Commit Graph

109 Commits

Author SHA1 Message Date
Lukas Reschke 2d52cc9fe0
10.0 beta it is 2016-07-21 00:32:43 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Robin Appelman 29eeeb2273 Save the files external mount id in the mount cache table 2016-07-13 16:34:08 +02:00
Daniel Molkentin c3b600b934 fix version string 2016-06-29 15:11:48 +02:00
Daniel Molkentin 4a43fbfb5e 9.1.0 RC 1 2016-06-29 15:09:40 +02:00
Vincent Petry 0ad065cb8d Repair step to adjust link share delete permissions 2016-06-24 09:48:48 +02:00
Christoph Wurst 0c0a216f42
store last check timestamp in token instead of session 2016-06-17 15:42:28 +02:00
Daniel Molkentin e133f7e147 ownCloud 9.1.0 beta 2 2016-06-08 11:31:12 +02:00
Christoph Wurst c58d8159d7
Create session tokens for apache auth users 2016-05-31 17:07:49 +02:00
Victor Dubiniuk 6c70e847dd Add bzip2 to known mimetypes 2016-05-30 18:50:14 +03:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
C Montero-Luque ea6506ac1e 9.1.0 beta 1 2016-05-25 13:16:50 -04:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Vincent Petry b40c0bad96
Increase version for DB addition 2016-05-20 17:56:02 +02:00
Christoph Wurst c28e462583
Use CLOB for auth token names to allow long user agent strings 2016-05-12 11:19:17 +02:00
Christoph Wurst 18704a9fc8
increase version number to trigger db migration 2016-05-11 13:36:46 +02:00
Joas Schilling 8885cb1eb9 Increase all versions on master which is now 9.1 2016-03-02 08:53:42 +01:00
Lukas Reschke 933f60e314 Update author information
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Arthur Schiwon b3ac81f134 exchange user_id_key for a unique one. 2016-02-26 01:02:22 +01:00
Arthur Schiwon 9250704ecb add index definitions for comments tables 2016-02-24 21:48:12 +01:00
Joas Schilling 24c7f38a00 Make sure we can store strings as per the interface 2016-02-22 15:43:20 +01:00
C Montero-Luque 99051cdbe5 9.0.0 beta 2 2016-02-18 14:39:05 -05:00
C Montero-Luque c392cc2b8f 9.0.0 beta 1 2016-02-10 17:31:16 -05:00
Faruk Uzun 6ffd8f3e0d Introduce some mimetypes for richdocuments
* application/vnd.lotus-wordpro
* application/vnd.visio
* application/vnd.wordperfect
* application/msonenote
2016-02-04 13:48:21 +02:00
Roeland Jago Douma 2035a179bc Add store/retrieve checksums
* Add extra db column to filecache
* Bump version
* Update filecache code to actually handle checksum
* Webdav code to store/retrieve checksums
2016-02-03 09:03:51 +01:00
Arthur Schiwon 01cdc70f9c introduce comments read marke tables, comes with user cleanup after deletion 2016-01-29 13:08:02 +01:00
Vincent Petry 7d1416fe12 Increase version due to new tables 2016-01-22 11:04:04 +01:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Roeland Jago Douma 6c77d1734e [Share 2.0] Update db structure to stay backwards compatible 2016-01-06 14:53:43 +01:00
Lukas Reschke 002e719789 Set "SetEnv" within base `.htaccess` file
mod_rewrite as used by the front controller may require a `RewriteBase` in case the installation is done using an alias. Since we cannot enforce a writable `.htaccess` file this will move the `front_controller_active` environment variable into the main .htaccess file. If administrators decide to have this one not writable they can still enable this feature by setting the `front_controller_active` environment variable within the Apache config.
2015-12-01 19:06:48 +01:00
Joas Schilling 3c5a6b829e Allow DI the system tag stuff without Application class 2015-11-30 17:08:29 +01:00
Roeland Jago Douma 5e8256beb8 [Sharing 2.0] Add a new db column for the file owner
We need to store the owner of a file in the db to do efficient queries
on the owner of a file. Without this we need to construct fill paths for
each file id in the table and see who the owner of a file is. Which does
not scale.
2015-11-25 13:17:02 +01:00
Morris Jobke 3778680f3f Drop unused tables principalgroups and principals
* was removed in 3e84f170e7
2015-11-05 08:40:21 +01:00
Lukas Reschke 8f09d5b67c Update license headers 2015-10-26 14:04:01 +01:00
Morris Jobke ee42e9d489 increase core version and add dav version number 2015-10-21 11:36:44 +02:00
Joas Schilling 6ca58cd856 Master is now 9.0.0 development 2015-10-14 07:40:06 +02:00
C Montero-Luque 58b8571454 8.2 RC1 2015-10-06 13:17:12 -04:00
Morris Jobke b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Roeland Jago Douma c80dd82fe4 Added mimetype repair step
* Version number increased
2015-10-02 16:06:56 +02:00
Morris Jobke cc0812332c add more precise version to also repair git master instances 2015-10-01 08:27:12 +02:00
C Montero-Luque 9d1885a535 8.2 beta1 2015-09-18 14:01:46 -04:00
Vincent Petry 180ad9e7df Make version.php PHP 5.3 compatible for the build scripts 2015-09-17 15:50:37 +02:00
Robin McCorkell 5ca690e2f8 Use integer for availability instead of bool 2015-09-15 10:18:32 +02:00
Vincent Petry 2b08659f7d Restrict upgrades to explicit allowed version
version.php now contains the previous ownCloud version from which
upgrades are allowed. Any other upgrades will show a message that the
upgrade/downgrade is not supported.
2015-08-30 18:04:18 +02:00
Robin McCorkell fa8b1074e8 Bump version patch number, fixes #18129 2015-08-11 14:43:32 +01:00
Joas Schilling 20cf8ec205 Add an update script to reset the value
In case encryption was not enabled, we accidently set encrypted = 1 for
files inside mount points, since 8.1.0. This breaks opening the files in
8.1.1 because we fixed the code that checks if a file is encrypted.
In order to fix the file, we need to reset the flag of the file. However,
the flag might be set because the file is in fact encrypted because it was
uploaded at a time where encryption was enabled.

So we can only do this when:
- Current version of ownCloud before the update is 8.1.0 or 8.2.0.(0-2)
- Encryption is disabled
- files_encryption is not known in the app config

If the first two are not the case, we are save. However, if files_encryption
values exist in the config, we might have a false negative here.
Now if there is no file with unencrypted size greater 0, that means there are
no files that are still encrypted with "files_encryption" encryption. So we
can also safely reset the flag here.

If this is not the case, we go with "better save then sorry" and don't change
the flag but write a message to the ownCloud log file.
2015-07-24 10:37:39 +02:00
Morris Jobke ff5bd9d918 Remove index on file_target of share table
* causes issues on InnoDB because it exceeds the maximal key length
  of an index which is 767 (3-byte charset * varchar(512) = 1536)
* fixes #17619
2015-07-14 13:26:51 +02:00
Morris Jobke 4a37d565bd Add indexes to speedup DB queries
* file_target is often used in the sharing code in JOIN statements for retrieval of shares
2015-07-08 18:04:10 +02:00
Frank Karlitschek 2eb9936d77 This will be 8.2 in the future 2015-07-01 10:06:26 -04:00
C Montero-Luque e7a30e091d 8.1 RC2 2015-06-30 19:43:05 -04:00