mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
33,400 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

5995 Commits

Author SHA1 Message Date
Lukas Reschke 96c2b0de66
Use proper certificates 
Ports bcf693539b
 2016-07-21 01:35:19 +02:00
Lukas Reschke 9a1ff29351
Use proper documentation links 
Since it is just faking the 10 we need to hardcode this here...
 2016-07-21 00:36:52 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler 
Implement brute force protection
 2016-07-21 00:31:02 +02:00
Lukas Reschke c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke adf67fac96
JSON encode the values 2016-07-20 22:47:33 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection 
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
 2016-07-20 22:08:56 +02:00
Lukas Reschke 020a2a6958 Merge pull request #476 from nextcloud/port-same-site-cookies 
[master] Port Same-Site Cookies to master
 2016-07-20 21:35:02 +02:00
Lukas Reschke a17ba2f488 Merge pull request #466 from nextcloud/escape-special-characters 
Escape special characters (#25429)
 2016-07-20 21:24:19 +02:00
Roeland Jago Douma ea47974a08
Add OCSMiddleware to catch OCS exceptions 
* OCSException
* OCSBadRequestException
* OCSForbiddenException
* OCSNotFoundException
 2016-07-20 20:03:49 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master 
Fixes https://github.com/nextcloud/server/issues/50
 2016-07-20 18:37:57 +02:00
Morris Jobke e9c85e02ac Merge pull request #462 from nextcloud/master-explode 
[master] Use explode() instead of split()
 2016-07-20 18:31:11 +02:00
Björn Schießle 7cdf6402ff Merge pull request #472 from nextcloud/show-app-name-in-errormsg 
Show app name in error message if app could not be loaded. (#25441)
 2016-07-20 18:20:49 +02:00
Morris Jobke 1264e9644f Merge pull request #402 from nextcloud/smb-notifications 
smb update notifications
 2016-07-20 16:19:21 +02:00
Klaas Freitag 99316ec02c
Show app name in error message if app could not be loaded. (#25441) 2016-07-20 15:16:16 +02:00
Aaron Wood 7c0de08cc4
Escape special characters (#25429) 
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
 2016-07-20 14:46:47 +02:00
Lukas Reschke 4f90447150
[master] Use explode() instead of split() 
Sync from https://github.com/owncloud/core/pull/25488
 2016-07-20 14:36:39 +02:00
Björn Schießle 8735a05d93 Merge pull request #441 from nextcloud/fix-maintenance-mode 
Fix maintenance mode
 2016-07-19 16:59:24 +02:00
Roeland Douma 13a25535d2 Merge pull request #400 from nextcloud/ocs_appframework 
OCS routes use AppFramework
 2016-07-19 12:21:14 +02:00
Morris Jobke 544c3c1565 Merge pull request #436 from nextcloud/public-regex-to-match-our-clients 
Copy the regexes to the public interface
 2016-07-19 11:35:10 +02:00
Joas Schilling 80168613be
Fix maintenance mode 
When the server is in maintenance mode, apps are not loaded.
That means apps/theming/ is not in the allowed paths. So we
need to check without autoloading, whether the class exists.
 2016-07-19 09:54:42 +02:00
Björn Schießle ea470f8777 Merge pull request #405 from nextcloud/theming-fixes 
Theming fixes
 2016-07-18 15:59:47 +02:00
Joas Schilling b1d652e8b0
Copy the regexes to the public interface 2016-07-18 15:11:44 +02:00
Joas Schilling 9781312648
Prevent syntax error when creating user or changing password 2016-07-18 11:44:10 +02:00
Roeland Jago Douma 0bda09236e
Add route tests 2016-07-18 11:09:49 +02:00
Roeland Jago Douma 94cd83ca00
Make the router handle OCS AppFramework Routes 2016-07-18 11:09:04 +02:00
Roeland Jago Douma 1ff4b7f63d
Allow registering of OCS routes with the appframework 2016-07-18 11:09:04 +02:00
Morris Jobke 5157c5a9c4 Merge pull request #418 from nextcloud/remove_asset_pipeline 
Remove asset pipelin
 2016-07-18 09:44:35 +02:00
Roeland Jago Douma 72464f1ce4
Remove asset pipelin 
Fixes #215

The asset pipeline has shown to do more harm than good. Some apps fail
hard with it. Also it makes sure that you download a huge file on each
unvisited page.
 2016-07-15 20:14:11 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Robin Appelman 29eeeb2273 Save the files external mount id in the mount cache table 2016-07-13 16:34:08 +02:00
Robin Appelman e5d7612a19 dont check for pgsql extension during setup 2016-07-12 14:38:24 +02:00
Robin Appelman 7ffda5d10f use pdo for postgres setup 2016-07-12 14:38:24 +02:00
Robin Appelman 8a79d314cf Remove duplicate database connect logic in mysql setup 2016-07-12 14:38:24 +02:00
Bjoern Schiessle 7c64e1973f
add test for needsRebundling() check 2016-07-11 15:51:48 +02:00
Lukas Reschke 0c1cf5f7eb Merge pull request #347 from nextcloud/drop-windows-foo 
Remove unneeded checks if it runs on a Windows machine
 2016-07-11 13:16:03 +02:00
Joas Schilling 103417fd9c Merge pull request #350 from nextcloud/fix-check-certificate-bundles 
fix check if the certificate bundle needs to be updated
 2016-07-11 11:04:49 +02:00
Bjoern Schiessle 49cad153af
always check the mtime of the system bundle and additionally the user specific certificate bundle if a user is given 2016-07-08 18:24:37 +02:00
Morris Jobke c2d88a08b7
Remove unneeded checks if it runs on a Windows machine 
* the setup check is still there
 2016-07-08 15:55:17 +02:00
Morris Jobke 390a996297
Sanitize more config options and stack traces 2016-07-08 14:13:16 +02:00
Lukas Reschke c8ba8f637e Merge pull request #314 from jernst/master 
Allow wildcard * to be used in trusted domains
 2016-07-07 19:34:11 +02:00
Morris Jobke 2791b8f00d Revert "occ web executor (#24957)" 
This reverts commit 854352d9a0.
 2016-07-07 12:14:45 +02:00
Morris Jobke ba16fd0d33 Merge branch 'master' into sync-master 2016-07-07 11:29:46 +02:00
Johannes Ernst 66a134e69e Disallow certain malformed domain names even if they match the trusted domain expression 
Stricter checking for valid domain names
 2016-07-06 23:51:04 +00:00
Johannes Ernst 2b4ceae620 Trusted domain wildcard checking made shorter, supporting multiple * 
Added test cases
 2016-07-06 23:38:30 +00:00
Vincent Petry dc21a38a85 Use named parameter instead of direct value for system tags search param (#25380) 2016-07-06 22:39:34 +02:00
Thomas Pulzer 0638937ada Changed the input option for database-port to required when parameter was provided. 
Added casting database port to int for input sanitation in pgsql and oci connections.
 2016-07-06 11:31:28 +02:00
Thomas Pulzer d367318088 Added occ install option for database-port. 
Extended the database setup to store the database port.
Changed the PostgreSQL connection error message for clarification.
 2016-07-06 09:58:38 +02:00
Johannes Ernst 3516b58be6 Duh, no 'next' in PHP. 
Use === instead of == for extra paranoia.
 2016-07-06 04:51:49 +00:00
Johannes Ernst b1867dc8d1 Allow wildcard * to be used in trusted domains, to support setups where no reliable DNS entry is available (e.g. mDNS) or for simple-to-setup aliasing (e.g. *.example.com) 2016-07-05 18:49:18 +00:00
Thomas Müller d2d99a91a0 fix swift primary object store test (#25281) 
* Wait for socket to be open

* Fix call on null

* Allow DB access for MountProviderTest

Makes unit tests pass when using object store, since their FS access is
actually oc_filecache DB access. It is currently not possible to mock
or bypass the logic from "SharedMount::verifyMountPoint()" triggered by
this test.
 2016-07-05 08:54:51 +02:00