Commit Graph

31851 Commits

Author SHA1 Message Date
Lukas Reschke 2da43e3751
Do not allow directory traversal using "../"
We should not allow directory traversals using "../" here.

To test access the following URL once with and then without this patch:

http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
2016-07-01 13:33:00 +02:00
VicDeo 9fcb26910e
occ web executor (#24957)
* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
2016-07-01 11:31:57 +02:00
Lukas Reschke 2c785ebdf1
Merge remote-tracking branch 'upstream/stable9' into stable9-sync-upstream 2016-07-01 11:31:15 +02:00
VicDeo 21bdd3005b Fix OC_Helper::rmdirr for nested symlinks (#25255) 2016-07-01 11:31:02 +02:00
Thomas Müller 4ac256ea6c [stable9] Fix decrypt message stable9 (#25188)
* Fix Decrypt message via occ

* Comments fixed

* Fixed reviews

* Originally:
commit 2304e4bda027e61ff1302c55c2f70f8e4c8f47d0
Author: Joas Schilling <nickvergessen@owncloud.com>
Date:   Tue Jun 7 09:13:11 2016 +0200

    Allow to decrypt user '0' files only

* Fix uid comparison
2016-07-01 11:30:39 +02:00
Thomas Müller 4a4103b923 Suppress warnings from DAV migration if there's nothing to do (#25279) 2016-07-01 11:30:14 +02:00
Vincent Petry abdc587b5c Merge pull request #25264 from owncloud/stable9-search-fixsearchfromotherfilelists
[stable9] Fix search result link for file results outside default list
2016-07-01 11:22:35 +02:00
Vincent Petry 98818283e5 Merge pull request #25234 from owncloud/stable9-iedavclient-nullheaders
[stable9] Init the headers in iedavclient.js
2016-07-01 11:22:06 +02:00
Morris Jobke 23cc465b0d Merge pull request #254 from nextcloud/fix-229-stable9
[stable9] get only vcard which match both the address book id and the vcard uri
2016-06-30 17:43:46 +02:00
Bjoern Schiessle 3cb7672b06
initial commit for the theming app 2016-06-30 17:26:03 +02:00
Björn Schießle eed6c6a8b9 Merge pull request #266 from nextcloud/fix-262
[stable9] getShareByToken() should also consider remote shares
2016-06-30 17:17:21 +02:00
Lukas Reschke d52343fc4e Merge pull request #260 from nextcloud/fix-versions-stable9
[stable9] check permissions before rollback
2016-06-30 17:15:28 +02:00
Lukas Reschke 912f07e2a9 Merge pull request #249 from nextcloud/add-exemption-for-acs
[stable9] Add exemption for ACS endpoint
2016-06-30 17:06:11 +02:00
Marius Blüm 1f9735b204 Merge pull request #261 from nextcloud/stable9-fix243
[stable9] targets 3rdparty submodule from Nc instead of oC
2016-06-30 17:05:36 +02:00
Morris Jobke 07c43751d1 Merge pull request #265 from nextcloud/stable9-add-wnd
[stable9] Backport WND
2016-06-30 16:47:29 +02:00
Bjoern Schiessle 347787d92c
getShareByToken() should also consider remote shares 2016-06-30 16:45:13 +02:00
Marius Blüm 212ff8ef6f Merge pull request #251 from nextcloud/make-it-user-saml
Mark user_saml official and kill user_shibboleth
2016-06-30 16:36:23 +02:00
Morris Jobke be7980c826 Merge pull request #263 from nextcloud/dav-permission-check-stable9
add some additonal permission checks to the webdav backend
2016-06-30 15:59:21 +02:00
Lukas Reschke da0666e4f0
Name method properly 2016-06-30 15:37:33 +02:00
Lukas Reschke a80af7079d
[stable9] Backport WND
Backports:

- https://github.com/nextcloud/server/pull/233
- https://github.com/nextcloud/server/pull/190
- https://github.com/nextcloud/server/pull/188
2016-06-30 15:36:03 +02:00
Lukas Reschke 29929c9728 Merge pull request #240 from nextcloud/password_policy_events_stable9
[stable9] add events to check passwords with the password policy app
2016-06-30 15:06:40 +02:00
Bjoern Schiessle 3491400261
add some additonal permission checks to the webdav backend 2016-06-30 15:05:13 +02:00
Marius Blüm 4b05f1c7b4 targets 3rdparty submodule from Nc instead of oC
* backport of #245
* fixes #243
2016-06-30 14:51:47 +02:00
Lukas Reschke 723cf78169 Merge pull request #259 from nextcloud/stable9-set-disposition
[stable9] Set content-type to "application/octet-stream"
2016-06-30 14:29:11 +02:00
Bjoern Schiessle 1208953ba1
check permissions before rollback 2016-06-30 14:22:40 +02:00
Lukas Reschke 94975af6db
[stable9] Set content-type to "application/octet-stream"
Some browsers such as Firefox on Microsoft Windows otherwise do offer to open the file directly which is kinda silly.

Backport of https://github.com/nextcloud/server/pull/258
2016-06-30 13:04:54 +02:00
Bjoern Schiessle 6a61cc0e35
get only vcard which match both the address book id and the vcard uri 2016-06-30 10:46:21 +02:00
Lukas Reschke 5037d097e1 Mark user_saml official and kill user_shibboleth 2016-06-30 00:52:56 +02:00
Lukas Reschke f56ea98993
Add exemption for ACS endpoint
In a SAML scenario we don't get any strict or lax cookie send for
the ACS endpoint. Since we have some legacy code in Nextcloud
(direct PHP files) the enforcement of lax cookies is performed here
instead of the middleware.

This means we cannot exclude some routes from the cookie validation,
which normally is not a problem but is a little bit cumbersome for
this use-case.

Once the old legacy PHP endpoints have been removed we can move
the verification into a middleware and also adds some exemptions.

Not super awesome code to have but the best that I could come up
with that doesn't add another ton of technical debt.
2016-06-29 19:51:27 +02:00
Björn Schießle 1f71285137
get only vcards which match both the address book id and the vcard uri (#25294) 2016-06-29 12:18:28 +02:00
Daniel Molkentin 735411d166 ownCloud 9.0.3 2016-06-29 11:20:32 +02:00
Bjoern Schiessle 27059107f8
add events to check passwords with the password policy app 2016-06-28 11:43:23 +02:00
Lukas Reschke 95f6dd909b Merge pull request #227 from nextcloud/stable9-channel-should-be-inside-config
[stable9] Move OC_Channel to system config
2016-06-27 21:20:36 +02:00
Lukas Reschke 9f7141d26d
Move OC_Channel to system config
The Nextcloud and ownCloud updaters allow someone to configure a custom release channel, this can then be used to publish different versions. (e.g. one channel stays on 9.x while another one already gets 10.x)

There is however one big problem with it: The value is effectively stored in the app config, which is stored in the database. So to be able to read the update channel a connection to the database is necessary. This is quite error prone and also causes some of the issues in the original ownCloud updater.

This moves the channel registration to the config.php and also includes a repair step.
2016-06-27 17:13:40 +02:00
Marius Blüm efc4a1b3bf Merge pull request #228 from nextcloud/show-updater-all-the-time
Revert "[stable9] Don't show the updater if updater is incompatible"
2016-06-27 06:53:20 +02:00
Morris Jobke 62391e9776 Merge pull request #210 from Zollak/stable9-config-sample
[stable9] changed ownCloud to Nextcloud, updated config options
2016-06-26 23:59:44 +02:00
Patric Lenhart c9898fac4a removed more options that are not in stable9 2016-06-26 23:32:40 +02:00
Lukas Reschke f896470542
Revert "[stable9] Don't show the updater if updater is incompatible"
This reverts commit 5e2bf16db1.
2016-06-26 17:33:05 +02:00
Patric Lenhart 506e739a20 removed parameter that is not relevant for stable9 2016-06-26 15:17:38 +02:00
Lukas Reschke 49a916fb46 Merge pull request #225 from nextcloud/stable9-upstream-sync
[Stable9] upstream sync
2016-06-26 14:50:58 +02:00
Lukas Reschke dcb5f00461
Merge remote-tracking branch 'upstream/stable9' into stable9-upstream-sync 2016-06-26 12:48:19 +02:00
Vincent Petry fd05ff0392
Hide search results after switching directory
When clicking on a folder result in the search result list, the result
box for "results in another folder" must disappear.
2016-06-24 17:14:12 +02:00
Vincent Petry 3128a2c03e
Fix search result link for file results outside default list
When outside the "All files" list, the search result link must properly
redirect to the "All files" list.
2016-06-24 17:14:04 +02:00
Christoph Wurst 907c90165a Merge pull request #25256 from owncloud/stable9-setupchecks-preventreload
[stable9] Don't reload page in case of auth errors during setup checks
2016-06-24 17:12:42 +02:00
Marius Blüm ea327cdea1 Merge pull request #216 from nextcloud/stable9-replace-occurence-of-owncloud-by-nextcloud
[stable9] Replace occurence of "ownCloud" by "Nextcloud"
2016-06-24 15:01:53 +02:00
Marius Blüm 7a3aafda96 Replace occurence of "ownCloud" by "Nextcloud"
* backport of #214
2016-06-24 12:50:43 +02:00
Vincent Petry e366ed6485
Don't reload page in case of auth errors during setup checks
If an error occurs during setup checks, do not let the global ajax
error handler reload the page.
2016-06-24 09:51:26 +02:00
Vincent Petry eb8e151458 Merge pull request #25248 from owncloud/stable9-unique_targets
[stable9] On mount make sure multiple shares with same target map to unique one…
2016-06-23 18:08:54 +02:00
Patric Lenhart 2cf4ae2925 changed ownCloud to Nextcloud, updated config options 2016-06-23 16:11:56 +02:00
Roeland Douma b6192c39d8
On mount make sure multiple shares with same target map to unique ones (#23937)
Scenario:
user0 shares a folder 'foo' with user2
user1 shares a folder 'foo' with user2
user2 logs in

Before: show only the 'foo' from user1

After: show both.

* Added intergration tests
2016-06-23 14:27:51 +02:00