nextcloud

Commit Graph

Author	SHA1	Message	Date
Morris Jobke	0e2f00ec59	Get the Installer via DI Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Lukas Reschke	e1f52fc901	Stricter phan config fixes Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Morris Jobke	caa0ae94e8	Proper logging for appstore updates Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Ko-	0024b67aaf	Check that set_time_limit is not disabled before calling it Signed-off-by: Ko- <k.stoffelen@cs.ru.nl>	7 years ago
Roeland Jago Douma	02525fd98b	Move preview endpoint to controller Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	743132650a	Move to AppData Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	958c1289b1	New preview generator Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Joas Schilling	0b1fb180a5	Make AppConfig part of the public API Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Joas Schilling	f41c8c0089	Check if the file isReadable() before sending a (cached) preview	8 years ago
Roeland Jago Douma	532c0dd8ce	Kill ajax/share.php Using this file will insert invalid shares. OCS has to be used exclusively!	8 years ago
Joas Schilling	0215b004da	Update with robin	8 years ago
Joas Schilling	ba87db3fcc	Fix others	8 years ago
Lukas Reschke	aba539703c	Update license headers	8 years ago
Thomas Müller	821d8736c8	Adding progress to web upgrade	8 years ago
Thomas Müller	22db0f17a8	Fix web updater - fixes #24115	8 years ago
Christoph Wurst	b4c5a5b9bf	Merge pull request #23911 from owncloud/split-upgrade-command Move version check code out of class Updater	8 years ago
Thomas Müller	5c3183cedd	Move version check code out of class Updater	8 years ago
Thomas Müller	739dfb5c66	Suggest cli based updater in case the instance is bigger - #23913	8 years ago
Thomas Müller	4b79fb10a2	Fix verbose output of upgrade command - not progressbar in this case and the schema migration test has one progressbar now for all tables - before we had one progressbar for each table	8 years ago
Morris Jobke	1f7e02e4d4	Add detailed logs hidden and show them on request	8 years ago
Thomas Müller	1bf4c75e8b	Show individual sql schema migration steps during upgrade - on web as well as on the command line	8 years ago
Roeland Jago Douma	1db82073a4	Generate a valid URL for link notification fixes #23197 * Updated unit test	8 years ago
Lukas Reschke	933f60e314	Update author information Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)	8 years ago
Leonardo Diez	04b5956fc8	Fix on shared groups assignment.	8 years ago
Roeland Jago Douma	5f3a91536d	Remove modifying calls in ajax/share.php Those calls used the old sharing endpoint that created incompatible shares. Which eventually would lead to some weird bugs.	8 years ago
Morris Jobke	0a66734416	Revert "setting to skip migration tests by default"	8 years ago
Morris Jobke	2e444e6e37	setting to skip migration tests by default * if you install owncloud via package it is not possible to skip migration tests * this also allows to disable migration tests for an instance by default	8 years ago
Thomas Müller	682821c71e	Happy new year!	9 years ago
Björn Schießle	58b1221ad3	don't show previous log level in upgrade message	9 years ago
Thomas Müller	eebe2b9c23	User IUser::getEMailAddress() all over the place	9 years ago
Lukas Reschke	4971015544	Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates Note: The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.	9 years ago
Morris Jobke	f46d531a4f	Replace some OC_Config calls with ILogger methods	9 years ago
Lukas Reschke	a6f180f24e	Remove invalid type-cast This is an `is_array` operation and not a `in_array` one. Thus this typecast is not required. Fixes https://github.com/owncloud/core/issues/20095	9 years ago
Morris Jobke	3b249f1967	Revert "setting to skip migration tests by default" This reverts commit `7cbdd9b90b`.	9 years ago
Lukas Reschke	8f09d5b67c	Update license headers	9 years ago
Roeland Jago Douma	9071e756a1	Fix for broken ajax/share.php endpoint Even more code mess :( All tests pass again. But I'm really not happy with this endpoint.	9 years ago
Thomas Müller	f7f2a160dd	Merge pull request #19918 from owncloud/send-begin-message Update: state which step we are going to start and warn if it might b…	9 years ago
Joas Schilling	e66e67567f	Update - Only add one section for disabled apps	9 years ago
Joas Schilling	9200bbeaba	Update: state which step we are going to start and warn if it might be slow	9 years ago
Morris Jobke	b945d71384	update licence headers via script	9 years ago
Thomas Müller	d0f6bfe7b6	Merge pull request #19508 from owncloud/setting-to-skip-migration-tests setting to skip migration tests by default	9 years ago
Morris Jobke	7cbdd9b90b	setting to skip migration tests by default * if you install owncloud via package it is not possible to skip migration tests * this also allows to disable migration tests for an instance by default	9 years ago
Robin Appelman	f4d180ee5c	allow passing the fileinfo to the preview manager	9 years ago
Morris Jobke	1051a3c6f5	Change small thumbnails to 32 px * fixes #16913 * fixes issues in IE8 where the thumbnail is too big	9 years ago
Morris Jobke	5acb38b5b3	[upgrade] switch to debug logging on upgrade * resets afterwards * adds output about the previous log level	9 years ago
Thomas Müller	2c37d5f7d8	Merge pull request #13145 from owncloud/issue/11951-activity-sharing-email Publish an activity when sending a share link via email	9 years ago
Morris Jobke	6636605ea6	Add option to disable autocomplete in share dialog	9 years ago
Joas Schilling	2e1cfe03e9	Publish an activity when sending a share link via email	9 years ago
Robin Appelman	0f6df2e0b6	Allow creating previewss that cover the specified dimensions	9 years ago
Vincent Petry	ce6045f84b	Properly show update exception	9 years ago
Vincent Petry	90ed32ebc5	Properly show token errors in ajax/update.php event source	9 years ago
Roeland Douma	695af190f6	Merge pull request #17565 from owncloud/fix/remote_share allow remote shares for users with email as usernames	9 years ago
Felix Böhm	c9917e4cd6	allow remote shares for users with email as usernames	9 years ago
Vincent Petry	a64652e12a	Remove 3rd party text for disabled apps on update	9 years ago
Thomas Müller	d3ac73c0c9	Remove OC_Log	9 years ago
Lukas Reschke	d1f0ff372e	Merge pull request #17163 from owncloud/update-licenses Update license headers	9 years ago
Björn Schießle	b318b9cf17	Merge pull request #17008 from owncloud/fix-17006 Improve splitting of username and remote adress when username contains an `@`	9 years ago
Thomas Müller	6c3a4282e5	Merge pull request #17165 from owncloud/federated_cloud_sharing_search_address_book Search address book for federated cloud id	9 years ago
Roeland Jago Douma	27d5838fb7	Fix for #17178 If no array of arrays is submitted make sure we still keep $sharedUsers and $sharedGroups as arrays so the rest of the code keeps functioning as it should.	9 years ago
Morris Jobke	f63915d0c8	update license headers and authors	9 years ago
Bjoern Schiessle	f9dcb559e9	search address book for federated cloud id	9 years ago
Joas Schilling	738b78f1b0	Use \OC\HintException and translate the hint	9 years ago
Thomas Müller	739c3f01aa	Merge pull request #16434 from owncloud/persist-maintenance-state Persist the state of the maintenance after an upgrade	9 years ago
Morris Jobke	064f5204cc	Persist the state of the maintenance after an upgrade * if maintenance mode was enabled before an upgrade it will be enabled afterwards too * fixes #16429	9 years ago
Craig Morrissey	ca341a8d59	add support for limit request parameter to getShareWith	9 years ago
Morris Jobke	fbba7a61cb	Use internally \OCP\ILogger instead of \OC\Log * this is the preparation for some upcoming logger related changes * also fixes an issue in the public interface where we request an internal class as parameter	9 years ago
Lukas Reschke	e3ad99d252	Add "Reply-To" support to sharing mails and refactor code	9 years ago
Thomas Müller	20eaadd72b	Merge pull request #15182 from rullzer/fix-8231 ajax/share.php should return correct list of suggestions	9 years ago
Morris Jobke	bf17ac929d	Merge pull request #15169 from rullzer/fix_displayNamesInGroup Groupmanagers displayNamesInGroup should actually search in displaynames	9 years ago
Jenkins for ownCloud	b585d87d9d	Update license headers	9 years ago
Roeland Jago Douma	9c19a5dbcc	Make sure we do not return people that we already shared with We should use the provided list of users and groups that we already shared with to filter suggestions.	9 years ago
Roeland Jago Douma	4163a5efad	Call the proper function * Fix for #6967	9 years ago
Joas Schilling	4c4c0fa120	Use the PreviewManager where possible	9 years ago
Morris Jobke	ad97ceb787	Merge pull request #13513 from owncloud/repair-legacystoragenofatalfail Do not abort when meeting unfixable legacy storages	9 years ago
Lukas Reschke	c0a02f1615	Verify CSRF token already in update.php and not the EventSource code Issue report: > Hum, well I upgraded the package then visited the web interface to trigger the update and it failed; the UI would say there was a possible CSRF attack and after that it'd be stuck in maintenance mode. Tried a few times (by editing maintenance to false in owncloud.conf) and same result each time. That smells partially like an issue caused by our EventSource implementation, due to legacy concerns the CSRF verification happens within the EventSource handling and not when the actual endpoint is called, what happens here then is: 1. User has somehow an invalid CSRF token in session (or none at all) 2. User clicks the update button 3. Invalid CSRF token is sent to update.php - no CSRF check there => Instance gets set in maintenance mode 4. Invalid CSRF token is processed by the EventSource code => Code Execution is stopped and ownCloud is stuck in maintenance mode I have a work-around for this problem, basically it verifies the CSRF token already in step 3 and cancels execution then. The same error will be shown to the user however he can work around it by refreshing the page – as stated by the error. I think that’s an acceptable behaviour for now: INSERT LINK To verify this test: 1. Delete your ownCloud cookies 2. Increment the version in version.php 3. Try to upgrade => Before the patch: Instance shows an error, is set to upgrade mode and a refresh does not help => After the patch: Instance shows an error, a refresh helps though. This is not really the best fix as a better solution would be to catch such situations when bootstrapping ownCloud, however, I don’t dare to touch base.php for this sake only, you never know what breaks then… That said: There might be other bugs as well, especially the stacktrace is somewhat confusing but then again it installing ownCloud under /usr/share/owncloud/ and I bet that is part of the whole issue ;-)	9 years ago
Vincent Petry	22bc37cb82	Properly forward repair errors and warnings This makes repair errors and warnings visible for the user when upgrading on the command line or in the web UI.	9 years ago
Morris Jobke	06aef4e8b1	Revert "Updating license headers" This reverts commit `6a1a4880f0`.	9 years ago
Thomas Müller	bbf7f56f94	3rd-party apps are disabled on upgrade - refs #14026	9 years ago
Jenkins for ownCloud	6a1a4880f0	Updating license headers	9 years ago
Lukas Reschke	a7df23ceba	Manually type-case all AJAX files This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈 Fixes https://github.com/owncloud/core/issues/14196 for core	9 years ago
Morris Jobke	ce47065d8f	kill ancient code	10 years ago
Lukas Reschke	ceaaab6295	Verify whether type is correct `$this->info` can very well contain an empty array or possibly other values. This means that when this code path is called a PHP Fatal error might get thrown which is not what we want.	10 years ago
Morris Jobke	bfb6e350d5	Merge pull request #13016 from owncloud/sharing_fixes don't delete share table entries for the unique name if re-share permission was removed	10 years ago
Bjoern Schiessle	e9e7ee67d3	shareType and permissions are integers	10 years ago
Jörn Friedrich Dreyer	d3662722f6	new OC.Search, add search result formatters and handlers, use full content width for results	10 years ago
Bjoern Schiessle	24993280ed	Next step in server-to-server sharing next generation, see #12285 Beside some small improvements and bug fixes this will probably the final state for OC8. To test this you need to set up two ownCloud instances. Let's say: URL: myPC/firstOwnCloud user: user1 URL: myPC/secondOwnCloud user: user2 Now user1 can share a file with user2 by entering the username and the URL to the second ownCloud to the share-drop-down, in this case "user2@myPC/secondOwnCloud". The next time user2 login he will get a notification that he received a server-to-server share with the option to accept/decline it. If he accept it the share will be mounted. In both cases a event will be send back to user1 and add a notification to the activity stream that the share was accepted/declined. If user1 decides to unshare the file again from user2 the share will automatically be removed from the second ownCloud server and user2 will see a notification in his activity stream that user1@myPC/firstOwnCloud has unshared the file/folder from him.	10 years ago
Victor Dubiniuk	c9fd3c9d29	Inject config	10 years ago
Victor Dubiniuk	303fce44f4	Use httphelper and cache response even when it empty	10 years ago
Thomas Müller	a589d61b78	in case a translation javascript is not found we no longer bail out remove translation.php	10 years ago
Thomas Müller	d9907b6fa3	move some deprecated usage of OC_Config and OC_AppConfig to \OC::server	10 years ago
Lukas Reschke	ba2472575f	Close the session for preview generation Without closing the session every preview image generation is locking the session which makes the webinterface unresponsive.	10 years ago
Lukas Reschke	fa096217b1	Merge pull request #9512 from libasys/patch-2 Fix use Sharing Api with calendar	10 years ago
Lukas Reschke	70abce0482	Merge pull request #10739 from owncloud/eventsource-public Add EventSource to the public API	10 years ago
Robin Appelman	fa3393674c	Better phpdoc and method naming	10 years ago
Robin Appelman	65608d7c92	Use the public api to get event sources	10 years ago
Vincent Petry	e05b95636b	Fix upgrade process when apps enabled for specific groups Fix issue where the currently logged user was causing side-effects when upgrading. Now setting incognito mode (no user) on update to make sure the whole apps list is taken into account with getEnabledApps() or isEnabled().	10 years ago
Robin Appelman	d0266c0bf8	Use public api for getting l10n	10 years ago
Lukas Reschke	4aca46046b	Add require_once to update.php due to routing Fixes https://github.com/owncloud/core/issues/10585 Partially reverts `52d5429768`	10 years ago
blizzz	52d5429768	Merge pull request #10522 from owncloud/removeLoadAppScript Remove loadAppScriptFile	10 years ago

1 2 3 4 5 ...

337 Commits (master)