Commit Graph

6005 Commits

Author SHA1 Message Date
Roeland Jago Douma b543fd8d30
Set proper status code in OCS AppFramework Middleware 2016-07-22 12:53:47 +02:00
Morris Jobke 8c7d7d7746 Merge pull request #507 from nextcloud/run-le-script
Update emails and license headers with latest changes
2016-07-21 23:27:15 +02:00
Lukas Reschke 562e63cf69 Merge pull request #480 from nextcloud/fix_ocs_response_format
AppFramework default response for OCS is xml
2016-07-21 19:52:17 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke 4f42c3d725
Revert "Remove "Help" link from personal sidebar"
This reverts commit deef15a3c7.
2016-07-21 02:25:00 +02:00
Lukas Reschke a9f2789df5
Fix typo 2016-07-21 02:23:42 +02:00
Lukas Reschke 7c6896f091
Link to proper clients 2016-07-21 01:56:47 +02:00
Lukas Reschke 19f770d0db
Port 2d373416d8 to master 2016-07-21 01:43:32 +02:00
Lukas Reschke 977db0a162
Use proper certificates
Ports bcf693539b
2016-07-21 01:34:11 +02:00
Lukas Reschke 9a1ff29351
Use proper documentation links
Since it is just faking the 10 we need to hardcode this here...
2016-07-21 00:36:52 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke adf67fac96
JSON encode the values 2016-07-20 22:47:33 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Roeland Jago Douma e42f2f2650
AppFramework do not get default response
The OCSResponse differs from other responses in that it defaults to
XML. However we fell back to json by default.

This makes sure that if nothing is set we don't pass anything.
Which defaults then to the controllers default (which is often 'json')
but in the case of the OCSResponse 'xml'.
2016-07-20 22:05:43 +02:00
Lukas Reschke 020a2a6958 Merge pull request #476 from nextcloud/port-same-site-cookies
[master] Port Same-Site Cookies to master
2016-07-20 21:35:02 +02:00
Lukas Reschke a17ba2f488 Merge pull request #466 from nextcloud/escape-special-characters
Escape special characters (#25429)
2016-07-20 21:24:19 +02:00
Roeland Jago Douma ea47974a08
Add OCSMiddleware to catch OCS exceptions
* OCSException
* OCSBadRequestException
* OCSForbiddenException
* OCSNotFoundException
2016-07-20 20:03:49 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Morris Jobke e9c85e02ac Merge pull request #462 from nextcloud/master-explode
[master] Use explode() instead of split()
2016-07-20 18:31:11 +02:00
Björn Schießle 7cdf6402ff Merge pull request #472 from nextcloud/show-app-name-in-errormsg
Show app name in error message if app could not be loaded. (#25441)
2016-07-20 18:20:49 +02:00
Morris Jobke 1264e9644f Merge pull request #402 from nextcloud/smb-notifications
smb update notifications
2016-07-20 16:19:21 +02:00
Klaas Freitag 99316ec02c
Show app name in error message if app could not be loaded. (#25441) 2016-07-20 15:16:16 +02:00
Aaron Wood 7c0de08cc4
Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Lukas Reschke 4f90447150
[master] Use explode() instead of split()
Sync from https://github.com/owncloud/core/pull/25488
2016-07-20 14:36:39 +02:00
Björn Schießle 8735a05d93 Merge pull request #441 from nextcloud/fix-maintenance-mode
Fix maintenance mode
2016-07-19 16:59:24 +02:00
Roeland Douma 13a25535d2 Merge pull request #400 from nextcloud/ocs_appframework
OCS routes use AppFramework
2016-07-19 12:21:14 +02:00
Morris Jobke 544c3c1565 Merge pull request #436 from nextcloud/public-regex-to-match-our-clients
Copy the regexes to the public interface
2016-07-19 11:35:10 +02:00
Joas Schilling 80168613be
Fix maintenance mode
When the server is in maintenance mode, apps are not loaded.
That means apps/theming/ is not in the allowed paths. So we
need to check without autoloading, whether the class exists.
2016-07-19 09:54:42 +02:00
Björn Schießle ea470f8777 Merge pull request #405 from nextcloud/theming-fixes
Theming fixes
2016-07-18 15:59:47 +02:00
Joas Schilling b1d652e8b0
Copy the regexes to the public interface 2016-07-18 15:11:44 +02:00
Joas Schilling 9781312648
Prevent syntax error when creating user or changing password 2016-07-18 11:44:10 +02:00
Roeland Jago Douma 0bda09236e
Add route tests 2016-07-18 11:09:49 +02:00
Roeland Jago Douma 94cd83ca00
Make the router handle OCS AppFramework Routes 2016-07-18 11:09:04 +02:00
Roeland Jago Douma 1ff4b7f63d
Allow registering of OCS routes with the appframework 2016-07-18 11:09:04 +02:00
Morris Jobke 5157c5a9c4 Merge pull request #418 from nextcloud/remove_asset_pipeline
Remove asset pipelin
2016-07-18 09:44:35 +02:00
Roeland Jago Douma 72464f1ce4
Remove asset pipelin
Fixes #215

The asset pipeline has shown to do more harm than good. Some apps fail
hard with it. Also it makes sure that you download a huge file on each
unvisited page.
2016-07-15 20:14:11 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Robin Appelman 29eeeb2273 Save the files external mount id in the mount cache table 2016-07-13 16:34:08 +02:00
Robin Appelman e5d7612a19 dont check for pgsql extension during setup 2016-07-12 14:38:24 +02:00
Robin Appelman 7ffda5d10f use pdo for postgres setup 2016-07-12 14:38:24 +02:00
Robin Appelman 8a79d314cf Remove duplicate database connect logic in mysql setup 2016-07-12 14:38:24 +02:00
Bjoern Schiessle 7c64e1973f
add test for needsRebundling() check 2016-07-11 15:51:48 +02:00
Lukas Reschke 0c1cf5f7eb Merge pull request #347 from nextcloud/drop-windows-foo
Remove unneeded checks if it runs on a Windows machine
2016-07-11 13:16:03 +02:00
Joas Schilling 103417fd9c Merge pull request #350 from nextcloud/fix-check-certificate-bundles
fix check if the certificate bundle needs to be updated
2016-07-11 11:04:49 +02:00
Bjoern Schiessle 49cad153af
always check the mtime of the system bundle and additionally the user specific certificate bundle if a user is given 2016-07-08 18:24:37 +02:00
Morris Jobke c2d88a08b7
Remove unneeded checks if it runs on a Windows machine
* the setup check is still there
2016-07-08 15:55:17 +02:00
Morris Jobke 390a996297
Sanitize more config options and stack traces 2016-07-08 14:13:16 +02:00
Lukas Reschke c8ba8f637e Merge pull request #314 from jernst/master
Allow wildcard * to be used in trusted domains
2016-07-07 19:34:11 +02:00