nextcloud

Commit Graph

Author	SHA1	Message	Date
Robin Appelman	54f96e5f58	Get the logfile location while running the logrotate cron job instead of when registering the job Signed-off-by: Robin Appelman <robin@icewind.nl>	8 years ago
Robin Appelman	5774d3e82c	replace close:// streamwrapper with CallBackWrapper Signed-off-by: Robin Appelman <robin@icewind.nl>	8 years ago
Roeland Jago Douma	73fcb69cad	Merge pull request #2934 from nextcloud/quota-stream-non-global remove the need to register the quota streamwrapper globally	8 years ago
Morris Jobke	5e02c7f7bd	Theme update pages via CSS * SCSS on-the-fly generation isn't allowed during update * fallback to plain CSS Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Roeland Jago Douma	e723363053	Remove old preview code * \OC\Preview is no more * \Test\PreviewTests is no more * PreviewHooks in base.php are gone Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Robin Appelman	bca91f2216	remove static:// stream wrapper Signed-off-by: Robin Appelman <robin@icewind.nl>	8 years ago
Robin Appelman	968de70bc5	remove the need to register the quota streamwrapper globally Signed-off-by: Robin Appelman <robin@icewind.nl>	8 years ago
Robin Appelman	5b09565594	remove no longer used fakedir stream wrapper Signed-off-by: Robin Appelman <robin@icewind.nl>	8 years ago
Morris Jobke	47646794b9	Merge pull request #2322 from nextcloud/compat-with-chrome54 Remove exception for Chrome on Mobile	8 years ago
Morris Jobke	64fb0fb3dd	Merge pull request #2276 from nextcloud/update-email-address Update email address	8 years ago
Bjoern Schiessle	0de685c562	bring back setEmailAddress for the user management Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	8 years ago
Bjoern Schiessle	3fc75073b8	update accounts table if email address or display name changes from outside Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	8 years ago
Lukas Reschke	2144a114b0	Remove exception for Chrome on Mobile This didn't really work anyways and Chrome 54 for Android has been pushed out via Google Play on October 19th. So we should remove this. This is only in master and doesn't affect any stable branch. Fixes https://github.com/nextcloud/server/issues/2318 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Lukas Reschke	a05b8b7953	Harden cookies more appropriate This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening. See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications. Fixes https://github.com/nextcloud/server/issues/1412 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Joas Schilling	6a525fadbb	Show all in one message Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Jan-Christoph Borchardt	b228ed7bef	add explanatory text of what to do on app version error Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>	8 years ago
Morris Jobke	e74c527268	Merge pull request #1973 from nextcloud/dont-disable-shipped-apps-but-throw-instead Throw an exception when a shipped app was not replaced before the update	8 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Joas Schilling	9b66e8f7d9	Throw an exception when a shipped app was not replaced before the update Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Thomas Müller	748f18f34e	Remove all unneeded set_include_path()	8 years ago
Morris Jobke	f920153f16	Throw exception because the logger causes session issues anyway that early in the request cycle Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Jörn Friedrich Dreyer	2e0e68b57f	log error when setting timezone to UTC fails (#26354 ) Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Vincent Petry	9e9fef46d9	Get rid of very old oc:// stream wrapper (#26381 )	8 years ago
Lukas Reschke	9a2511fe9b	Don't check for Same-Site cookie on Chrome Android Chrome on Android has a bug that it doesn't sent cookies with the same-site attribute for the download manager. To work around that all same-site cookies get deleted and recreated directly. Awesome! FIXME: Remove once Chrome 54 is deployed to end-users @see https://github.com/nextcloud/server/pull/1454	8 years ago
Lukas Reschke	6ac890812f	Add exemptions for incompatible UAs Some user agents are notorious and don't really properly follow HTTP specifications. For those, have an automated opt-out. Since the protection for remote.php is applied in base.php as starting point we need to opt out here.	8 years ago
Joas Schilling	7bfc698ae4	Allow to call status.php before the instance is installed	8 years ago
Robin Appelman	acffaa55a1	Short circuit processing of the heartbeat request	8 years ago
Juan Pablo Villafáñez	b50a03141b	Fix redirection taking care of protocol and port	8 years ago
Arthur Schiwon	208e551216	check registered sections and settings after an app got updated to garbage collect orphaned classes	8 years ago
Arthur Schiwon	9edca39b49	attempt to remove section and settings entries when an app got disabled	8 years ago
Morris Jobke	4277051442	Merge pull request #660 from gdamjan/custom-config-dir introduce NEXTCLOUD_CONFIG_DIR env variable (see #300)	8 years ago
Jan-Christoph Borchardt	835dc59d6a	reduce info on update screens, introduce button to refresh	8 years ago
Damjan Georgievski	982bdb1823	introduce NEXTCLOUD_CONFIG_DIR env variable (see #300 ) nextcloud by default uses the `/config/` directory in the source/application tree for its config file(s). with this commit that directory can be overridden by the `NEXTCLOUD_CONFIG_DIR` environment variable. in uwsgi, you would use the option `--env "NEXTCLOUD_CONFIG_DIR=/tmp/nx-config/"` in apache `SetENV …` and the cli command can be run with: `NEXTCLOUD_CONFIG_DIR=/tmp/nx-config ./occ` (or just use `export` once in the shell). NEXTCLOUD_CONFIG_DIR can be supplied with or without the trailing slash (`/`), but in all cases `$configDir` will have it automatically added if needed. The other changes are several occurrences of `OC::$SERVERROOT . '/config'` to `OC::$configDir`.	8 years ago
Joas Schilling	0215b004da	Update with robin	8 years ago
Joas Schilling	ba87db3fcc	Fix others	8 years ago
Lukas Reschke	c385423d10	Merge pull request #479 from nextcloud/add-bruteforce-throttler Implement brute force protection	8 years ago
Lukas Reschke	ba4f12baa0	Implement brute force protection Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)	8 years ago
Lukas Reschke	a299fa38a9	[master] Port Same-Site Cookies to master Fixes https://github.com/nextcloud/server/issues/50	8 years ago
Roeland Douma	13a25535d2	Merge pull request #400 from nextcloud/ocs_appframework OCS routes use AppFramework	8 years ago
Roeland Jago Douma	1caceea6c0	Make the OCS endpoint handle the new OCS AppFramework routes	8 years ago
Joas Schilling	2c988ecbf4	Use the themed Defaults everywhere	8 years ago
Morris Jobke	2791b8f00d	Revert "occ web executor (#24957 )" This reverts commit `854352d9a0`.	8 years ago
Morris Jobke	e3b509220b	Revert "Bypass upgrade page when occ controller is requested" This reverts commit `89e581acf8`.	8 years ago
Morris Jobke	ba16fd0d33	Merge branch 'master' into sync-master	8 years ago
Victor Dubiniuk	e38bbdc9fe	Bypass upgrade page when occ controller is requested	8 years ago
Thomas Pulzer	90b7f74da7	Changed name of default logfile from owncloud.log to nextcloud.log.	8 years ago
Lukas Reschke	7a9d60d87e	Merge remote-tracking branch 'upstream/master' into master-upstream-sync	8 years ago
VicDeo	854352d9a0	occ web executor (#24957 ) * Initial web executor * Fix PHPDoc Fix broken integration test OccControllerTests do not require database access - moch them all! Kill unused sprintf	8 years ago
Joachim Sokolowski	fa19e4c2eb	some text-changes to nextcloud	8 years ago
Arthur Schiwon	39aeebfac5	Print error message again, when 3rdparty submodule is not initialized - old code used Response which attempted to use OC::$server which is not and cannot be intialised at this part of the code.	8 years ago
Lukas Reschke	aba539703c	Update license headers	8 years ago
Joas Schilling	6222d42462	Fix class name in hook registration	8 years ago
Roeland Jago Douma	c9ad60defc	Only allow loading of legacy (lib/private/legacy) by default	8 years ago
Roeland Jago Douma	d666725fa7	Move \OCP to PSR-4	8 years ago
Vincent Petry	379be91618	Merge pull request #24597 from owncloud/run-upgrade-in-incognito-mode run upgrades in incognito mode	8 years ago
Roeland Douma	5c9103287f	Group fixup (#24621 ) * Move used OC_Group_xx to \OC\Group * Add (deprecated) legacy wrapper in legacy, OC_Group_xx * Replace deprecated use of OC_Group_xx with \OC\Group\xx	8 years ago
Christoph Wurst	8b6bb0a426	Log user out correctly if max session lifetime is reached (#24552 )	8 years ago
Christoph Wurst	3a1882b143	run upgrades in incognito mode	8 years ago
Christoph Wurst	168ccf90a6	try apache auth too	8 years ago
Christoph Wurst	d8cde414bd	token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token	8 years ago
Roeland Jago Douma	9e1d9871a8	Move OC_User_Database to \OC\User\Database	8 years ago
Joas Schilling	8668560352	Keep the composer instance so we can add psr4 paths later	8 years ago
Thomas Müller	e37b95ae53	Merge pull request #24200 from owncloud/appframework_psr4 Move \OC\AppFramework to PSR-4	8 years ago
Thomas Müller	f56be022a3	Disable web updater if ldap or shibboleth are installed - refs https://github.com/owncloud/core/issues/23913#issuecomment-213432232	8 years ago
Roeland Jago Douma	1d33a5ef13	Move \OC\AppFramework to PSR-4 * Also moved the autoloader setup a bit up since we need it in initpaths	8 years ago
Lukas Reschke	afad27fafd	Merge pull request #24075 from owncloud/no-html-on-cli In case of fatal php errors and other unhandled exceptions no html er…	8 years ago
Thomas Müller	1773dcbef2	Merge pull request #23973 from owncloud/share_move_post_delete_from_group_hook Move post_removeFromGroup to shareManager	8 years ago
Thomas Müller	c609abf075	In case of fatal php errors and other unhandled exceptions no html error page is expected to be displayed in the console	8 years ago
Lukas Reschke	8222ad5157	Move logout to controller Testable code. Yay.	8 years ago
Thomas Müller	739dfb5c66	Suggest cli based updater in case the instance is bigger - #23913	8 years ago
Lukas Reschke	17dfffefb3	Keep used username in URL This is required until the new controller can also handle POST requests	8 years ago
Lukas Reschke	331e4efacb	Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.	8 years ago
Thomas Müller	dc061bae42	Kill movable 3rdparty	8 years ago
Roeland Jago Douma	6144ced7a0	Move post_removeFromGroup to shareManager The last sharing hook to be moved over. * Added unit tests * Removed old tests that relied on old behaviour * Removed old hooks.php	8 years ago
Roeland Douma	495a964ca2	Migrate post_groupDelete hook to share manager (#23841 ) The hook now calls the share manager that will call the responsible shareProvider to do the proper cleanup. * Unit tests added Again nothing should change it is just to cleanup old code	8 years ago
Joas Schilling	8e16e7bf34	Merge pull request #23856 from owncloud/share_remove_addtogroup_hooks Remove pre/post_addToGroup hooks for shares	8 years ago
Roeland Jago Douma	3fae4c82d2	Remove pre/post_addToGroup hooks for shares There is no need to perform the checks for unique targets on add to group as we have to do this all when mounting the shares anyway.	8 years ago
Stefan Weil	b1a856d7b7	lib: Fix typos (found by codespell) Signed-off-by: Stefan Weil <sw@weilnetz.de>	8 years ago
Joas Schilling	0de15a86f0	Merge pull request #23773 from owncloud/share_move_delete_user_hook Migrate post_userDelete hook to share manager	8 years ago
Roeland Jago Douma	e0cee43cf0	Migrate post_userDelete hook to share manager This makes the post_userDelete hook call the sharemanager. This will cleanup to and from this user. * All shares owned by this user * All shares with this user (user) * All custom group shares * All link share initiated by this user (to avoid invisible link shares) Unit tests are added for the defaultshare provider as well as the federated share provider	8 years ago
Thomas Müller	1bf4c75e8b	Show individual sql schema migration steps during upgrade - on web as well as on the command line	8 years ago
Bjoern Schiessle	93ed965cbb	fix creation of versions of encrypted files on external storages in order to create a 1:1 copy of a file if a version gets created we need to store this information on copyBetweenStorage(). This allows us to by-pass the encryption wrapper if we read the source file.	8 years ago
Thomas Müller	61c5717281	Merge pull request #23463 from owncloud/lets-consistently-use-no-referer Consistently use rel=noreferrer	8 years ago
Lukas Reschke	6ad957906e	Consistently use rel=noreferrer When linking to external entities we should consistently use rel=noreferrer	8 years ago
Lukas Reschke	24abe1e1e1	Use raw PATH_INFO PATH_INFO will be empty at this point and thus the logic in base.php did not catch this. Changing this to "getRawPathInfo" will ensure that the path info is properly read. Fixes https://github.com/owncloud/core/issues/23199	8 years ago
Morris Jobke	0864851001	Replace unneded OC::needUpgrade with OCP method	8 years ago
Thomas Müller	51072f742e	Merge pull request #21582 from owncloud/core_composer Composers PSR-4 autoloader in core	8 years ago
Roeland Jago Douma	f7729cdc40	Add composers default autoloader to core This introduces the defacto standard PSR-4 autoloader from composer into core. This will allow proper PSR-4 naming of our classes. Since our original autoloader is still available we can slowly switch over classes to PSR-4.	8 years ago
Vincent Petry	12b2192038	Do not set response status in CLI in case of error	8 years ago
Arthur Schiwon	adf5d111f6	don't hide server not available exception, fixes #20536	8 years ago
Lukas Reschke	933f60e314	Update author information Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)	8 years ago
Vincent Petry	1dbe240b0e	Disable app that bricks the server after enabling If an app is getting enabled in the web UI, an ajax call is now made to make sure the server still works. If it doesn't, it sends an emergency app disabling call to disable the breaking app.	8 years ago
Joachim Bauch	0173063923	Pass checked host as "domain" variable to "untrustedDomain" template. Currently the "SERVER_NAME" is passed to the template, which in some cases doesn't match the host returned by "getInsecureServerHost" (or is empty).	8 years ago
Thomas Müller	b01d50216e	The local address book is replaced now by the system addressbook as part of the dav app	8 years ago
Lukas Reschke	f32827e903	Ignore GD JPEG warnings Fixes https://github.com/owncloud/core/issues/21873	8 years ago
Morris Jobke	06fe4cabfc	move setup controller to core/controller	8 years ago
Thomas Müller	682821c71e	Happy new year!	9 years ago
Roeland Jago Douma	876fb83ddc	getMediumStrengthGenerator is deprecated and does not do anything anymore	9 years ago
Roeland Jago Douma	1a592e5745	Only '/tests' to be autoloaded when running unit tests	9 years ago
Roeland Jago Douma	fce8c42240	OC autoloader is not allowed to load 3rdparty	9 years ago
Lukas Reschke	74876fa6e7	Remove code related to session regeneration after some time I do not really consider this necessary or a real security addition. Let's get rid of it thus, cleans up the code and makes the logic easier.	9 years ago
Lukas Reschke	a58ca89e7f	Use ISession::clear The native approach using the PHP calls will not work properly with the cryptowrapper and thus this code is effectively doing nothing at the moment.	9 years ago
Lukas Reschke	0e561afe79	Check if app does exists	9 years ago
Lukas Reschke	fec41e7539	Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.	9 years ago
Morris Jobke	6f00729124	Refactor OC_Util::callCheck	9 years ago
Morris Jobke	ed98cdf532	Use OCP\Util::getVersion instead of the internal private implementation	9 years ago
Roeland Jago Douma	6fb60815c5	Use SystemConfig internally	9 years ago
Roeland Jago Douma	0a09004d39	Inject Config into SystemConfig	9 years ago
Roeland Jago Douma	82bf99c0cf	Get rid of legacy OC_Config We were still using the lecagy class OC_Config all over the place. Which was a wrapper around the new class OC\Config	9 years ago
Roeland Jago Douma	7e44ea5da0	Remove deprecated function OC_User::getManager Private deprecated function => removed Replaced all instances with suggested replacement	9 years ago
Lukas Reschke	1f69dcb593	Use URLGenerator instead of hard-coded WEBROOT Fixes https://github.com/owncloud/core/issues/20922	9 years ago
Lukas Reschke	4d9af08f12	Execute only for web and not for CLI	9 years ago
Lukas Reschke	125b7e7512	Ensure that ownCloud is always accessed with a trailing slash	9 years ago
Morris Jobke	675417a75c	Untangle the linkToDocs method in OC_Helper * now uses the proper URLGenerator interface * add comment about DI problems	9 years ago
Lukas Reschke	ba67dd9818	Add warning log entry when user accesses untrusted domain	9 years ago
Roeland Jago Douma	0bb5eadf89	[autoloader] Make sure to load construct full paths This reduces a lot of the autoloader magic and makes sure that we generate full paths in the autoloader.	9 years ago
Lukas Reschke	23e22c52b0	Use IRequest's `getScriptName` functionality instead of $_SERVER['SCRIPT_NAME']	9 years ago
Lukas Reschke	5588c5f262	Delete cookie instead of emptying value PHP will handle session cookies with an empty values as an E_WARNING error. ([php/#68063](https://bugs.php.net/bug.php?id=68063)) ownCloud sets the cookie to an empty value in case the session expires, it however after this starts a new session. Due to potential race conditions this can in unlikely cases lead to the fact that the session never gets restarted and the user is left with an empty cookie. PHP tries then to use the empty cookie which makes the instance not usable. To work around any race condition we now tell PHP to explicitly delete the value which can be done by using `null` as value, PHP will then send a cookie with the value "deleted". Also theepiration has been set to -1.	9 years ago
Joas Schilling	13dd62f7b0	Make sure that remote shares use the correct uid casing	9 years ago
Morris Jobke	b945d71384	update licence headers via script	9 years ago
Individual IT Services	fbe43e6a26	cache result of \OCP\Util::needUpgrade() reduce calls of \OCP\Util::needUpgrade() where \OCP\Util::needUpgrade() is called we can call as well self::checkUpgrade and use the cached result In line 877 the call way unnecessary anyway because of the first part of the if statement move caching to \OCP\Util::needUpgrade renaming variable fixing testNeedUpgradeCore() cache result of checkUpgrade() in self::$needUpgrade reduce calls of \OCP\Util::needUpgrade() where \OCP\Util::needUpgrade() is called we can call as well self::checkUpgrade and use the cached result In line 877 the call way unnecessary anyway because of the first part of the if statement move caching to \OCP\Util::needUpgrade renaming variable fixing testNeedUpgradeCore() fix typo in variable name deleting tabs	9 years ago
Thomas Müller	68bf4440d3	Merge pull request #19293 from owncloud/individual-it-move_initTemplate [jenkins] do not load unnecessary code in case of webdav	9 years ago
Thomas Müller	e7bc2a10e3	Merge pull request #15098 from owncloud/fix_preview_versions_revert_issue fix issue with version rollback and thumbnails	9 years ago
Individual IT Services	bf1cb20e90	do not load unnecessary code in case of webdav changing from "protected static" to "protected" as suggested by @nickvergessen https://github.com/owncloud/core/pull/19114#discussion_r39719851 moving initTemplate() into template constr. reduce to move initTemplate only cleanup spaces	9 years ago
Phil Davis	a165710e99	Minor text typos that I noticed while looking at some code.	9 years ago
Georg Ehrke	b3ff773bbf	delete cached preview when rolling back file's version add random number using OC.parseQueryString and _.extend() version rollback: add missing prefix to OC\Preview::post_delete add test to assure that the rollback hook is called	9 years ago
Thomas Müller	decdaf0018	Merge pull request #19024 from owncloud/remove-get_temp_dir Remove get_temp_dir()	9 years ago
Robin McCorkell	f8619870ea	Remove get_temp_dir()	9 years ago
Lukas Reschke	65ebba44ce	Allow /tests folder in autoloader by default Given the fact that "/tests" is not shipped by default and this has broken some applications and frustrated quite some people we should add "/tests" to the default allowed autoloading set. I do consider the security impact marginally since the /tests folder is not shipped within the release as well as usually has a hard requirement on being called by phpunit.	9 years ago
Frank Karlitschek	7562e4959b	Merge pull request #18658 from owncloud/configurable-temp Configurable temporary directory	9 years ago
Robin McCorkell	b3acf09c60	Only add valid root for enabled apps	9 years ago
Individual IT Services	3bc287ff63	Merge pull request #18794 from individual-it/reuse_systemConfig reuse existing $systemConfig variable	9 years ago
Morris Jobke	038b09b0b0	Proper details about git submodule update * fixes #18801	9 years ago
Individual IT Services	cd0a5372ee	reuse existing $systemConfig variable	9 years ago
Robin Appelman	e9b91b1798	verify the path in the autoloader	9 years ago
root	acae208f2f	moved code to /lib/private/tempmanager.php fix for unit test some fixes	9 years ago
Morris Jobke	e88b380973	Remove DEBUG constant and use config value * introduces config.php option 'debug' that defaults to false * migrate DEBUG constant to config value	9 years ago
Morris Jobke	b3495a1dc9	Merge pull request #18482 from owncloud/encrypt-session-data Add a session wrapper to encrypt the data before storing it on disk	9 years ago
Morris Jobke	40b1054530	Merge pull request #18254 from owncloud/mitigate-breach Add mitigation against BREACH	9 years ago
Joas Schilling	36eef2ddab	Add a session wrapper to encrypt the data before storing it on disk	9 years ago
Morris Jobke	06d8edd963	Merge pull request #17434 from owncloud/update-showappnameonappupdate Display app names in update page for app updates	9 years ago
Vincent Petry	a2674b2b30	Additions to update page Apps to update and to disable will always be shown. Main title changes only when apps need updated, not core. Added bullet style. Exclude incompatible apps from updated apps list.	9 years ago
Vincent Petry	b919ae96f0	Display app names in update page for app updates Whenever the update page is displayed for apps, show app names instead of the core update text.	9 years ago
Lukas Reschke	8313a3fcb3	Add mitigation against BREACH While BREACH requires the following three factors to be effectively exploitable we should add another mitigation: 1. Application must support HTTP compression 2. Response most reflect user-controlled input 3. Response should contain sensitive data Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed. To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.	9 years ago
Arthur Schiwon	ffaf5fed0e	load backbone universally	9 years ago
Thomas Müller	c3cac887f5	- more injection - less static calls - use params on sql queries - handle sql exception on database and user creation gracefully	9 years ago
Morris Jobke	5265a44260	Remove commented code	9 years ago
Bernhard Posselt	582f07950f	Merge pull request #17075 from owncloud/bootstrap-tooltip Replace jQuery tipsy with bootstrap tooltip	9 years ago
Morris Jobke	2d691c2fb4	Merge pull request #17381 from owncloud/fix_sharing_add_to_group [sharing] fix addToGroup hook	9 years ago
Bjoern Schiessle	058d910f5e	intproduce pre_addToGroup hook. we need to calculate the possible unique targets before the user was added to the group otherwise we will always detect a name collision	9 years ago
Roeland Jago Douma	c8145cdbd6	Javascript mimetype icon resolver This makes it possible to retrieve the icon for mimetypes in javascript. It makes no additional queries to the server to retrieve the mimetype. * config/mimetypealiases.json added * mimetype.js: this is where the logic resides to convert from mimetype to icon url * mimetypelist.js: generated file with a list of mimetype mapping (aliases) and the list of icon files * ./occ maintenance:mimetypesjs : new command for occ to gernerate mimetypes.js * unit tests updated and still work * javascript tests added * theming support * folder of the theme is now present in javascript (OC.theme.folder)	9 years ago
Thomas Müller	d3ac73c0c9	Remove OC_Log	9 years ago
Vincent Petry	2fe677d0ed	Catch cache garbage collection exception on postLogin Just log the exception instead of preventing access to OC.	9 years ago
Morris Jobke	f63915d0c8	update license headers and authors	9 years ago
Hendrik Leppelsack	8621d176db	moved tooltip.js to vendor scripts	9 years ago
Hendrik Leppelsack	f66e9af9a0	replaced tipsy with bootstrap tooltip	9 years ago
Thomas Müller	97a3d8c313	Fix login handler for file cache - fixes #16795	9 years ago
Thomas Müller	5e60795962	Bring back OC\Cache\File - fixes #16760	9 years ago
Morris Jobke	cf2c599218	Merge pull request #16200 from owncloud/kill-globalfilecache Drop file caching	9 years ago
Robin Appelman	e08423f956	release all locks on shutdown	9 years ago
Georg Ehrke	745c3c64fa	fix preview hooks, enable_previews default is true	9 years ago
Arthur Schiwon	e016ed55ff	also free joblist and base from file cache code	9 years ago
Bjoern Schiessle	0d5c7a11e2	use hooks to update encryption keys instead of the storage wrapper if a file gets renamed/restored, as long as we are in the storage wrapper the file cache isn't up-to-date	9 years ago
Hugo Gonzalez Labrador	3e647afbd4	Do not trigger preview hooks if enable_previews is false	9 years ago
Hugo Gonzalez Labrador	3a3a58f248	Do not trigger preview hooks if enable_previews is false	9 years ago
Lukas Reschke	9530e819eb	Don't display errors and log them Fixes https://github.com/owncloud/core/issues/16014	9 years ago
Lukas Reschke	8a85d8bc17	Try to set required ini values in base.php Fixes https://github.com/owncloud/core/issues/16006	9 years ago
Robin Appelman	d0ad69aa9c	use the preSetup hook to ensure the encryption wrapper is applied correctly	9 years ago
Thomas Müller	d9990c2b4e	Delay initialization of the OC\Encryption\Update - introducing 'OC\Encryption\HookManager'	9 years ago
Bjoern Schiessle	b25c06f576	detect system wide mount points correctly	9 years ago
Thomas Müller	7b2d53603c	Merge pull request #15489 from owncloud/dont_hide_exceptions_master Dont hide exceptions master	9 years ago
Thomas Müller	a163243e31	Merge pull request #15510 from owncloud/cron-singleuser block cron when in single user mode	9 years ago
Thomas Müller	a33edcd2f0	Fix singe user mode on public.php - take two	9 years ago
Jörn Friedrich Dreyer	8964c5068c	do not disclose information, show generic error on login page Conflicts: core/templates/login.php lib/base.php	9 years ago
Thomas Müller	f05e19348d	Fix single user check in case no user is logged in	9 years ago
Thomas Müller	f099c9883e	Adding check command to validate server environment - fixes #15429	9 years ago
Thomas Müller	ba9a797eaa	Encryption storage wrapper is enabled by default - necessary to detect encrypted files even if encryption was disabled after files have been encrypted - prevents data corruption	9 years ago
Bjoern Schiessle	e4895bda01	add helper class accessible for encryption modules to ask for a list of users with access to a file, needed to apply the recovery key to all files	9 years ago
Thomas Müller	4db75e3407	Setting up the encryption wrapper in a setup hook - temporarily fixes the wrapping order	9 years ago
Thomas Müller	dbdd754c3f	Further cleanup of files_encryption	9 years ago
Bjoern Schiessle	937efe856d	fix lib/private/encryption/util.php call	9 years ago
Robin Appelman	bac9b54bef	Add mount point to disable the encryption wrapper	9 years ago
Thomas Müller	232518ac54	Merge pull request #15234 from owncloud/encryption2_core core part of encryption 2.0	9 years ago
Bjoern Schiessle	ff9c85ce60	implement basic encryption functionallity in core to enable multiple encryption modules	9 years ago
Lukas Reschke	3e57e9d3e5	Merge pull request #15232 from owncloud/remove-arg-separator-magic Remove custom `arg_separator.output`	9 years ago
Lukas Reschke	73af302d39	Remove custom `arg_separator.output` This seems unrequired nowadays and like a legacy fragment. It should be safe to remove. Fixes https://github.com/owncloud/core/issues/14782	9 years ago
Jenkins for ownCloud	b585d87d9d	Update license headers	9 years ago
Thomas Müller	843fef0490	Handle session initialization errors and display error page - fixes #15053	9 years ago
Joas Schilling	0bed187613	Stop executing, when 3rdparty is missing or apps directory is invalid	9 years ago
Thomas Müller	6c1a1234f8	Properly handle available databases at runtime and respect setup checks in command line as well	9 years ago
Thomas Müller	7181840665	Use occ to install ownCloud in autotest.sh	9 years ago
Robin McCorkell	0e4933e6d2	Refactor \OC\Memcache\Factory Caches divided up into two groups: distributed and local. 'Low latency' is an alias for local caches, while the standard `create()` call tries to get distributed caches first, then local caches. Memcache backend is set in `config.php`, with the keys `memcache.local` and `memcache.distributed`. If not set, `memcache.distributed` defaults to the value of `memcache.local`.	9 years ago
Lukas Reschke	bbd5f28415	Let users configure security headers in their Webserver Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.	9 years ago
Lukas Reschke	afb0d742b9	Simplify code	9 years ago
Lukas Reschke	b6d8a48ce1	Add detection for invalid CLI configuration for settings page This change will log all failures that prevent the CLI cronjob from happening to the database and display a warning to administrators when an error happened. To test: 1. Configure some invalid CLI php.ini settings 2. Enable the CLI cronjob and run php cron.php 3. See the errors printed and also in the admin page 4. Configure the CLI settings correctly 5. Errors should be gone. Fixes https://github.com/owncloud/core/issues/13994	9 years ago
Morris Jobke	06aef4e8b1	Revert "Updating license headers" This reverts commit `6a1a4880f0`.	9 years ago
Lukas Reschke	c1d7b22d08	Always load authentication apps The current code path may trigger situations where the LDAP application is not yet loaded and thus problems with the authentication appeared. In previous versions of ownCloud the authentication mechanism manually loaded these apps which is why this affects ownCloud 8 and master only for my knowledge. (certainly not 6, maybe 7) Backport to 8 might be something to consider. Fixes https://github.com/owncloud/core/issues/14469	9 years ago
Thomas Müller	0a9b8242ee	properly initialize OC::$WEBROOT and host name	9 years ago
Thomas Müller	bcd10d3dc5	implement command maintenance:install	9 years ago
Jenkins for ownCloud	6a1a4880f0	Updating license headers	9 years ago
Morris Jobke	75a7bcb10c	Merge pull request #14199 from owncloud/cast-type-manually Manually type-cast all AJAX files	9 years ago
Clark Tomlinson	84cc90a0ee	Merge pull request #14335 from owncloud/enable-strict-mode-per-deafult Fix invalid `ini_set` directives	9 years ago
Lukas Reschke	e4bf3fcb53	Merge pull request #14330 from owncloud/revert-13879-add_debug_log_for_memcache_instantiation Revert "add debug log for memcache instantiation"	9 years ago
Lukas Reschke	593681a4a9	Fix invalid `ini_set` directives Somehow they got messed up. Because PHP does automatic type juggling this has worked before as well however it's not guaranteed that this might work in the future as well.	9 years ago
Lukas Reschke	cd4c064ebf	Revert "add debug log for memcache instantiation"	9 years ago
Lukas Reschke	1a41f8f6f9	Check if instance is not yet installed Due to a security hardening in 8.1 a missing value of empty trusted domains in the config would provoke an error as this was misused by a lot of users. This caused a problem where the initial installation happened from another domain than 127.0.0.1 as in this case the domain was considered untrusted as no value was defined. However, this special case should not get intercepted. To test: - [ ] Installing ownCloud on 127.0.0.1 works - [ ] Installing ownCloud on another domain / IP works - [ ] When setting up ownCloud from 127.0.0.1 and accessing it from the domain above the trusted domain error should be shown if not specified in the config Fixes https://github.com/owncloud/core/issues/14320	9 years ago
Lukas Reschke	cebf9f6a5a	Incorporate review changes	9 years ago
Lukas Reschke	992164446c	Add blackmagic due to cyclic dependency 🙈	9 years ago
Lukas Reschke	886bda5f81	Refactor OC_Request into TrustedDomainHelper and IRequest This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed. This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions. Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though. Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969	9 years ago
Jörn Friedrich Dreyer	87db136508	add debug log for memcache instantiation	9 years ago
Lukas Reschke	a7df23ceba	Manually type-case all AJAX files This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈 Fixes https://github.com/owncloud/core/issues/14196 for core	9 years ago
Morris Jobke	573aa196d4	Properly show the warning about the missing composer autoloader	9 years ago
Morris Jobke	254a1fa12a	Merge pull request #13314 from owncloud/login-hook-logout Return false if the login is canceled in a hook	9 years ago
Robin Appelman	8eda661761	Throw an exception when login is canceled by an app	9 years ago
Lukas Reschke	5f31207e84	Add some more sanity checks for maintenance mode	10 years ago
Lukas Reschke	1c75b73239	Verify authentication before initializing apps and routing The current behaviour of the authenticion logic in base.php prevents REST APIs in ownCloud applications to work. Because `!self::$CLI` is usually always a true statement the previously above block was entered which returned, thus the authentication logic for this part does not trigger in. This can be reproduced by installing apps such as the News app and issuing the following command: `curl -u admin:admin http://localhost/index.php/apps/news/api/v1-2/feeds` The following parts needs to get throughly tested: - [ ] OCS - [ ] remote.php's DAV features - [ ] Regular login features This bug affects master and stable7. I'd propose that we merge this for 8.0 since this has the potential to break every component that relies on Basic Auth features. A backport would also be very nice. Remark to myself: We really need to move out the authentication code for 8.1 out of base.php - I already have a local branch that does that somewhere which I will get in shape for 8.1... - This untested code is a night-mare. Fixes itself.	10 years ago
Jörn Friedrich Dreyer	606f802b7b	move search results below filelist, show hint when results are off screen, use js plugin mechanism	10 years ago
Jörn Friedrich Dreyer	088323aad5	move code from js.js to search.js in the search app	10 years ago
Jörn Friedrich Dreyer	891474b0d6	Merge pull request #12759 from owncloud/core-reduce-js-and-css make sure styles and scripts are only loaded once	10 years ago
Lukas Reschke	058324b80e	Check basic auth header only for not-logged-in users	10 years ago
Lukas Reschke	b91a435ed4	Move basic auth login out of `isLoggedIn` Potentially fixes https://github.com/owncloud/core/issues/12915 and opens the door for potential other bugs... Please test very carefully, this includes: - Testing from OCS via cURL (as in #12915) - Testing from OCS via browser (Open the "Von Dir geteilt" shares overview) - WebDAV - CalDAV - CardDAV	10 years ago
Thomas Müller	51a22431ee	load showpassord.js conditionally in the template only if needed	10 years ago
Morris Jobke	9f30d3529a	Implement method that reads vendor libs from core.json * includes them at the beginning of initTemplate()	10 years ago
Morris Jobke	edcd2f2706	bower jquery-ui - exported changes to a separate css file	10 years ago
Lukas Reschke	9ea205dc3d	Check if open_basedir is set The file:// protocol does not work with curl when an open_basedir is set. This fixes https://github.com/owncloud/core/issues/12016	10 years ago
Morris Jobke	0d4f0ab871	reduce OC_Preferences, OC_Config and \OCP\Config usage * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container	10 years ago
Morris Jobke	f164161f69	fix base.php for not installed systems	10 years ago
Lukas Reschke	bd520d2e53	Create config if it does not exists The codepath that is executed when executing ownCloud via CLI is different than via browser. Specifically, the config is created by the user session already in `OC_Util::getInstanceId()` by a call to `setValue`. That said, this seems to be quite a bad side-effect, but for the sake of "not breaking whatever might break if we touch this" let's keep it that way for now. When executing the autoconfig via `php -f index.php` the said session was not setup and thus no `config/config.php` file was created resulting in an installation error. To reproduce this try to setup ownCloud via `php -f index.php` with and without that patch. (ensure to delete all existing configs before and don't access ownCloud with a browser in the meantime) Fixes itself.	10 years ago
Lukas Reschke	ddcf2b84ec	Remove checks for safe mode and magic quotes Both are removed from 5.4.0 Safe Mode: http://php.net/manual/en/features.safe-mode.php > This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0. Magic Quotes: http://php.net/manual/en/security.magicquotes.php > This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.	10 years ago
Thomas Müller	0769556989	Merge pull request #12419 from owncloud/read-only-config Allow read-only configuration	10 years ago
Lukas Reschke	e35feadac2	Pass \OC::$WEBROOT to the ctr	10 years ago
Thomas Müller	5097d4dc05	remove deprecated \OC:$session	10 years ago
Lukas Reschke	fc116f563f	Allow read-only configuration Workaround required for IIS setups running ownCloud to prevent dataloss. Long-term solution would be to move some configuration settings to the database	10 years ago
Morris Jobke	604bf61e10	Merge pull request #12299 from owncloud/clean-lib-base-config replace all static calls to OC_Config and OC_Preferences to calls to OCP...	10 years ago
Thomas Müller	cbb9caf030	Merge pull request #12226 from owncloud/remove-phpass Remove phpass and migrate to new Hasher interface	10 years ago
Morris Jobke	980dd4d22a	replace double quotes with single quotes	10 years ago
Morris Jobke	fef9d4218c	replace all static calls to OC_Config and OC_Preferences to calls to OCP\IConfig	10 years ago
Lukas Reschke	d0a30b0e55	Ignore port for trusted domains This lead to a lot of confusion in the past and did not really offer any value. Let's remove the port check therefore. (it's anyways not really a part of the domain) Fixes https://github.com/owncloud/core/issues/12150 and https://github.com/owncloud/core/issues/12123 and also a problem reported by @DeepDiver1975. Conflicts: lib/private/request.php	10 years ago
Lukas Reschke	8595b76df2	Remove phpass and migrate to new Hasher interface This PR removes phpass and migrates to the new Hasher interface. Please notice that due to https://github.com/owncloud/core/issues/10671 old hashes are not updated but the hashes are backwards compatible so this shouldn't hurt. Once the sharing classes have a possibility to update the passwords of single shares those methods should be used within the newHash if block.	10 years ago
Thomas Müller	4c1244f50c	Merge pull request #11917 from owncloud/fix-11909 Add checkbox to enforce SSL for subdomains	10 years ago
Lukas Reschke	5b8a6b66b5	Load PHPAss via autoloader	10 years ago
Lukas Reschke	5f2a083686	Merge pull request #11883 from owncloud/clear-session-for-setup Clear session before setup	10 years ago
Morris Jobke	73569b29bc	md5 now handled via bower	10 years ago
Morris Jobke	e49b9022a1	bower snapjs	10 years ago
Morris Jobke	957dee5af1	bower underscore	10 years ago
Morris Jobke	74d375d8ea	migrate jQuery to bower	10 years ago
Morris Jobke	1a405e56f5	replace moment.js with bower version * fix JS unit tests	10 years ago
Thomas Müller	994768d99f	Update Pimple to V3.0	10 years ago
Lukas Reschke	e73ccbd4ca	Migrate "setsecurity.php" to the AppFramework Add switch to enforce SSL for subdomains Add unit tests Add test for boolean values Camel-case Fix ugly JS	10 years ago
Thomas Müller	a4f0483f56	Update Symfony/Console to 2.5 & Update Symfony/Routing to 2.5	10 years ago

... 3 4 5 6 7 ...

1161 Commits (master)