Commit Graph

27109 Commits

Author SHA1 Message Date
Thomas Müller decdaf0018 Merge pull request #19024 from owncloud/remove-get_temp_dir
Remove get_temp_dir()
2015-09-15 14:18:29 +02:00
Thomas Müller 474f13c9d6 Merge pull request #19041 from owncloud/issue-19007-parameter-name
Fix parameter name to match the specs
2015-09-15 14:15:46 +02:00
Lukas Reschke 2f4a1c9c2c Merge branch 'master' into dont-add-requestheaders-for-cross-domain-requests 2015-09-15 14:04:40 +02:00
Lukas Reschke 7953cc9494 Function does return void
This function does return void and not a bool.
2015-09-15 14:02:10 +02:00
Thomas Müller e82a225d04 Merge pull request #18964 from owncloud/availability-integer
Use integer for availability instead of bool
2015-09-15 13:24:55 +02:00
Thomas Müller b6fe5b6f3c Merge pull request #19039 from owncloud/setup-autoloader-earlier
Define allowed app roots earlier
2015-09-15 13:24:35 +02:00
Joas Schilling 665716095b Fix parameter name to match the specs 2015-09-15 12:14:14 +02:00
Lukas Reschke 8e1b403b16 Catch apps which have been removed manually 2015-09-15 12:10:23 +02:00
Lukas Reschke 4680691ca6 Define allowed app roots earlier
The autoloader needs to be run before including the app.php, otherwise it depends on what app gets executed first and apps that rely on the dependency of other apps in app.php may break.
2015-09-15 12:10:23 +02:00
Thomas Müller 1d315512ea Merge pull request #19029 from owncloud/allow-tests-folder-in-autoloader
Allow /tests folder in autoloader by default
2015-09-15 12:06:45 +02:00
Lukas Reschke f2d63d3518 Disable automatic evaluation of responses
If a response to a $.ajax() request returns a content type of "application/javascript"
JQuery would previously execute the response body. This is a pretty unexpected
behaviour and can result in a bypass of our Content-Security-Policy as well as
multiple unexpected XSS vectors.
2015-09-15 11:42:13 +02:00
Lukas Reschke cd90685af1 Do not add sensitive request headers for cross domain requests
Prevents leaking the CSRF token to another third-party domain by mistake.
2015-09-15 11:42:13 +02:00
Robin McCorkell f8619870ea Remove get_temp_dir() 2015-09-15 11:33:25 +02:00
Lukas Reschke 65ebba44ce Allow /tests folder in autoloader by default
Given the fact that "/tests" is not shipped by default and this has broken some applications and frustrated quite some people we should add "/tests" to the default allowed autoloading set.

I do consider the security impact marginally since the /tests folder is not shipped within the release as well as usually has a hard requirement on being called by phpunit.
2015-09-15 11:32:07 +02:00
Robin McCorkell 5ca690e2f8 Use integer for availability instead of bool 2015-09-15 10:18:32 +02:00
Jenkins for ownCloud 24d2cbf3de [tx-robot] updated from transifex 2015-09-15 01:54:50 -04:00
Robin McCorkell 35d4851af2 Merge branch 'master' into fix-app-disable-route 2015-09-14 19:50:52 +01:00
Vincent Petry d0cea82969 Fixed sidebar toggle entry
Properly highlight the row after selecting the item.
This also fixes the unit tests by changing the order of registration of
file actions.
2015-09-14 20:45:30 +02:00
Vincent Petry 8a6574e81a Keep right sidebar open, add Details action 2015-09-14 20:45:30 +02:00
Robin Appelman 688981b55c allow hook cancel 2015-09-14 20:35:33 +02:00
Robin Appelman 9202d2f45a fix chunking tests 2015-09-14 20:35:33 +02:00
Robin Appelman 75f126da49 use the correct path for cache updates when doing chunked assembly 2015-09-14 20:35:33 +02:00
Robin Appelman 80f054ddd3 also verify cache in dav upload tests 2015-09-14 20:35:33 +02:00
Robin Appelman 6386327150 work directly on storages when doing a chunked upload assembly 2015-09-14 20:35:33 +02:00
Robin Appelman b424151459 handle notfound exceptions in lock plugin 2015-09-14 20:35:33 +02:00
Robin Appelman 17b671ee25 adjust tests to handle before/after locking 2015-09-14 20:35:33 +02:00
Robin Appelman e612d3123f wrap the entire put operation in a read lock 2015-09-14 20:35:33 +02:00
Robin Appelman 209abaadbb expose locking api in sabre connector 2015-09-14 20:35:33 +02:00
Thomas Müller fb9e75edb6 Merge pull request #18973 from owncloud/try-fixing-app-config-on-oracle
Do not compare the value on Oracle
2015-09-14 17:59:52 +02:00
Robin McCorkell dad56921ae Register valid root for all installed apps in console
We need to use commands from apps that aren't enabled (so don't get loaded).
2015-09-14 16:58:25 +01:00
Nicolai Ehemann 6c6be72e6b use zipstreamer via composer 2015-09-14 15:33:28 +02:00
Joas Schilling 2d0f0e898d Only check the "was updated/inserted" when not on Oracle... 2015-09-14 15:27:06 +02:00
Lukas Reschke 4a777d686b Merge pull request #18966 from owncloud/ext-remove-numeric-id
Remove storing storage_id in mount.json
2015-09-14 15:04:23 +02:00
Roeland Jago Douma c39db52cfa Use srcset to select best avatar size
* Allow the browser to select the best available avatar for the screen
2015-09-14 12:58:45 +02:00
Nicolai Ehemann be2023dae3 lib/private/files.php: adapted to minimally changed ZipStreamer API 2015-09-14 12:57:50 +02:00
Lukas Reschke 1369525e7f Merge pull request #18982 from owncloud/fix_18878
enforce loading icon in sidebar to be 32x32
2015-09-14 12:47:53 +02:00
Björn Schießle f9b05578a6 Merge pull request #19012 from owncloud/occ_encrypt_all_fix_name
use the same pattern for the command name like every other command
2015-09-14 12:37:06 +02:00
Thomas Müller 341b733dec Merge pull request #19010 from owncloud/use-proper-web-root
Use / instead of an empty string as cookie path
2015-09-14 12:14:46 +02:00
Joas Schilling 0e805d5310 Do not compare the value on Oracle
As per docs: http://docs.oracle.com/cd/E11882_01/server.112/e26088/conditions002.htm#i1033286
> Large objects (LOBs) are not supported in comparison conditions.
2015-09-14 12:14:25 +02:00
Individual IT Services 04db96adaf Merge pull request #19006 from owncloud/individual-it-patch-1
allow ".." in folder names
2015-09-14 15:56:53 +05:45
Bjoern Schiessle 69b64b5b10 use the same pattern for the command name like every other command 2015-09-14 12:00:39 +02:00
Bjoern Schiessle 7f459c64cb check for the right user if we can change his password 2015-09-14 11:49:16 +02:00
Lukas Reschke 3adbfbfd69 Use / instead of an empty string as cookie path
When an empty string is used as cookie path PHP will assign the current directory as cookie path.

This means when an user had installed an ownCloud under "/", which is mapped to an empty string in \OC::$WEBROOT, and accessed it the cookie was set to values such as "/index.php/apps/files" since the web browser assumed this to be a directory. This means that multiple encryption cookies were set for the same domain resulting in potential havoc.

With this patch the path will be set to "/" in case an empty web root is installed which makes the cookie accessible to the whole domain.

To test this setup multiple ownCloud instances on the same domain under different ports and have both installed under "/", then try to login in both of it and previously this can in some cases lead to a lockout of the user.

Note that this affects the cookies that the browsers do sent and thus to test this you need to clear all cookies from your browser previously. I consider this an acceptable behaviour for now since this code is only in master.

Fixes https://github.com/owncloud/core/issues/18919
2015-09-14 11:22:34 +02:00
Roeland Jago Douma 1601e8acfe Added js tests for jquery.avatar
* Ceil avatar request size
2015-09-14 10:17:24 +02:00
Jenkins for ownCloud 211a243784 [tx-robot] updated from transifex 2015-09-14 01:55:35 -04:00
Individual IT Services f7e66d49fc allow ".." in folder names
".." are valid in folder names, only ".." by itself is invalid
fix for #18987
2015-09-14 10:42:00 +05:45
Robin McCorkell c15ba0d658 Merge pull request #18996 from owncloud/ext-swift-dependencycheck
Fix dependency check for Swift and SMB_OC
2015-09-13 22:41:07 +01:00
Robin McCorkell 522619f90e Fix dependency check for Swift and SMB_OC
Mistake caused during merging, where the API had changed
2015-09-13 21:41:02 +01:00
Robin McCorkell 0dc7181335 Merge pull request #18441 from owncloud/ext-backends.advanced
Migrate advanced external storage backends to new registration API [part 3]
2015-09-13 19:38:22 +01:00
Bernhard Posselt 2e7d50b723 Merge pull request #18991 from owncloud/public-resolve
Make resolve public to avoid boiler plate code
2015-09-13 18:20:35 +02:00