Commit Graph

6465 Commits

Author SHA1 Message Date
Lukas Reschke 9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Morris Jobke 169faf8c32
Remove sensible information from exception message
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 11:42:04 +02:00
Olivier Mehani 19ad058d06
Add message to NotSquareException thrown from Avatar
This prevents cryptic messages such as the following, from `user_ldap`:

     Could not set avatar for uid=user,ou=People,dc=example,dc=net, because:

Signed-off-by: Olivier Mehani <shtrom@ssji.net>

Add message to NotPermittedException thrown from Files\Nodes\Folder

Ditto.

Don't use translation macros here as this seems to be pretty low-level
errors that generally get caught and prettified, and I don't want to
unduly clog down the lower layers.

Signed-off-by: Olivier Mehani <shtrom@ssji.net>

fixup! Add message to NotPermittedException thrown from Files\Nodes\Folder
2016-10-24 11:27:27 +02:00
Roeland Jago Douma ab91fa2660 Merge pull request #1820 from nextcloud/4byte-filenames
Allow 4byte unicode filenames on supported platforms
2016-10-24 10:38:25 +02:00
Roeland Jago Douma 7998689bc9
Added method to DB and fix test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 09:45:04 +02:00
Lukas Reschke 1be6213ba4 Merge pull request #1832 from nextcloud/select2-into-core
Select2 into core
2016-10-22 14:35:07 +02:00
John Molakvoæ 3e5e07aa64
Template css order
Select2 systemtags removal
Settings again
Fix Script

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2016-10-21 16:56:31 +02:00
Joas Schilling 0b1fb180a5
Make AppConfig part of the public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00
Morris Jobke 2799b0a821 Merge pull request #1835 from nextcloud/downstream-24948
Move OC\Files\Storage\Shared to the right namespace
2016-10-20 23:48:15 +02:00
Vincent Petry 9e9fef46d9
Get rid of very old oc:// stream wrapper (#26381) 2016-10-20 20:46:30 +02:00
Morris Jobke d9aeee2aa1 Merge pull request #1826 from nextcloud/downstream-26391
Fix post_unshareFromSelf hook parameter format
2016-10-20 20:44:05 +02:00
Vincent Petry fca8bd44ab
Fix shared storage namespace in DecryptAll class 2016-10-20 20:36:50 +02:00
Joas Schilling 246bb9f33d
Move OC\Files\Storage\Shared to the right namespace 2016-10-20 20:27:44 +02:00
Sergio Bertolín 0417cbafd0
Changed request to not add a prefix to the url (#26256)
* Changed request to not add a prefix to the url

* Expecting forbidden instead of service unavailable

* Handling login exceptions
2016-10-20 17:21:08 +02:00
Vincent Petry d4976e5554
Fix post_unshareFromSelf hook parameter format
When unsharing from self in a group share situation, the share items
passed to the post_unshareFromSelf hook were using the wrong format in
which the attribute names (ex: "share_type") have non camel-case format.

This fix makes sure that in group sharing case we use the correct
format. It looks like the code was already producing it but in
array_merge it was not using it and adding the unprocessed one.
2016-10-20 16:09:08 +02:00
Thomas Müller ef842ef20a
Ensure $commands being an array - fixes #26073 2016-10-20 15:40:27 +02:00
Robin Appelman 3a8e75a814
Allow 4byte unicode filenames on supported platforms
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-20 14:26:09 +02:00
Joas Schilling b35d2fd8f2
Allow rich object subjects for Notifications
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:59 +02:00
Joas Schilling 2098648850
Add Rich Object Definitions and a validator
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:51 +02:00
Morris Jobke f7ca3ec201
Remove unneeded compatibility polyfills
- `Object.create` supported with IE9+: https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Object/create#Browser_compatibility
- `Object.keys` supported with IE9+: https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Object/keys#Browser_compatibility
- `Array.prototype.filter` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter#Browser_compatibility
- `Array.prototype.indexOf` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf#Browser_compatibility
- `Array.prototype.map` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/map#Browser_compatibility
- `Function.prototype.bind` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/bind#Browser_compatibility
- `String.prototype.trim` supported with IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim#Browser_compatibility
- `outerHTML` supported with Firefox 11+: https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML#Browser_compatibility
- `window.devicePixelRatio` supported in IE11+: http://caniuse.com/#feat=devicepixelratio

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-20 10:17:18 +02:00
Morris Jobke a8cf110ec6
Remove unneeded placeholder polyfill
* placeholders are supported in IE11+
* http://caniuse.com/#feat=input-placeholder

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-20 00:00:25 +02:00
Arthur Schiwon 5d98ab83e9
resolve displayname via manager and registerable resolvers
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-19 00:34:00 +02:00
Arthur Schiwon fea3e20a80
move mention extraction to (I)Comment and report mentions via DAV
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-19 00:33:55 +02:00
Joas Schilling 64c9ef96c4
Fix like queries in the QueryBuilder
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Joas Schilling 15bbe02106
Ignore failures of collation change in the pre update step
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Joas Schilling 9356a0e583
Correctly save and pass on the charset
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Thomas Müller a7245ea082
Fixing ctor call 2016-10-19 00:15:01 +02:00
Morris Jobke cc28f82b36
Add config option to update charset of mysql to utf8mb4
* fully optional
* requires additional options set in the database
2016-10-19 00:15:01 +02:00
Lukas Reschke c55a737b26 Merge pull request #1734 from nextcloud/setvalue_opt
AllConfig setUserValue opt
2016-10-18 17:16:25 +02:00
Morris Jobke deb59d3d48 Merge pull request #1722 from nextcloud/hide-storage-warnings
hide storage wrapper warning for the readonly storage
2016-10-18 16:15:52 +02:00
Morris Jobke 96f8f209b9 Merge pull request #1449 from nextcloud/comments-user-mention
Notifications for simple @-mentioning in comments
2016-10-17 09:30:47 +02:00
Lukas Reschke 62e19dfa80 Merge pull request #1441 from nextcloud/getby-id-less-queries
optimize Folder::getById to use less queries
2016-10-14 15:18:23 +02:00
Christoph Wurst 53eb0f7f42 Merge pull request #1037 from nextcloud/no-double-token-update
dont update the auth token twice
2016-10-14 14:53:17 +02:00
Roeland Jago Douma 77272ea52d
Use cache to determine if value need to be updated
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-13 19:40:40 +02:00
Morris Jobke 4d2835802f
hide storage wrapper warning for the readonly storage
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-13 14:37:31 +02:00
Arthur Schiwon 1bcd2ca8e3
emit pre-update event for comments
* notifications can be cleaned up, no polluted DB
* updating comments will re-notify users or remove notifications, depending on the message

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-12 18:06:22 +02:00
Robin Appelman 1484d01ff6
explicitly cast to int
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-12 16:12:39 +02:00
Robin Appelman 240538d9e6
reuse share node when creating a share
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-12 16:12:36 +02:00
Robin Appelman 37eded7e7c
Always unlock node after trying to create a share
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-12 16:12:29 +02:00
Robin Appelman 0d842e0550
optimize Folder::getById to use less queries
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-12 16:12:28 +02:00
Thomas Müller c5ca71ee82
[9.2] Register commands in info.xml (#26248)
* Use DI to load console commands from the apps - class name to be defined in the info.xml

* Load commands from info.xml

* Fix unit test

* Allow Di magic for IMountManager

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-11 19:48:26 +02:00
Robin Appelman 25ed6714c7
dont update the auth token twice
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-11 11:05:25 +02:00
Joas Schilling 356ac5d42f
Add app name to the call
Regression from 69b063f4c6

Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-10 16:34:14 +02:00
Roeland Jago Douma 2dcd97bf14 Merge pull request #1672 from nextcloud/cache_non_exisiting_db_user
Cache non existing DB user
2016-10-10 10:52:07 +02:00
Christoph Wurst a0cb809342 Merge pull request #1660 from nextcloud/add-notification-icon-to-api
Add an icon to the notification API
2016-10-10 09:32:34 +02:00
Roeland Jago Douma 1273d82e8b
Cache non existing DB user
We always query the database backend. Even if we use a different one
(ldap for example). Now we do this everytime we try to get a user object
so caching that a user is not in the DB safes some queries on each
request then (at least 2 what I found).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-10 09:30:36 +02:00
Morris Jobke e5fd9c1e1a Merge pull request #1640 from nextcloud/less_queries_group_share
More efficient group share resolving
2016-10-10 09:26:11 +02:00
Morris Jobke 195fc041da Merge pull request #1663 from nextcloud/dont-reparse-info-xml
Dont reparse info xml + cache AppInfo XML
2016-10-10 09:22:43 +02:00
Morris Jobke 8920c87dce Merge pull request #1658 from nextcloud/fix-log.condition
Default to empty string
2016-10-09 23:39:09 +02:00
Lukas Reschke 0245dd7221
Simplify isSubDirectory check
Shaves off another 9ms per request as can be seen at https://blackfire.io/profiles/compare/dd54cef3-e58d-4a22-b8f4-c7c4b70697be/graph

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-07 21:56:43 +02:00
Lukas Reschke 0c2b17c80f
Cache AppInfo in Memory Cache if configured
This saves around 20ms on a bare-bone instance, on bigger ones more (depending on the number of installed apps).

See https://blackfire.io/profiles/compare/fc326ad3-100d-49b8-8ea9-8343240f53f3/graph

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-07 21:29:23 +02:00
Thomas Müller 67d3574bdf
Don't parse info.xml but reuse already cached app infos - fixes #25603 (#25968)
* Don't parse info.xml but reuse already cached app infos - fixes #25603

* Use === in InfoParser. Fixes test

* InfoParser should not depend on UrlGenerator - fixes issue with session being closed too early
2016-10-07 20:58:22 +02:00
Arthur Schiwon e1073cf442
Notificacations for simple @-mentioning in comments
(WIP) notify user when mentioned in comments

Fix doc, and create absolute URL for as notification link.

PSR-4 compatibility changes

also move notification creation to comments app

Do not notify yourself

unit test for controller and application

smaller fixes

- translatable app name
- remove doubles in mention array
- micro perf optimization
- display name: special label for deleted users, keep user id for users that could not be fetched from userManager

Comment Notification-Listener Unit Test

fix email adresses

remove notification when triggering comment was deleted

add and adjust tests

add missing @license tags

simplify NotificationsController registration

appinfo simplification, php docs

make string easier to translate

adjust test

replace dispatcher-based listeners with a registration method and interface

safer to not pass optional data parameter to setSubject for marking as processed. ID and mention suffices

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

update comment

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-07 17:11:19 +02:00
Joas Schilling c77933ca22
Add an icon to the notification API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-07 17:00:24 +02:00
Lukas Reschke ab4353457d
Default to empty string
Otherwise `null` is returned which leads to a ton of similar error messages if the log condition setting is enabled.:

```
{"reqId":"3wVBarnDfOV3qkI1bVCU","remoteAddr":"89.98.78.41","app":"PHP","message":"hash_equals(): Expected user_string to be a string, null given at \/var\/www\/html\/lib\/private\/Log.php#275","level":3,"time":"2016-10-07T14:22:15+00:00","method":"PROPFIND","url":"\/remote.php\/webdav\/","user":"icewind"}
```
2016-10-07 16:23:05 +02:00
Morris Jobke c4b2639585 Merge pull request #1514 from nextcloud/integration-tests-orphaned-shares
Integration tests orphaned shares + Prefilter inaccessible shares
2016-10-06 22:58:56 +02:00
Roeland Jago Douma 990f4a182d
More efficient group share resolving
When resolving a group share to the user group share we used to do this
on a per share basis. Now we try to do this for all group shares at
once. Of course still chunked.

Before: N incomming group shares this would mean 1 + N queries
Now: N incomming roups shares this would mean 1 + 1 queries

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-06 19:31:28 +02:00
Joas Schilling a0b34dfd2f Merge pull request #1629 from nextcloud/cleanup-settings-application
Cleanup settings Application class
2016-10-06 16:57:39 +02:00
Vincent Petry 626daabb56
Prefilter inaccessible shares in DefaultShareProvider::getSharedWith()
The DefaultShareProvider now does a DB-level check to find out whether
file_source is accessible at all (deleted file) or whether it's in the
trashbin of a home storage.

One small corner case where the home storage id is in md5 form cannot
be covered properly with this approach.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-06 13:57:58 +02:00
Morris Jobke 0eb992062a log version number in each log line
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-06 12:42:46 +02:00
Lukas Reschke ea9b1cc340 Merge pull request #1306 from nextcloud/simplefs
Introducing AppData
2016-10-06 09:25:15 +02:00
Lukas Reschke da0d0d82c8 Merge pull request #1586 from nextcloud/issue-1466-fix-multi-translation-names-and-descriptions
Allow multiple names and description
2016-10-05 19:06:22 +02:00
Joas Schilling 8b3deb00b3
When we can not create the class, try if the variable is a registered service
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-05 16:33:19 +02:00
Roeland Jago Douma a7be37d735
DI fails for bg job
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:17 +02:00
Roeland Jago Douma 2578a81573
Fix repair
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma 735abbc8fb
Use a backgroundjob to move avatars
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma 851769adc8
Deprecate old app folder
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma f23390ed02
Kill users with the reserved name on login
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma 3260f69590
Add for proper DI
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma 92dc9e6899
Avatar migration step
* Skip move avatar if avatars disabled

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma 6807cb684f
avatar to appdata
* Fix AvatarTest

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma ac38a3a654
Add Tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma 5d8b941fea
Initial AppData
* Introduce simpleFS
* Introduce IAppData
* Introduce AppData Factory to get your AppData folder
* Update FileDisplayResponse

* AppData implements a ISimpleRoot but lazy. So only if an apps starts
  to access data will stuff get initialized

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:14 +02:00
Joas Schilling 53ed3da052
Fallback from "de" to "de_DE" and the other way around
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-04 13:29:54 +02:00
Lukas Reschke bf0371429c
Remove database requirement from test
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-03 14:15:18 +02:00
Morris Jobke 5dacd51c14
Use proper casing of username in avatar filesystem setup
* before you could request an avatar for User instead of user
  which sets up the filesystem for that user twice causing
  the sharing codes collision detection to detect a lot of
  collisions

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-03 14:00:57 +02:00
Joas Schilling 3a5022ad5b
Allow multiple names and description
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-30 11:00:58 +02:00
Morris Jobke 85522ff1ed Merge pull request #1558 from nextcloud/remove-notifications-upon-user-deletion
Remove notifications upon user deletion
2016-09-30 00:34:19 +02:00
Joas Schilling 6188955ed5 Do not break the output when running _completion
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:57:10 +02:00
Joas Schilling 4d1acfd4ef
Only trigger postDelete hooks when the user was deleted...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:40:53 +02:00
Joas Schilling 5b7b8f8dac
Remove notifications upon user deletion
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:40:52 +02:00
Morris Jobke 19f94ac5f9 Merge pull request #1549 from nextcloud/kill-update-simulation
Kill update simulation
2016-09-28 16:29:09 +02:00
Lukas Reschke c4d263199c Merge pull request #1521 from nextcloud/fix-mimetypedetect-hiddenfolder
Fix mimetype detection inside hidden folders (#26138)
2016-09-27 18:52:48 +02:00
Vincent Petry da0cea404d
Kill update simulation
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-27 18:43:53 +02:00
Joas Schilling 615b69677e
Use the same URL everywhere
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-27 14:52:22 +02:00
Joas Schilling 6f955defe4
Return the autoupdater value from the server
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-27 14:38:10 +02:00
Morris Jobke 6a3e0f33b3 Merge pull request #1489 from nextcloud/fix-status-code-when-app-is-disabled
Return 404 on v2.php when the app is disabled
2016-09-27 11:04:57 +02:00
Morris Jobke 71fc9303c3 Merge pull request #1516 from nextcloud/fix-openbasedir-realpath-warning
Only use realpath for real directories (#26058)
2016-09-27 00:10:23 +02:00
Lukas Reschke a43c680d9f Merge pull request #1499 from nextcloud/updater
Add repair step and revert "Open updater" button
2016-09-26 22:28:21 +02:00
Lukas Reschke 598b243838 Merge pull request #1426 from nextcloud/sanitze_opt
Optimize sanitizeName
2016-09-26 14:10:50 +02:00
Juan Pablo Villafáñez 26f1ea1cea
Change the minimum log level to fatal
Downstreaming of https://github.com/owncloud/core/pull/26213

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 11:41:20 +02:00
Vincent Petry 9b4de310bd
Fix mimetype detection inside hidden folders (#26138)
Downstreaming of https://github.com/owncloud/core/pull/26138

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 11:31:03 +02:00
Vincent Petry 1f21a132c7
Only use realpath for real directories (#26058)
In some cross-local-storage use cases, the Local storage is
instantiated with "/" as data directory. In such cases, calling
realpath() would cause PHP warnings when open_basedir is set.

This fix bypasses the realpath() call when dealing with a root storage.

Downstreaming of https://github.com/owncloud/core/pull/26058

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 11:21:47 +02:00
Lukas Reschke 19ad11cce4
Graceful error handling and logging
Right now a failed "copyr" will result in the error log being spammed with not really helpful error messages. Also situations such as `$dir` returning `false` are not really caught.

This adds more error handling and logging to make debugging such situations easier.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-25 19:03:42 +02:00
Morris Jobke bf7cbe32c8
Add repair step to remove .step file after update
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-09-23 13:39:06 +02:00
Joas Schilling 78210c8300
Return 404 on v2.php when the app is disabled
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-22 12:18:40 +02:00
Joas Schilling d9063b6141
Use default value instead of throwing when the service could not be found 2016-09-20 13:26:06 +02:00
Roeland Jago Douma e200eda18d
Optimize sanitizeName 2016-09-16 09:52:52 +02:00
Roeland Jago Douma 7c078a81b4
Add trict CSP to OCS responses
If a repsonse now explicitly has the Empty CSP set then the middleware
won't touch it.
2016-09-15 13:11:36 +02:00
Lukas Reschke c5189a93db Merge pull request #1375 from nextcloud/display-that-updating-failed-for-htaccess
Display an error when updating .htaccess failed
2016-09-14 14:26:41 +02:00
Morris Jobke e39e1bdf4e Merge pull request #1395 from nextcloud/issue-369-htaccess-max-sizes
Make sure memory limit is > post size and upload filesize
2016-09-13 22:39:08 +02:00
Roeland Jago Douma edb4a680e0 Merge pull request #1348 from karakayasemi/patch-1
Bug fix CachedMountInfo for user home storage
2016-09-13 21:55:14 +02:00
Roeland Jago Douma b6439da128 Merge pull request #1338 from nextcloud/fix-trashbin-errors
Opening the trashbin causes errors in log for files without preview
2016-09-13 19:23:51 +02:00
Joas Schilling a3c8534b7b
Make sure memory limit is > post size and upload filesize 2016-09-13 16:50:36 +02:00
Joas Schilling 4b26d7d86a
Update docs 2016-09-13 10:51:48 +02:00
Joas Schilling 1675542df4
Display an error when updating .htaccess failed 2016-09-13 10:51:48 +02:00
Thomas Müller 6eba111e09
Fix failing preview unit tests (#26039) 2016-09-12 16:46:39 +02:00
Roeland Jago Douma 959bf0d1a7
Cache the build ControllerName
Often a route.php file will have many N routes but only M controllers.
Where N >= M. Which means that in most cases the ControllerName will be
converted multiple times. This is of course far from ideal.

Note that this is per app so the cache will contain at most N entries.
Which is not to bad.
2016-09-11 13:25:32 +02:00
Semih Serhat Karakaya cfc1c7cbd2 Update CachedMountInfo for user home storage
In getMountPointNode function rootId is not inside of the userFolder for home storage. We was searching '/user' folder in '/user/files' folder. So, it was return NULL. I moved searching part to parent folder. It solves everything. Also, obviously other storage types not affect then this change.

Related owncloud commit :
https://github.com/owncloud/core/pull/26017
2016-09-09 18:07:21 +03:00
Morris Jobke f56ae37e8f
Opening the trashbin causes errors in log for files without preview
* put a file without a generated preview in the trashbin
  (e.g. a *.docx file)
* open the trashbin
* following errors will show up in the nextcloud.log:
	- filesize(): stat failed for ...
	- fopen(...): failed to open stream: No such file or directory at ...
	- fread() expects parameter 1 to be resource, boolean given at ...
	- fclose() expects parameter 1 to be resource, boolean given at ...
	- imagecreatefromstring(): Empty string or invalid image at ...

This is because the preview code tries to load an SVG image, which
is obviously only text.

The fix simply handles this before the loading happens and the web UI
keeps showing the default mimetype icon.
2016-09-09 13:53:06 +02:00
Morris Jobke c16aefcff5 Merge pull request #1317 from nextcloud/add-sharing-disclaimer
Adding a optional disclaimer to the anonymous upload page
2016-09-08 21:18:28 +02:00
Morris Jobke 5ac26d12f0 Merge pull request #1247 from nextcloud/storage-id-global-cache
more efficient querying of numeric storage ids
2016-09-08 21:09:14 +02:00
Morris Jobke 6bb95de1c5
Adding a optional disclaimer to the anonymous upload page 2016-09-08 18:44:27 +02:00
Joas Schilling 0cec06d0c8
Change updater URL 2016-09-08 12:30:17 +02:00
Lukas Reschke ff691b4d8a Merge pull request #836 from nextcloud/php7.1
Add PHP 7.1 drone tests
2016-09-08 09:19:59 +02:00
Joas Schilling cdfe538452 Merge pull request #1243 from nextcloud/fix-detection-of-file-types-a-bit
Fix detection of file types a bit
2016-09-08 09:19:33 +02:00
Roeland Jago Douma fb4850ffa8
Fix intergrity checker
* Set salt length to 0
  See https://tools.ietf.org/html/rfc3447#page-38
* Fix tests for new phpunit
2016-09-07 22:09:29 +02:00
Thomas Müller 1631ef5acc
Initialize array elements properly 2016-09-07 22:09:08 +02:00
Robin Appelman e8e950a4d2
more efficient querying of numeric storage ids 2016-09-07 17:22:40 +02:00
Morris Jobke 05580f0242
Fix updater URL 2016-09-07 16:51:25 +02:00
Roeland Jago Douma 1d04c9e307 Merge pull request #1287 from nextcloud/correctly-remove-admin-stuff
Correctly remove admin sections and settings
2016-09-07 14:30:08 +02:00
Roeland Jago Douma 240798329d
Set proper content type on OCS responses 2016-09-07 10:55:56 +02:00
Joas Schilling 7c0951244a
Deprecate getEditionString() 2016-09-06 16:05:28 +02:00
Morris Jobke b6bdf81d55 Merge pull request #1275 from nextcloud/OCS_forward_headers_cleanup
Internal OCS Controller cleanup
2016-09-06 14:46:05 +02:00
Joas Schilling 43ff2f05fd
Correctly remove admin sections and settings 2016-09-06 14:37:09 +02:00
Morris Jobke 45a84f3623 Merge pull request #1235 from nextcloud/issue-1192-move-navigation-entries-without-order-to-the-end
Move navigation entries without order to the end
2016-09-06 14:12:01 +02:00
Roeland Jago Douma 3c55fe6bab
Split OCS version handling
This cleans up a bit the OCSController/Middleware. Since the 2 versions
of OCS differ a bit. Moved a lot of stuff internal since it is of no
concern to the outside.
2016-09-06 11:57:39 +02:00
Lukas Reschke 06fa486706 Merge pull request #1158 from nextcloud/cache_avatars
Cache avatars
2016-09-05 15:08:43 +02:00
Joas Schilling 12736a3592 Merge pull request #1271 from nextcloud/fix-docs-for-notifications
Null !== void, those methods are void
2016-09-05 14:16:45 +02:00
Joas Schilling fb04c56827
Null !== void, those methods are void 2016-09-05 13:00:56 +02:00
Joas Schilling db6a3367ad Merge pull request #1259 from nextcloud/language_order
ACCEPT_LANGUAGE goes before default_langauge
2016-09-05 12:37:44 +02:00
Marius Blüm f8eb7be7b1 Merge pull request #1171 from nextcloud/2fa-backup-codes
add 2fa backup codes app
2016-09-05 12:17:29 +02:00
Roeland Jago Douma 7fb88ec506
Use proper ALTER ROLE syntax
Fixes #1260

See https://www.postgresql.org/docs/9.0/static/sql-alterrole.html
2016-09-05 10:45:11 +02:00
Joas Schilling 24d90a4bb1
Correctly remove the charset from finfo mimetype 2016-09-05 09:48:22 +02:00
Christoph Wurst 8acb734854
add 2fa backup codes app
* add backup codes app unit tests
* add integration tests for the backup codes app
2016-09-05 08:51:13 +02:00
Roeland Jago Douma 0228bc6e66
ACCEPT_LANGUAGE goes before default_langauge
See https://github.com/nextcloud/server/issues/970

Before we had

1. Users settings in personal settings
2. Admins default language settings
3. Accept-Language settings of the browser

However this is not in line with
https://www.w3.org/International/questions/qa-lang-priorities

So this changes the order to

1. Users settings in personal settings
3. Accept-Language settings of the browser
2. Admins default language settings
2016-09-04 13:19:40 +02:00
Roeland Jago Douma 7e13db9952 Merge pull request #1225 from nextcloud/allow-to-validate-password-policy
Allow to validate the password_policy app
2016-09-02 21:02:59 +02:00
Joas Schilling b072c6c943
Move navigation entries without order to the end 2016-09-02 09:11:58 +02:00
Roeland Jago Douma 7f84f05e4d
Cache parsing of info.xml 2016-09-02 09:03:09 +02:00
Morris Jobke 7ffed2deae Merge pull request #1221 from nextcloud/proper_204_304_response
No body or content-length for 204 and 304 responses
2016-09-01 15:04:09 +02:00
Joas Schilling d3f82356bb Merge pull request #1227 from nextcloud/improve-tests
Improve tests
2016-09-01 14:02:04 +02:00
Morris Jobke 7f8c5ed497
Activate APCu on PHP 7
Fix an issue with APCus inc and dec methods on PHP 7

see https://github.com/krakjoe/apcu/issues/183#issuecomment-244038221 for details
2016-09-01 12:30:05 +02:00
Morris Jobke a3c1d74829
Remove unneeded Windows logic 2016-09-01 10:47:57 +02:00
Joas Schilling de96c5b17b
Allow to validate the password_policy app 2016-09-01 10:18:00 +02:00
Roeland Jago Douma 21a87d3c2e
No body or content-length for 204 and 304 responses
See: https://tools.ietf.org/html/rfc7230#section-3.3
2016-08-31 23:07:48 +02:00
Joas Schilling f9cea0b582 Merge pull request #797 from nextcloud/only-match-for-auth-cookie
Match only for actual session cookie
2016-08-31 15:59:16 +02:00
Roeland Jago Douma a0af513a4a Merge pull request #1201 from nextcloud/usermountcache-orphanedshare
[master] Usermountcache orphanedshare
2016-08-31 15:07:13 +02:00
Joas Schilling e4311a2ebd Merge pull request #608 from nextcloud/small-encryption-improvement
skip shared files, if files get decrypted only for a specific user we…
2016-08-31 12:30:37 +02:00
Vincent Petry 669b0bc2ae
Prevent error with orphaned shares when updating user mount cache 2016-08-30 19:49:23 +02:00
Lukas Reschke 57f9117843 Merge pull request #1087 from nextcloud/get-delay-twice
dont get bruteforce delay twice
2016-08-30 18:43:01 +02:00
Roeland Jago Douma 83490e90ef Merge pull request #1089 from nextcloud/allow-to-prevent-previews
Check if the file isReadable() before sending a (cached) preview
2016-08-30 11:33:48 +02:00
Roeland Jago Douma 14136295b7
Cache avatars properly
* Set proper caching headers for avatars (15 minutes)
* For our own avatar use some extra logic to invalidate when we update
2016-08-30 09:00:16 +02:00
Morris Jobke 4afe4bda26 Merge pull request #891 from nextcloud/us_25810
[OC] Fix unmerged shares repair targetdecision
2016-08-30 08:22:34 +02:00
Roeland Jago Douma 7c7f862712 Merge pull request #1142 from nextcloud/fix-case-sensitive-settings
Fix issues where some user settings cannot be loaded when the user id…
2016-08-29 19:56:35 +02:00
Roeland Jago Douma 39749c0cd4 Merge pull request #1139 from nextcloud/clean-code-image
Some cleanup within OC_Image (#25875)
2016-08-29 19:56:16 +02:00
Thomas Müller 82e8762c84
Fix issues where some user settings cannot be loaded when the user id differs in case sensitivity - fixes #25684 (#25686) 2016-08-29 14:33:16 +02:00
Thomas Müller df1cc94c23
Some cleanup within OC_Image (#25875) 2016-08-29 14:31:59 +02:00
Jörn Friedrich Dreyer d5518735c9
always return numeric storage id as int, also check type equality in test asserts 2016-08-29 14:20:51 +02:00
Robin Appelman 6c93fe08f5 dont get bruteforce delay twice 2016-08-29 13:36:49 +02:00
Joas Schilling f41c8c0089
Check if the file isReadable() before sending a (cached) preview 2016-08-29 10:58:57 +02:00
Lukas Reschke 25f1fdb275 Merge pull request #847 from nextcloud/quota-mount-in-homefolder
fix quota calculation when a filesystem is mounted in a user home
2016-08-28 15:05:46 +02:00
Raghu Nayyar 9dc23592c3 Merge pull request #1105 from nextcloud/usermenu-ordering
fix ordering of user menu entries
2016-08-28 10:30:16 +02:00
Lukas Reschke 4d85ffc27c Merge pull request #1054 from nextcloud/less-cache-hits
Reduce the number of cache operations for dav operations
2016-08-27 22:44:29 +02:00
Jan-Christoph Borchardt 0517f41b3f fix ordering of user menu entries 2016-08-27 22:42:08 +02:00
Joas Schilling 89c78bbce4 Merge pull request #1031 from nextcloud/2fa-infinite-redirect-loop
prevent infinite redirect loops if the there is no 2fa provider to pass
2016-08-26 16:03:05 +02:00
Roeland Jago Douma 53725d4d15 Merge pull request #771 from nextcloud/theming-fixes
Theming: Fix missing color usage
2016-08-26 15:02:21 +02:00
Lukas Reschke de6ab82766 Merge pull request #1080 from nextcloud/always_lazyroot
Always use the LazyRoot
2016-08-26 13:18:01 +02:00
Roeland Jago Douma f805aff67c
Always use the LazyRoot 2016-08-26 12:13:34 +02:00
Julius Haertl fdab008231
Remove internal from getThemingDefaults 2016-08-26 12:07:52 +02:00
Roeland Jago Douma 044d7c3bb7 Merge pull request #1026 from nextcloud/theming-extend-defaults
Theming: Add logo and background to ThemingDefaults
2016-08-26 11:53:24 +02:00
Robin Appelman fb88d66857 optimize getUserFolder for the common case 2016-08-25 17:22:25 +02:00
Robin Appelman 2693ae870e cache user folders 2016-08-25 17:22:25 +02:00
Robin Appelman b2d365734a cache root id in mountpoint 2016-08-25 17:22:25 +02:00
Joas Schilling 680d7f22bb Merge pull request #1036 from nextcloud/query-logger-stack
add stacktrace to query logger
2016-08-25 16:43:08 +02:00
Robin Appelman 1c3b1e5797 add stacktrace to query logger 2016-08-24 14:37:15 +02:00
Roeland Jago Douma 4e1d501696
Dark autoloader magic for ThemingDefaults 2016-08-24 13:22:21 +02:00
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Joas Schilling c7c53aefb2
Use the lazy root to make tests pass 🙈 2016-08-24 09:52:05 +02:00
Julius Haertl 80fe499707
Theming: Add logo and background to ThemingDefaults 2016-08-24 00:40:22 +02:00
Lukas Reschke 2f1b17d44a Merge pull request #1007 from nextcloud/shared-storage-non-recursive
Fix shared storage recursive setup
2016-08-23 22:15:38 +02:00
Robin Appelman a0c2342c20 prevent infinite recursion while getting storage from mount 2016-08-23 14:52:18 +02:00
Lukas Reschke 3ed102497e Merge pull request #995 from nextcloud/workflow-section
Workflow section + hidden empty sections
2016-08-23 11:20:43 +02:00
Lukas Reschke 0747e96b9c
Cache registered autoloaders
This saves more than 20ms (!) on every request, the previous problem was that `\OC_App::registerAutoloading` calls `\OC\AppFramework\App::buildAppNamespace` which parses the appinfo.xml. Since that was also called multiple times (e.g. on cloud.nextcloud.com over 200 times) that had a significant performance impact. Also on simple PROPFIND requests.

https://blackfire.io/profiles/compare/65a53e6e-7f35-4974-b559-4c81abd01c3b/graph shows the difference nicely.
2016-08-22 23:49:46 +02:00
Arthur Schiwon b13092065a
hide parameters of tryLogin when logging 2016-08-22 16:45:07 +02:00
Joas Schilling 94432c089f
Save the container with the app's namespace so we can resolve it 2016-08-22 14:25:43 +02:00
Robin Appelman e316a7ade7 Allow jail wrappers to lazily initialize the source storage 2016-08-22 12:26:27 +02:00
Robin Appelman 5e44a2d868 Allow storage wrappers to lazily initialize the source storage 2016-08-22 12:23:55 +02:00
Arthur Schiwon 056c1ab035
fix wrong var name 2016-08-22 11:24:48 +02:00
Arthur Schiwon 7972fa5527
enlist only registered sections that also have settings registered to 2016-08-22 08:29:49 +02:00
Lukas Reschke d50e7ee36c
Remove reading PATH_INFO from server variable
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
2016-08-19 14:48:13 +02:00
Julius Haertl 162b153f22
Fix loading of ThemingDefaults 2016-08-19 11:26:22 +02:00
Morris Jobke 3ccd69707e Merge pull request #865 from nextcloud/ocs_config
Move OCS route /config to proper controller
2016-08-19 09:39:05 +02:00
blizzz 3b6bbf8159 Merge pull request #934 from nextcloud/add-cachebusters
Add cachebusters
2016-08-18 15:45:22 +02:00
blizzz 53d3c8b635 Merge pull request #931 from nextcloud/replace-hardcoded-classname
let the containers resolving capabilities find and instantiate the ri…
2016-08-18 14:03:14 +02:00
Lukas Reschke 3c7d2544b9
Add cache buster to left menu bar 2016-08-18 12:34:55 +02:00
Arthur Schiwon f86b20776a
let the containers resolving capabilities find and instantiate the right service 2016-08-18 11:56:19 +02:00
Joas Schilling 3dba40db7b
Fix "Undefined index" when the values do not exist 2016-08-18 11:53:26 +02:00
Roeland Jago Douma 3a17fabd04
Remove unused private classes 2016-08-18 09:37:11 +02:00
Lukas Reschke 5aaa065d6d Merge pull request #848 from nextcloud/public-link-quota
fix getting quota for public links with quota_include_external_storage
2016-08-17 20:13:56 +02:00
Roeland Jago Douma fe80bb1aff Merge pull request #867 from nextcloud/notification-primary-action-always-first
Make sure the primary action is always the first one
2016-08-17 19:31:14 +02:00