Commit Graph

46155 Commits

Author SHA1 Message Date
Patrik Kernstock 8cdd906d66 Add "Referrer-Policy" to htaccess file, addresses issue #11099
Signed-off-by: Patrik Kernstock <info@pkern.at>
2018-10-11 19:44:05 +02:00
Roeland Jago Douma dd8350b3b3
Merge pull request #10778 from suntorytimed/patch-1
check for empty string
2018-10-11 19:05:38 +02:00
Julius Härtl 2538079876
Use default favicon on sharing pages
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-10-11 16:29:24 +02:00
Roeland Jago Douma ce15c6c0b3
3rdparty to master followup of #11769
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 15:49:31 +02:00
Roeland Jago Douma 12f921f043
Merge pull request #11769 from nextcloud/3rdparty/remove/random_compat
Remove random_compat
2018-10-11 15:48:03 +02:00
Roeland Jago Douma eed1e6e21c
Merge pull request #11766 from Birkenstab/feature/allow-same-origin-referrer-policy
Allow "same-origin" as "Referrer-Policy"
2018-10-11 15:24:17 +02:00
Joas Schilling f48d5dc27e
Remove random_compat
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-11 14:45:11 +02:00
Roeland Jago Douma 51e96dc3f6
Normalize getUnjailedPath
Fixes #11637

If we do not normalize the unjailed path we might end up with a path
like files/user/folder/. which can break on objectstores

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 14:43:48 +02:00
Moritz Beck b68661ed6e
Allow "same-origin" as "Referrer-Policy"
Fixes #11531

Although "same-origin" is more strict than e.g. strict-origin it showed up a warning in setupcheck
Based on https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Signed-off-by: Moritz Beck <git@birkenstab.de>
2018-10-11 13:17:26 +02:00
Morris Jobke 6e56a7b31e
Merge pull request #11745 from nextcloud/ci/php73
Make php7.3 compatible
2018-10-11 12:23:10 +02:00
Morris Jobke fe45db6ae2
Merge pull request #11744 from burned42/fix_percent_sign_breaking_all_files_view
Remove duplicate call to decodeURIComponent
2018-10-11 12:20:07 +02:00
Roeland Jago Douma fa15c5e636
Merge pull request #11756 from nextcloud/ignore-session-lifetime-if-it-can-not-be-converted-to-a-number
Ignore "session_lifetime" if it can not be converted to a number
2018-10-11 11:42:41 +02:00
Roeland Jago Douma 87eefbd192
Add 7.3 CI to drone
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 11:20:48 +02:00
Roeland Jago Douma f675698551
Allow php7.3
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 11:20:48 +02:00
Daniel Calviño Sánchez c2916b62d3 Ignore "session_lifetime" if it can not be converted to a number
When "session_lifetime" can not be converted to a number the interval
becomes a NaN due to dividing it by 2. This NaN was "dragged" over all
the other mathematical operations and caused the csrftoken to be got
again and again due to an infinite loop with no pauses in "setInterval".
Now, the interval is set to the default value instead if the
"session_lifetime" can not be converted to a number.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-11 10:53:25 +02:00
Roeland Jago Douma 82d4732a01
Merge pull request #11750 from nextcloud/3rdparty/symfony-3.4.17
[3rdparty] Symfony-3.4.17
2018-10-11 10:33:13 +02:00
Roeland Jago Douma 9142e92814
[3rdparty] Symfony-3.4.17
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 09:27:05 +02:00
Morris Jobke 9277d242b0
Merge pull request #11746 from nextcloud/ci/php72-syntax
Add syntax ci job for php7.2
2018-10-11 09:05:14 +02:00
Bernd Stellwag 0f030d885b Remove duplicate call to decodeURIComponent
Signed-off-by: Bernd Stellwag <burned@zerties.org>
2018-10-11 08:00:28 +02:00
Roeland Jago Douma 6680966f7c
Ignore the RiakCache
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-10 22:27:54 +02:00
Roeland Jago Douma 04c80c681d
Add syntax ci job for php7.2
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-10 22:15:59 +02:00
Roeland Jago Douma 793f53c94b
Merge pull request #11701 from nextcloud/dependachristoph/bower/pin-versions
Pin Bower versions
2018-10-10 21:21:16 +02:00
Roeland Jago Douma 2a690db553
Merge pull request #11675 from nextcloud/feature/enforce-2fa-admin-settings
Add admin interface to enforce 2FA
2018-10-10 20:40:30 +02:00
Bjoern Schiessle fd5fc24da2
some small fixes and improvements
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-10 16:07:01 +02:00
Morris Jobke 0acae1d4aa
Merge pull request #11719 from nextcloud/techdebt/noid/allow-to-mock-new-datetime
Allow to inject/mock `new \DateTime()` similar to time()
2018-10-10 14:54:15 +02:00
Morris Jobke eac04adadd
Merge pull request #11689 from nextcloud/performance/normalizePath
Move normalizePath to regexes instead of looping
2018-10-10 14:49:05 +02:00
Christoph Wurst 67c3730fbb
Add admin interface to enforce 2FA
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-10 14:34:52 +02:00
Christoph Wurst f83c7bd2d6
Pin Bower versions
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-10 14:33:33 +02:00
Roeland Jago Douma d5bf2c4523
Move normalizePath to regexes instead of looping
This is IMO a bit more readable and it seems to make the code faster.
Tested it on the company instance where there are over 3k calls to this
function. It shaves off around 10ms.

The advantage here is that the pattern gets optimized by php itsel and
cached.
Also looking for all patterns at the same time and especially no longer
looping for /./ patterns should save time.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-10 13:23:59 +02:00
Joas Schilling 78cc4171ee
Fix mock of ITimeFactory
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-10 12:42:20 +02:00
Christoph Wurst 1dbd7172c3
Merge pull request #11733 from nextcloud/fix/noid/misleading-well-known-check
Fix a misleading setup check for .well-known/caldav & carddav
2018-10-10 12:41:32 +02:00
Morris Jobke b8d54bd53a
Fix a misleading setup check for .well-known/caldav & carddav
The problem is that the version without the slash is the correct one.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-10 10:41:02 +02:00
Nextcloud bot 7c26bbbd82
[tx-robot] updated from transifex 2018-10-10 00:13:11 +00:00
Roeland Jago Douma a9f4817b65
Merge pull request #11622 from nextcloud/feature/11617
Add function to generate urls for OCS routes
2018-10-09 20:50:37 +02:00
Bjoern Schiessle 9e76d4049a
adjust tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-09 18:31:33 +02:00
Bjoern Schiessle 3fa13e791e
always query the lookup server in a global scale setup and have a nicer label
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-09 17:47:29 +02:00
Morris Jobke ab3599155f
Merge pull request #11716 from nextcloud/bugfix/noid/use-numeric-placeholders-for-rtl-translations
Use numeric placeholders if there are multiple, so that RTL languages…
2018-10-09 16:31:52 +02:00
Roeland Jago Douma c97b4274cc
Add function to generate urls for OCS routes
fixes #11617

The OCS routes are only absolute for now as they are often exposed to
the outside anyway and are on a different endpoint than index.php in
anyway.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-09 15:41:50 +02:00
Joas Schilling 840dd4b39c
Allow to inject/mock `new \DateTime()` similar to time()
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 15:38:31 +02:00
Morris Jobke 031add6acc
Merge pull request #11721 from nextcloud/revert-10782-fix/10774/deadtagaction
Revert "in 14 the click action gets lost in the Backbone view."
2018-10-09 15:33:10 +02:00
Morris Jobke ddfc362779
Revert "in 14 the click action gets lost in the Backbone view." 2018-10-09 15:33:01 +02:00
Morris Jobke 877823eb9d
Merge pull request #11709 from nextcloud/refactor/jquery-beforeunload
Fix depracted jQuery.bind call
2018-10-09 14:48:42 +02:00
Morris Jobke dcf5a57d01
Merge pull request #11691 from nextcloud/refactor/fix-usage-deprecated-oc-webroot
Fix usage of deprecated OC.webroot
2018-10-09 14:47:14 +02:00
Morris Jobke 7e7a14cc9a
Merge pull request #11698 from nextcloud/refactor/cleanup-github-files
Move GitHub files to .github directory
2018-10-09 14:45:59 +02:00
Joas Schilling ea21aa3f7a
Use numeric placeholders if there are multiple, so that RTL languages can operate better
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 14:32:14 +02:00
Christoph Wurst 9af69ca2a5
Fix usage of deprecated OC.webroot
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-09 13:53:59 +02:00
Morris Jobke 8b38b601e5
Merge pull request #11705 from nextcloud/certificate/noid/update-crl
Update CRL due to changed cert for linkshareex
2018-10-09 13:15:42 +02:00
Christoph Wurst 912729c427
Fix depracted jQuery.bind call
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-09 12:00:48 +02:00
Morris Jobke 6a908b2479
Update CRL due to changed cert for linkshareex
See https://github.com/nextcloud/app-certificate-requests/pull/193

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-09 11:55:40 +02:00
Morris Jobke ea411ccec4
Merge pull request #11677 from nextcloud/feature/appdata_previews
Allow the creationg of previews of files stored in appdata
2018-10-09 11:47:14 +02:00