Commit Graph

68 Commits

Author SHA1 Message Date
Christoph Wurst 1b46621cd3
Update license headers for 18
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-20 09:23:25 +01:00
Roeland Jago Douma 5d9fd7ba0c
Merge pull request #16792 from MichaIng/patch-1
Harden data and config protection .htaccess
2019-12-19 11:26:12 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
MichaIng 4384806f61
Merge branch 'master' into patch-1 2019-12-04 12:42:55 +01:00
Roeland Jago Douma c106a9d293
Set last-password-confirmation for setup
Else you have to enter your password directly after setup if you do
anything admin worthy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-03 19:31:31 +01:00
Arthur Schiwon cdf8c16942
reformat Setup.php
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-25 14:01:25 +01:00
Arthur Schiwon 7ff15c9756
fix documentation, get and createGroup may return null
* also have stricter checks in place

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-25 14:01:25 +01:00
MichaIng 5afd7abf44
Add missing newlines to .htaccess
Signed-off-by: MichaIng <micha@dietpi.com>
2019-10-31 20:15:49 +01:00
MichaIng c7e66ec848
Add "Order" to assure that no parental "Allow" can grant access
Signed-off-by: MichaIng <micha@dietpi.com>
2019-09-26 12:38:58 +02:00
MichaIng 51a35bb1cb
Minor syntax
+ Use Apache syntax with cases according to official docs: https://github.com/nextcloud/server/pull/16792/files#r315207691
+ Add missing whitespace for concatenating strings to variable: https://github.com/nextcloud/server/pull/16792/files#r315207520
+ Apache 2.5 will be released as 2.6: https://github.com/nextcloud/server/pull/16792/files#r315206147

Signed-off-by: Micha Felle <micha@dietpi.com>
2019-08-19 15:50:48 +02:00
MichaIng 01b558c8b4
Update lib/private/Setup.php
+ Remove unnecessary spaces from code

Co-Authored-By: Daniel Kesselberg <mail@danielkesselberg.de>
2019-08-19 15:29:48 +02:00
MichaIng dcbf8fa8e3
Harden data protection .htaccess
+ Set "Satisfy All" whenever available, as well on Apache 2.4+. This is required to override possible "Satisfy Any" on parent dir, which otherwise would allow direct access to data, regardless of "Require" directive.
+ Set "Deny from all" as well whenever available, to block access regardless of which access control directive takes priority.
+ Assume Apache 2.2 only, if mod_authz_core and mod_access_compat are both not available, to avoid doubled directives. In this case set "Deny from all" directive only if the providing mod_authz_host module is available. "Satisfy" is a core directive on Apache 2.2.
+ Update Apache version strings. Regarding the used directives/modules, Apache 2.4 and 2.5 behave the same.
+ Add ordering spaces to better reflect the nested directives and to match style of other .htaccess files.

Fixes: https://github.com/nextcloud/server/issues/6449

Signed-off-by: Micha Felle <micha@dietpi.com>
2019-08-19 15:09:44 +02:00
Julius Härtl 3ef1780646
Allow to access source maps on apache
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-06-19 09:54:49 +02:00
Bjoern Schiessle bdf48d8b4e
make sure that the ocm end-point discovery /ocm-provider is not redirected to the index.php
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2019-02-20 10:35:14 +01:00
Julius Härtl b9f2ce2796
Fix loading of .woff2 files in .htaccess
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-11-18 11:02:20 +01:00
Morris Jobke 8ede3f6346
Merge pull request #11446 from nextcloud/bugfix/10678/pretty-urls-dont-work
Allow overwrite.cli.url without trailing slash
2018-10-02 23:39:30 +02:00
Daniel Kesselberg a4eb3ee508
Validate email in occ command
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-02 22:24:30 +02:00
Daniel Kesselberg 13877c2d20
Use setUserValue instead setEMailAddress because latter omits an changeUser events.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-02 22:24:30 +02:00
Daniel Kesselberg 6c805ec9ba
Add --admin-email to cli installer
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-02 22:24:30 +02:00
Daniel Kesselberg c275beeceb
Allow url without / for overwrite.cli.url
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-28 22:32:19 +02:00
Daniel Kesselberg 3b7ac0c94d
Change visibility to private
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-13 12:24:06 +02:00
Daniel Kesselberg 603a578a1c
Change return false to throw new
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-10 22:45:40 +02:00
Daniel Kesselberg 62c03beb1d
Extract logic for webroot into method and add test
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-10 22:33:35 +02:00
Roeland Jago Douma 253f962241
Add the job
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-14 13:25:55 +02:00
Dan Callahan 8797590099
Correct mistaken regex wildcard in .htaccess
Fixes #8578

Signed-off-by: Dan Callahan <dan.callahan@gmail.com>
2018-02-28 13:50:54 +00:00
Morris Jobke 4ee539fde8
Fix proper overwrite URL on CLI install
* regression from #7835

Steps

* having a my.config.php with a proper `overwrite.cli.url` and `htaccess.RewriteBase` set
* install with this
* before: short URLs where broken and you need to call `occ maintenance:update:htaccess` additionally to fix this
* after: occ install results in a proper htaccess like on stable13

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-07 11:40:35 +01:00
Robert Scheck 7583615bab Handle SSL certificate verifications for others than Let's Encrypt
Do no longer (wrongly) rewrite URLs like

  * http://example.net/.well-known/pki-validation/file.txt (Comodo)
  * http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust)
  * http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign)
  * http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy)
  * http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign)

for automated SSL certificate verifications. All (common commercial)
certificate authorities (CA) except Let's Encrypt (via ACME) seem to
use "pki-validation" rather "acme-challenge" for their domain control
validation (DCV).

Signed-off-by: Robert Scheck <robert@fedoraproject.org>
2018-02-05 15:33:42 +01:00
Morris Jobke 82869b6d81
Fix case when overwrite URL is empty during setup
Found while testing strict typing for PHP 7+.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-15 11:15:38 +01:00
Morris Jobke 0e2f00ec59
Get the Installer via DI
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-25 12:00:57 +01:00
Morris Jobke 732c951ae1
Revert "Only allow colons in db host for IPv6 addresses"
This reverts commit 1287d6ddb3.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-08 10:47:35 +01:00
Morris Jobke 4866314ce0
Run updated license header updater
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-07 13:47:42 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Roeland Jago Douma e2139d4b56
Add logrote as a default background job
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 08:28:06 +02:00
Joas Schilling fe3b2385ab
Code clean up
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-26 14:27:42 +02:00
Joas Schilling 1287d6ddb3
Only allow colons in db host for IPv6 addresses
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-26 14:20:04 +02:00
Roeland Jago Douma ede15f0988
Fix L10N::t
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
Morris Jobke 0de90cfc67 Fix 403 and 404 redirect
* Nextcloud is not properly loaded in the standalone version (especially the theming)
* it is already not listed anymore in the Nginx config (see nextcloud/documentation#392)
* the index.php-free version doesn't support this

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-26 16:30:09 +02:00
Joas Schilling 5e04254d40
Install from migrations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-25 12:47:37 +02:00
Joas Schilling 15eec7b83c Start migrations
Fixme:
- Install and update of apps
- No revert on live systems (debug only)
- Service adjustment to our interface
- Loading via autoloader

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:01:19 +02:00
Lukas Reschke ccd0ded812
Don't redirect requests to /core/img/manifest.json
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-09 00:02:37 +02:00
Lukas Reschke 47cd976035
Add app bundles
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:49 +02:00
Morris Jobke 5b4adf66e5
Move OC_Defaults to OCP\Defaults
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Morris Jobke edd55b0ea9
Use SystemConfig instead of AllConfig for DB stuff
* preparation for followup PRs to clean up the DB bootstrapping

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 15:53:49 -06:00
Morris Jobke d99ce3971b
Namespace and array syntax fixes
* minor fixes in preparation of a bigger DB and config PR

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 14:52:54 -06:00
Frank Isemann 3c18096812 Serve robots.txt if the RewriteBase is configured 2017-03-06 21:55:29 +01:00
KB7777 7347849bf9 Update Setup.php 2017-02-24 12:13:26 +01:00
Morris Jobke 254c98bb9e Merge pull request #3576 from robert-scheck/timezone
According to issue #3553, the default logtimezone is always UTC
2017-02-23 15:36:50 -06:00
Robert Scheck 568ff4ba38 According to issue #3553, the default logtimezone is always UTC
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
2017-02-23 00:15:45 +01:00
Robert Scheck 25a2cb8c6e Only request "IndexIgnore" if mod_autoindex is loaded
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
2017-02-20 13:09:15 +01:00
Morris Jobke d548329543
Set vendor during install
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-09 23:37:00 -06:00