Commit Graph

47 Commits

Author SHA1 Message Date
Lukas Reschke 8ce3d6ea57 End processing when file is not found
We have to end the processing when a file is not found or otherwise the method is proceeding and even sending invalid file paths to the sendfile methods.

Due to nginx preventing directory traversals this is luckily not immediately exploitable. We should for hardening purposes however quit the script execution just as we do for 403 cases and others as well.
2015-05-22 11:53:02 +02:00
Bjoern Schiessle 887be709f5 a new approach to display the error message 2015-05-18 10:15:17 +02:00
Thomas Müller 00338f9dca Removing files_encryption left overs 2015-04-07 13:30:28 +02:00
Thomas Müller 3bf269e565 Merge pull request #15229 from owncloud/response-setContentLengthHeader
Add OC_Response::setContentLengthHeader() for Apache PHP SAPI workaround...
2015-04-03 22:51:36 +02:00
Robin McCorkell ab991458ad Require minimum 1 MiB upload limit 2015-03-27 23:43:35 +00:00
Thomas Müller a8b756154a Merge pull request #14495 from owncloud/update-mailmap-01
Updating .mailmap
2015-03-26 17:17:18 +01:00
Andreas Fischer 0f58315543 Add OC_Response::setContentLengthHeader() for Apache PHP SAPI workaround.
Do not send Content-Length headers with a value larger than PHP_INT_MAX
(2147483647) on Apache PHP SAPI 32-bit. PHP will eat them and send 2147483647
instead.

When X-Sendfile is enabled, Apache will send a correct Content-Length header,
even for files larger than 2147483647 bytes. When X-Sendfile is not enabled,
ownCloud will not send a Content-Length header. This prevents progress bars
from working, but allows the actual transfer to work properly.
2015-03-26 16:37:38 +01:00
Jenkins for ownCloud b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
dratini0 d4e5ef4f38 Removed simplified X-accel-redirect even further 2015-03-23 17:51:12 +01:00
dratini0 c432b52c74 Changed the disputed while loop to a single if. 2015-03-23 16:12:03 +01:00
Morris Jobke 06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud 6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
dratini0 10e13b172a Extending the X-accel redirect functionality with a more scalable approach. 2015-02-11 22:19:22 +01:00
dratini0 b1594ad1df Revert "Fix: X-Accel-Redirect did not support custom data dir and local mounts"
This reverts commit f2075f803f.
2015-02-11 22:19:22 +01:00
dratini0 80032ec301 Revert "removed a little duplication"
This reverts commit 31970ee740.
2015-02-11 22:19:22 +01:00
dratini0 31970ee740 removed a little duplication 2014-12-30 22:36:13 +01:00
dratini0 f2075f803f Fix: X-Accel-Redirect did not support custom data dir and local mounts 2014-12-30 22:07:04 +01:00
Joas Schilling 8e28bf012c Move constants from GET_TYPE to OC\Files so they can be autoloaded 2014-11-26 12:56:54 +01:00
Lukas Reschke b3a04840b5 Add type hinting to functions
It's only reasonable to have proper type hinting here which might even help us to catch bugs.
2014-10-24 14:13:40 +02:00
Lukas Reschke 8fc1a9f5a9 Make 404 page easier to understand
Fixes https://github.com/owncloud/core/issues/11133
2014-09-17 22:57:32 +02:00
Lukas Reschke 312ed18d15 Use secure mimetype for content delivery
Adds some hardening against potential CSP bypassed.
2014-09-08 15:57:39 +02:00
Morris Jobke 57ef089aac drop allowZIPdownload and maxZIPSize as options 2014-06-02 16:29:03 +02:00
Robin McCorkell a7ae2e874a Squash 'a | b' into 'a|b', in /lib 2014-05-13 19:08:14 +01:00
Vincent Petry d16bb09aed Merge pull request #8045 from josh4trunks/nginx_x-accel_send_uri
Send URI instead of filepath to NGINX for X-Accel
2014-05-06 18:41:06 +02:00
Morris Jobke 623161b9a9 Merge pull request #8023 from flyser/master
Fix setting the max-upload-size for really large values.
2014-05-03 11:49:38 +02:00
Lukas Reschke 81c23b02da Link to previous directory 2014-04-16 21:10:14 +02:00
Lukas Reschke 2bda3f9ae0 Use direct link instead of JS
Due to our CSP policy this link won’t work as it it considered as
inline Javascript.

This commit replaces the link with a static link to the files app.

Reimplementation of #8067 - fixes #7742
2014-04-14 20:16:52 +02:00
josh4trunks 9b4643f386 Send URI instead of filepath to NGINX for X-Accel 2014-04-03 20:46:54 -07:00
Fabian Henze 7cdb16979a Fix setting the max-upload-size for really large values.
php can only parse filesize units up to gigabytes, not terabytes or petabytes.
2014-04-03 01:17:28 +02:00
Vincent Petry b48510c978 Use the correct resolve method to resolve file storage
When detecting whether the file to be downloaded is on external storage,
the correct path needs to be used.

It turns out that \OC\Files\View is needed to resolve the path correctly
relative to the user's home.
2014-03-26 18:14:35 +01:00
Thomas Müller b35cd54e87 Merge branch 'zipstreamer' of https://github.com/McNetic/owncloud_core into McNetic-zipstreamer
Conflicts:
	lib/private/files.php
2014-02-20 16:36:37 +01:00
Vincent Petry 952584e9c7 Merge pull request #7195 from owncloud/files-selectall
Do not send file list for select all on Download/delete
2014-02-19 14:33:24 +01:00
Scrutinizer Auto-Fixer adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00
Thomas Müller 9fac95c2ab Merge branch 'master' into scrutinizer_documentation_patches
Conflicts:
	lib/private/appconfig.php
2014-02-14 23:03:27 +01:00
Vincent Petry d5397d813c Do not send file list for select all on Download/delete
- When all files are selected, do not send the whole file list
- Download will trigger download for the parent folder, also works
  with root
- Delete will send "allfiles" to the server that will find the file
  list or the passed directory by itself
2014-02-13 20:28:52 +01:00
Vincent Petry 788c8540aa Added isLocal() method to storage, used for xsendfile
Added isLocal() method to Storage to find out whether the storage is
local or not.
This method is used for the x-sendfile logic to find out whether to add
the headers.
2014-02-06 20:53:15 +01:00
Jörn Friedrich Dreyer 2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Nicolai Ehemann 99ad4e8000 switched zip file creation to ZipStreamer to create zip files directly in memory 2014-01-22 12:49:52 +01:00
Nicolai Ehemann 791772abea refactored/cleaned up lib/files.php
cleaned up get() logic
fixed get() to only send headers if requested (xsendfile could get in the way)
do no longer readfile() when already using mod_xsendfile or similar
2014-01-22 11:53:03 +01:00
Jörn Friedrich Dreyer 267e1f3c40 use 'download.zip' as default name for zip downloads instead of 'owncloud.zip' 2014-01-21 12:41:10 +01:00
Nicolai Ehemann 66aa9b4e27 lib/files.php: make use of === instead of == 2014-01-18 15:16:17 +01:00
Vincent Petry 409b510889 Moved content disposition code+workarounds to OCP\Response
Added new OC\Response API called setContentDispositionHeader() that
contains the needed workarounds for UTF8 and IE.

Refactored download code to use the new API.

Removed unused trashbin download file.
2013-12-10 12:42:26 +01:00
Bart Visscher 4c8bc61753 XSendfile and encryption don't work together
The file on disk is encrypted, and not readable on client systems
2013-12-06 17:59:59 +01:00
Thomas Müller f2fe47bc21 fixing spelling and restructure sentence 2013-11-21 09:59:21 +01:00
Vincent Petry 726a202cdb Fixed getLocalFile() condition for x-send-file
Until now, addSendfileHeader() was called even when no x-send-file
headers were set. Even though the method itself doesn't do anything,
a call to getLocalFile() was done and would trigger a full download
when using external storage.

Additionally, the storage resolution code is wrong and always
returns the local storage of the root filesystem, which caused the code to
be run anyway.

This commit fixes both issues.
2013-11-20 14:33:59 +01:00
Vincent Petry 614e4d485c External storage space is now not counted in total space
Added argument to getFileInfo() to disable adding the size of
mountpoints to a directory's size.

Fixes #5924
2013-11-18 18:09:01 +01:00
Thomas Müller 9c9dc276b7 move the private namespace OC into lib/private - OCP will stay in lib/public
Conflicts:
	lib/private/vcategories.php
2013-09-30 16:36:59 +02:00