Commit Graph

9861 Commits

Author SHA1 Message Date
Jenkins for ownCloud 933ac14b76 [tx-robot] updated from transifex 2015-08-28 01:55:25 -04:00
Jenkins for ownCloud 46978b616c [tx-robot] updated from transifex 2015-08-27 01:55:20 -04:00
Lukas Reschke 3d2ee95f1e Remove last occurence of `forcessl`
This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
2015-08-26 14:29:36 +02:00
Thomas Müller 40203d7d1e Remove languages which are no longer maintained on transifex 2015-08-26 12:19:24 +02:00
Jenkins for ownCloud 90e11ee005 [tx-robot] updated from transifex 2015-08-26 04:10:42 -04:00
Thomas Müller 749e3d5219 Merge pull request #18553 from owncloud/write-l10n-on-login
Save detected l10n of browser on login
2015-08-26 08:44:25 +02:00
Thomas Müller 534b2e407a Merge pull request #17662 from owncloud/locking-db
Database backend for locking
2015-08-26 03:56:37 +02:00
Morris Jobke e9241fcd8c Merge pull request #18562 from owncloud/explicit-use-statuscode-200
Explicitly specify status code 200 as response code
2015-08-25 22:02:27 +02:00
Jenkins for ownCloud 2171cc02c3 [tx-robot] updated from transifex 2015-08-25 12:39:10 -04:00
Lukas Reschke f3561e2349 Explicitly specify status code 200 as response code
Potentially fixes https://github.com/owncloud/core/issues/17586
2015-08-25 18:07:40 +02:00
Morris Jobke 4f13f96981 Save detected l10n of browser on login
* fixes owncloud/activity#373
2015-08-25 15:47:31 +02:00
Thomas Müller 6f6a5f6c29 Adding path to log message 2015-08-25 14:31:21 +02:00
Thomas Müller 2f86be9ced Merge pull request #18523 from owncloud/crazy-scanner
Prevent bkg scanner going crazy with unavailable storages (ajax/scan.php)
2015-08-25 09:23:42 +02:00
Vincent Petry fe575feca8 Prevent scanner going crazy with unavailable storages 2015-08-24 16:42:53 +02:00
Morris Jobke e88b380973 Remove DEBUG constant and use config value
* introduces config.php option 'debug' that defaults to false
* migrate DEBUG constant to config value
2015-08-24 15:14:05 +02:00
Lukas Reschke bd13126a80 Fix master again
Caused due to merge of two PRs
2015-08-24 12:19:03 +02:00
Morris Jobke b3495a1dc9 Merge pull request #18482 from owncloud/encrypt-session-data
Add a session wrapper to encrypt the data before storing it on disk
2015-08-24 12:10:15 +02:00
Vincent Petry fe568ab64d Merge pull request #18486 from owncloud/use-client-service-to-work-behind-proxy
Use client service to work behind proxy for checks for remote ownCloud instances
2015-08-24 11:05:14 +02:00
Vincent Petry 31d62c10bf Merge pull request #17501 from tbartenstein/patch-1
Update fileinfo.php
2015-08-24 09:57:27 +02:00
Morris Jobke 40b1054530 Merge pull request #18254 from owncloud/mitigate-breach
Add mitigation against BREACH
2015-08-24 09:14:27 +02:00
Lukas Reschke 0a1d551090 Use IClientService to check for remote ownCloud instances
1. Allows to set a timeout (though still not perfect but way better than before)
2. Allows to have unit tests
3. I also added unit tests for the existing controller code
4. Corrected PHPDoc on IClient
2015-08-22 14:39:43 +02:00
Lukas Reschke 6a3fb0d3b3 Handle failures gracefully, remove switch 2015-08-21 19:16:28 +02:00
Joas Schilling 36eef2ddab Add a session wrapper to encrypt the data before storing it on disk 2015-08-21 17:59:23 +02:00
Morris Jobke ac086a11c1 Merge pull request #18426 from owncloud/joblist-next-non-existing
handle non existing job classes in $jobList->getNext
2015-08-21 10:34:33 +02:00
Joas Schilling 9573d7d60d Merge pull request #18372 from owncloud/issue-18358-object-type-and-id-for-activities
Issue 18358 object type and id for activities
2015-08-20 15:53:36 +02:00
Joas Schilling c58316b1ae Expand the doc blocks on the new methods 2015-08-20 15:35:24 +02:00
Morris Jobke d725de505e Merge pull request #18439 from owncloud/fix-appmanagement-install
[app management] fix dependency check on install
2015-08-20 13:26:55 +02:00
Joas Schilling 6697844c01 Remove unnecessary code 2015-08-20 13:10:11 +02:00
Morris Jobke 06d8edd963 Merge pull request #17434 from owncloud/update-showappnameonappupdate
Display app names in update page for app updates
2015-08-20 11:50:01 +02:00
Vincent Petry a2674b2b30 Additions to update page
Apps to update and to disable will always be shown.
Main title changes only when apps need updated, not core.
Added bullet style.
Exclude incompatible apps from updated apps list.
2015-08-20 11:14:30 +02:00
Joas Schilling 389a32e92a Add test coverage for Activity Event and Manager 2015-08-20 10:25:49 +02:00
Morris Jobke 29decf698c [app management] fix dependency check on install 2015-08-19 21:32:56 +02:00
Morris Jobke b3356b1288 Merge pull request #18432 from owncloud/ext-backends.simple
Migrate simple external storage backends to new registration API [part 1]
2015-08-19 20:04:20 +02:00
Thomas Müller 313cb092f9 Merge pull request #18427 from owncloud/fix-format-ocs
Fix format of log/private/ocs.php
2015-08-19 19:09:32 +02:00
Vincent Petry b919ae96f0 Display app names in update page for app updates
Whenever the update page is displayed for apps, show app names instead
of the core update text.
2015-08-19 18:03:35 +02:00
Joas Schilling 4314c8fc6f Use an IEvent object instead of a huge parameter list 2015-08-19 17:44:57 +02:00
Joas Schilling bc2aa14849 Extend the interfaces IManager and IConsumer to allow passing in the object 2015-08-19 17:44:57 +02:00
Robin McCorkell 3b27603762 Revert "Fix mounting wrapped storages resulting in many-layered wrapping"
This reverts commit 75a5e6e12b.
2015-08-19 14:41:43 +01:00
Robin McCorkell 3bb793b6a7 Implement password authentication mechanisms
Introduces the basic password authentication mechanism, along with a
mechanism based on ownCloud credentials stored in the user session.

Change to lib/private is an extension of PermissionsMask, as
isSharable() override was missing.

Session credentials auth mechanism now disables sharing on applied
storages, as credentials will not be available.
2015-08-19 14:20:09 +01:00
Lukas Reschke 40b87b1394 Add warning for not existing CA bundle when updating
For newer releases we shall use an integrity check. But that's a good alternative for now.
2015-08-19 15:03:33 +02:00
Morris Jobke 8fbb0c7b49 Fix format of log/private/ocs.php
Fixes https://github.com/owncloud/core/pull/14314#discussion_r37305256
2015-08-19 14:21:10 +02:00
Robin Appelman beaef820cf handle non existing job classes in $jobList->getNext 2015-08-19 14:16:05 +02:00
Morris Jobke 127b6e2f3f Merge pull request #18374 from owncloud/router-apps
Only load app routes if the app has already been loaded [re-merge]
2015-08-19 09:52:09 +02:00
Bernhard Posselt 66d8476e9e Merge pull request #14314 from owncloud/clean-up-ocs-code
Cleanup OCS code
2015-08-18 16:47:53 +02:00
Robin McCorkell 1c26755686 Only load app routes if the app has already been loaded 2015-08-18 09:18:36 +01:00
Robin McCorkell 675d852c7d Merge pull request #17182 from owncloud/user_ini_upload_size
Update .user.ini when setting upload size limit
2015-08-17 13:27:47 +01:00
Morris Jobke 24e20a51eb Degrade log message about missing app in appstore to debug
* fixes #18154
2015-08-17 11:27:41 +02:00
Thomas Müller 0b64268910 Adding EventDispatcher to IServerContainer 2015-08-14 15:40:15 +02:00
Lukas Reschke a7e4785be9 Cleanup OCS code
This removes unused code from `OC_OCS` which nobody understood what it really was for anyways.
2015-08-14 13:42:56 +02:00
Lukas Reschke 8313a3fcb3 Add mitigation against BREACH
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00