps/sharebymail/lib/ShareByMailProvider.php on line 981
```
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-12 17:01:54 +02:00
Morris Jobke
85694c6d76
Merge pull request #11771 from nextcloud/techdebt/noid/strict-activity-events
...
Make activity events strict
2018-10-12 16:28:26 +02:00
Bjoern Schiessle
1b0b159685
add more tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-12 16:11:48 +02:00
Roeland Jago Douma
a834e2742e
Merge pull request #11793 from nextcloud/dependabot/npm_and_yarn/settings/nextcloud-vue-0.2.0
...
Bump nextcloud-vue from 0.1.5 to 0.2.0 in /settings
2018-10-12 13:48:19 +02:00
Roeland Jago Douma
d9ffd6db4e
Rebuild settings
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-12 13:05:28 +02:00
dependabot[bot]
d2f6f5d98d
Bump nextcloud-vue from 0.1.5 to 0.2.0 in /settings
...
Bumps [nextcloud-vue](https://github.com/nextcloud/vue-components ) from 0.1.5 to 0.2.0.
- [Release notes](https://github.com/nextcloud/vue-components/releases )
- [Commits](https://github.com/nextcloud/vue-components/compare/v0.1.5...v0.2.0 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-10-12 10:29:41 +00:00
Joas Schilling
16817f3743
Make activity events strict
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-12 12:12:12 +02:00
Morris Jobke
b5753d0efa
Merge pull request #11759 from nextcloud/feature/11504/sharing-favicon
...
Use default favicon on sharing pages
2018-10-12 10:30:21 +02:00
Robin Appelman
ee84d83519
move versions webui over to the dav api
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-10-11 20:42:41 +02:00
Roeland Jago Douma
0afb0381e5
Merge pull request #11775 from nextcloud/followup/11769
...
3rdparty to master followup of #11769
2018-10-11 20:23:17 +02:00
Roeland Jago Douma
1fcb5db266
Merge pull request #11764 from nextcloud/fix/11637/sharedstorageroot
...
Do not pass '.' along as path
2018-10-11 20:18:44 +02:00
Patrik Kernstock
8cdd906d66
Add "Referrer-Policy" to htaccess file, addresses issue #11099
...
Signed-off-by: Patrik Kernstock <info@pkern.at>
2018-10-11 19:44:05 +02:00
Roeland Jago Douma
dd8350b3b3
Merge pull request #10778 from suntorytimed/patch-1
...
check for empty string
2018-10-11 19:05:38 +02:00
Julius Härtl
2538079876
Use default favicon on sharing pages
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-10-11 16:29:24 +02:00
Roeland Jago Douma
ce15c6c0b3
3rdparty to master followup of #11769
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 15:49:31 +02:00
Roeland Jago Douma
12f921f043
Merge pull request #11769 from nextcloud/3rdparty/remove/random_compat
...
Remove random_compat
2018-10-11 15:48:03 +02:00
Roeland Jago Douma
eed1e6e21c
Merge pull request #11766 from Birkenstab/feature/allow-same-origin-referrer-policy
...
Allow "same-origin" as "Referrer-Policy"
2018-10-11 15:24:17 +02:00
Joas Schilling
f48d5dc27e
Remove random_compat
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-11 14:45:11 +02:00
Roeland Jago Douma
51e96dc3f6
Normalize getUnjailedPath
...
Fixes #11637
If we do not normalize the unjailed path we might end up with a path
like files/user/folder/. which can break on objectstores
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 14:43:48 +02:00
Moritz Beck
b68661ed6e
Allow "same-origin" as "Referrer-Policy"
...
Fixes #11531
Although "same-origin" is more strict than e.g. strict-origin it showed up a warning in setupcheck
Based on https://scotthelme.co.uk/a-new-security-header-referrer-policy/
Signed-off-by: Moritz Beck <git@birkenstab.de>
2018-10-11 13:17:26 +02:00
Morris Jobke
6e56a7b31e
Merge pull request #11745 from nextcloud/ci/php73
...
Make php7.3 compatible
2018-10-11 12:23:10 +02:00
Morris Jobke
fe45db6ae2
Merge pull request #11744 from burned42/fix_percent_sign_breaking_all_files_view
...
Remove duplicate call to decodeURIComponent
2018-10-11 12:20:07 +02:00
Roeland Jago Douma
fa15c5e636
Merge pull request #11756 from nextcloud/ignore-session-lifetime-if-it-can-not-be-converted-to-a-number
...
Ignore "session_lifetime" if it can not be converted to a number
2018-10-11 11:42:41 +02:00
Roeland Jago Douma
87eefbd192
Add 7.3 CI to drone
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 11:20:48 +02:00
Roeland Jago Douma
f675698551
Allow php7.3
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 11:20:48 +02:00
Daniel Calviño Sánchez
c2916b62d3
Ignore "session_lifetime" if it can not be converted to a number
...
When "session_lifetime" can not be converted to a number the interval
becomes a NaN due to dividing it by 2. This NaN was "dragged" over all
the other mathematical operations and caused the csrftoken to be got
again and again due to an infinite loop with no pauses in "setInterval".
Now, the interval is set to the default value instead if the
"session_lifetime" can not be converted to a number.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-11 10:53:25 +02:00
Roeland Jago Douma
82d4732a01
Merge pull request #11750 from nextcloud/3rdparty/symfony-3.4.17
...
[3rdparty] Symfony-3.4.17
2018-10-11 10:33:13 +02:00
Roeland Jago Douma
9142e92814
[3rdparty] Symfony-3.4.17
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 09:27:05 +02:00