This PR removes phpass and migrates to the new Hasher interface.
Please notice that due to https://github.com/owncloud/core/issues/10671 old hashes are not updated but the hashes are backwards compatible so this shouldn't hurt.
Once the sharing classes have a possibility to update the passwords of single shares those methods should be used within the newHash if block.
Moved search result type translations to search.js
Load JS translations earlier
Translations need to be loaded earlier to make sure that some JS files
like search.js get access to translations at this time.
This requires the template initialization to be moved to after session
initialization, because only after the session we have access to the
current language.
Added addTranslations and fixed de.js file
Fixed de.js to use OC.L10N.register() and use to correct expected
format.
Added JS unit tests for OC.L10N class
Include translations JS script for all apps
Composer's autoloader is rather better than the OwnCloud autoloader's
handling of non-OC classes. Plus we can rely on upstream Composer to
maintain it and not worry about it ourselves.
With this change, we drop the bits of OwnCloud's autoloader that
handled non-OC classes, and register the classes that were being
handled by that code with Composer's autoloader instead. As these
dependencies are converted to actually being managed by Composer,
the explicit registrations can be dropped as they won't be needed
any more.
Since OwnCloud's autoloader isn't going to handle non-OC classes any
more, we no longer need to test to make sure it does it right.
drop unneeded registerPrefix() and registerClass() from autoloader
Now we're not handling anything but OC's own classes, these are
unnecessary.
error out if composer autoloader is not found (thanks bantu)
We're never going to be able to work without the autoloader, if it's not
there we should just throw our hands up and surrender.
This commit will make the supported DBs for installation configurable within config.php. By default the following databases are tested: "sqlite", "mysql", "pgsql". The reason behind this is that there might be instances where we want to prevent SQLite to be used by mistake.
To test this play around with the new configuration parameter "supportedDatabases".
Previously a JSON error page was shown to the user in-case the CSRF token was not valid. This was confusing and prevented people from login.
With this at least the login page is shown again and not a JSON error message. I consider this as sufficient since adding a new error page just for this sake would uneededly make lib/base.php even more cluttered and this is a edge-case which optimally should anyways not happen that often.
This can be tested by opening the login page, then clearing the cookies, and trying to login.
At the previous point not all apps were initialized. Now the basic auth check happens together at the same location as all others.
Fixes https://github.com/owncloud/core/issues/11129
Using status.php for this.
I modified status.php to also show, whether we're in maintenance.
Checks every 20 seconds if maintenance is over, if yes: reload.
handleRequest() is not called from remote.php or public.php which made these files party available but all included apps in there produced errors.
As the expected behaviour is anyways that a trusted domain warning is shown I moved this to init()
Fixes https://github.com/owncloud/core/issues/10064
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
Adds a little button to the trusted domain warning, if an admin clicks on the warning he will be redirected to ownCloud and asked whether he want to trust this domain.
By far not the cleanest code, or clean at all, but does the job and I don't see a reason to make a lot of changes for this little improvement.
Hopefully this will stop people from copying the sample config. I'm so annoyed by all those wrong bug reports...
Add some explanation about this switch
Move check to init
Users should not be able to enable debug mode on their own by setting a cookie. Using debug mode might leak too much information about the environment or have other unexpected behaviour.
We should backport this.
This `strip_tags` seems to be completely unneeded and will cause problems with passwords containing stripped characters. (e.g. `<` or `>`)
Needs https://github.com/owncloud/core/pull/9735 to be merged first.
This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way.
Port of https://github.com/owncloud/core/pull/9033
The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application.
This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app.
Testplan:
[x] Installation works
[x] Login with DB works
[x] Logout works
[x] Login with alternate backend works (tested with user_webdavauth)
[x] Other apps are accessible
[x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled)
[x] Personal settings are accessible
[x] Admin settings are accessible
[x] Sharing files works
[x] DAV works
[x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications