Commit Graph

16986 Commits

Author SHA1 Message Date
MichaIng dcbf8fa8e3
Harden data protection .htaccess
+ Set "Satisfy All" whenever available, as well on Apache 2.4+. This is required to override possible "Satisfy Any" on parent dir, which otherwise would allow direct access to data, regardless of "Require" directive.
+ Set "Deny from all" as well whenever available, to block access regardless of which access control directive takes priority.
+ Assume Apache 2.2 only, if mod_authz_core and mod_access_compat are both not available, to avoid doubled directives. In this case set "Deny from all" directive only if the providing mod_authz_host module is available. "Satisfy" is a core directive on Apache 2.2.
+ Update Apache version strings. Regarding the used directives/modules, Apache 2.4 and 2.5 behave the same.
+ Add ordering spaces to better reflect the nested directives and to match style of other .htaccess files.

Fixes: https://github.com/nextcloud/server/issues/6449

Signed-off-by: Micha Felle <micha@dietpi.com>
2019-08-19 15:09:44 +02:00
Roeland Jago Douma e6c225a3f3
Merge pull request #16766 from nextcloud/fix/frame-src/no-nonce
frame-src doesn't respect the nonce attribute
2019-08-19 09:22:31 +02:00
Nextcloud bot 6725ad213f
[tx-robot] updated from transifex 2019-08-19 02:14:56 +00:00
Nextcloud bot b3880452bb
[tx-robot] updated from transifex 2019-08-18 02:15:40 +00:00
Nextcloud bot 5b09460d4f
[tx-robot] updated from transifex 2019-08-17 02:15:00 +00:00
Roeland Jago Douma c4cafae884
frame-src doesn't respect the nonce attribute
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-16 21:29:57 +02:00
Joas Schilling 810ee7d811
Make the auto-disabled list more broad
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-15 11:12:45 +02:00
Georg Ehrke f6c3424039
Fix tracking of auto disabled apps in Updater
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-15 11:12:43 +02:00
Roeland Jago Douma d14aed1048
Merge pull request #15946 from martink-p/bugxfix/9792/encrypted-external-webdav
Update Encryption.php
2019-08-15 10:22:50 +02:00
Nextcloud bot fdcc654ff6
[tx-robot] updated from transifex 2019-08-15 02:14:35 +00:00
Roeland Jago Douma f7152cccb2
Merge pull request #16572 from nextcloud/fix/15613/bring-back-psql9-compat
instead of upsert query, fallback to default on PSQL <= 9.4
2019-08-14 10:10:37 +02:00
blizzz 2ac01c0203
Merge pull request #16725 from nextcloud/bugfix/noid/syslog-di
Fix loading of the syslog logging class
2019-08-14 09:46:48 +02:00
Arthur Schiwon d0409548c6
instead of upsert, fallback to default query on PgSQL <= 9.4
because there is no upsert yet

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-14 09:05:11 +02:00
Julius Härtl 2efb9a7d90
Make sure SystemConfig class can be injected and syslog_tag is fetched properly
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-13 16:26:18 +02:00
Roeland Jago Douma 145eee91fe
Get the proper UID
Some user backends (like the database backend) allow us to obtain a user
case insensitive. However the UID itself is case sensitive.

Example:
* create a user User1
* login as User1
  - This results the data/User1 folder to be created etc
* now have some code somewhere that obtains the userFolder (from
IRootFolder) but pas in 'uSER1' as uid
  - The code will check if that is a valid user. And in this case it is
  since User1 and uSER1 both map to the same user
  - However the the UID in the user object is used for the folder a new
  folder fill be create data/uSER1

With this PR this is avoided now. Since we obtain the real UID casing in
the backend before creating the user object.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-13 09:33:46 +02:00
Roeland Jago Douma f465f9d4b9
Merge pull request #16721 from nextcloud/fix/16644
Correctly handle emtpy string in proxyuserpwd config
2019-08-11 22:46:01 +02:00
Roeland Jago Douma 9d6eb2daf7
Merge pull request #16179 from J0WI/mv-frameoptions
Add X-Frame-Options header to .htaccess
2019-08-11 21:30:51 +02:00
Scott Shambarger edf946dfc7
Correctly handle emtpy string in proxyuserpwd config
As documented, the default value for config value proxyuserpwd is ''.
However, that value results in the error:
 "cURL error 5: Unsupported proxy syntax in '@'".
This patch handles the values of '' and null (the default in the code)
the same for config values proxyuserpwd and proxy.

Signed-off-by: Scott Shambarger <devel@shambarger.net>
2019-08-11 21:07:30 +02:00
J0WI 1b074f48d8
Remove duplicated spaces
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI 3f2932c75a
Sort headers
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI 76cbd7db6e
Add X-Frame-Options header to .htaccess
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:49 +02:00
Roeland Jago Douma 773ce9e58f
Merge pull request #16613 from nextcloud/enh/featurepolicy
Add Feature-Policy header
2019-08-11 10:16:58 +02:00
Roeland Jago Douma b8c5008acf
Add feature policy header
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Nextcloud bot 11cf253f52
[tx-robot] updated from transifex 2019-08-10 02:14:48 +00:00
Nextcloud bot cb83d0646a
[tx-robot] updated from transifex 2019-08-09 02:14:15 +00:00
Roeland Jago Douma 5d94590cee
Have the OCSBaseResponse call the parent constructor
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-08 09:52:20 +02:00
Roeland Jago Douma b42b26eceb
Merge pull request #15187 from vitormattos/bugfix-create-database-user
Bugfix: user is not allowed
2019-08-08 09:03:48 +02:00
Roeland Jago Douma 6b11862611
Merge pull request #16686 from nextcloud/fix/16684/return_int_getIf
Properly return an int in the getId function of the cache
2019-08-08 08:14:21 +02:00
Nextcloud bot 00c1389628
[tx-robot] updated from transifex 2019-08-08 02:14:43 +00:00
Roeland Jago Douma 650927a822
Properly return an int in the getId function of the cache
fixes #16684

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-07 20:38:42 +02:00
Nextcloud bot 52f24b50f5
[tx-robot] updated from transifex 2019-08-07 02:14:38 +00:00
Nextcloud bot effca30d10
[tx-robot] updated from transifex 2019-08-06 02:14:36 +00:00
Morris Jobke 1d72073e34
Merge pull request #16498 from nextcloud/feature/noid/room_metadata
Allow calendar resources/rooms to provide metadata
2019-08-05 14:52:45 +02:00
Roeland Jago Douma 7b0e11f709
Merge pull request #16639 from nextcloud/feature/noid/new-types
Adding comparaison types: +regex +wildcard (fulltextsearch)
2019-08-05 14:21:12 +02:00
Nextcloud bot 9cf2e84d13
[tx-robot] updated from transifex 2019-08-05 02:14:26 +00:00
Nextcloud bot 4327d275c1
[tx-robot] updated from transifex 2019-08-04 02:15:22 +00:00
Georg Ehrke 3e5946bd0d
Add standard metadata key for room-features
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-02 20:01:32 +02:00
Maxence Lange f10e525e0c comparaison types: +regex +wildcard
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-08-02 12:24:32 -01:00
Nextcloud bot 67f90cb682
[tx-robot] updated from transifex 2019-08-02 02:14:30 +00:00
Georg Ehrke b246e58a1e
Provide standard metadata keys for contact person of a resource
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-01 15:26:11 +02:00
Georg Ehrke 475984ef19
Provide standard metadata keys for location of room
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-01 15:25:43 +02:00
Roeland Jago Douma 2e2d1b6b5c
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare
Fix permission check on incoming federated shares
2019-08-01 10:55:35 +02:00
Georg Ehrke ca060a2a83
sync metadata of rooms / resources with cache
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-01 10:08:56 +02:00
Georg Ehrke 2dc79e5839
Add \OCP\Calendar\IMetadataProvider interface and provider for common metadata keys
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-01 10:08:52 +02:00
Nextcloud bot a1afdac31a
[tx-robot] updated from transifex 2019-08-01 02:15:27 +00:00
Roeland Jago Douma f94ee72507
Add form-action CSP element
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Julius Härtl 22b81ac1e4
Fix permission check on incoming federated shares
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 12:59:51 +02:00
Roeland Jago Douma 1d8b09aa86
Merge pull request #16616 from nextcloud/dep/setEvalScript
setting unsafe-eval is deprecated
2019-07-31 11:01:38 +02:00
Nextcloud bot 3f8f0f7609
[tx-robot] updated from transifex 2019-07-31 02:16:00 +00:00
Roeland Jago Douma 417fbb5d60
setting unsafe-eval is deprecated
This will be removed in a future version of Nextcloud.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-30 16:27:38 +02:00