Commit graph

221 commits

Author SHA1 Message Date
Vincent Petry
06f8c80af6 Validate target file name for some webdav ops 2015-05-29 19:14:38 +02:00
Lukas Reschke
ffd73ef2e4 Fix indentation 2015-05-27 14:57:19 +02:00
Scrutinizer Auto-Fixer
fdbc21fc6c Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-05-19 11:23:06 +00:00
Morris Jobke
7ee3f99a4a Merge pull request #16364 from owncloud/add-warning-webdav
Add notice that WebDAV interface is not intended for browsers
2015-05-18 11:28:47 +02:00
Joas Schilling
0991c0cc02 Merge pull request #16292 from owncloud/webdav-storage-fireprehooks
Fire prehooks when uploading directly to storage
2015-05-15 15:08:27 +02:00
Lukas Reschke
13778893d9 Add notice that WebDAV interface is not intended for browsers
Fixes https://github.com/owncloud/core/issues/16359
2015-05-15 09:07:39 +02:00
Vincent Petry
3cae0135ad Fire prehooks when uploading directly to storage 2015-05-13 17:47:04 +02:00
Robin Appelman
11e1acd8ec fix webdav quota check for the root of the dav endpoint 2015-05-12 14:02:27 +02:00
Robin Appelman
06a65fab13 use cross storage move when renaming the part file during webdav put 2015-05-07 14:28:31 +02:00
Robin Appelman
2e897f05b1 triger propagation for webdav uploads
use post hooks for share etag propagator
2015-04-27 14:07:16 +02:00
Lukas Reschke
b9df932e3c Merge pull request #15683 from owncloud/block-legacy-clients
Block old legacy clients
2015-04-24 18:21:10 +02:00
Lukas Reschke
ab9ea97d3a Catch not existing User-Agent header
In case of an not sent UA header consider the client as valid
2015-04-23 16:33:51 +02:00
Lukas Reschke
ed0b465cf9 Use 403 instead a 50x response 2015-04-20 12:53:40 +02:00
Lukas Reschke
4ea205e262 Block old legacy clients
This Pull Request introduces a SabreDAV plugin that will block all older clients than 1.6.1 to connect and sync with the ownCloud instance.

This has multiple reasons:

1. Old ownCloud client versions before 1.6.0 are not properly working with sticky cookies for load balancers and thus generating sessions en masse
2. Old ownCloud client versions tend to be horrible buggy

In some cases we had in 80minutes about 10'000 sessions created by a single user. While this change set does not really "fix" the problem as 3rdparty legacy clients are affected as well, it is a good work-around and hopefully should force users to update their client
2015-04-20 11:12:17 +02:00
Vincent Petry
ffc796edcb Do not trash part files, delete directly 2015-04-21 18:28:15 +02:00
Morris Jobke
e33e5b425a Merge pull request #12006 from owncloud/dav-put-storage
Work directly on the storage when uploading over webdav
2015-04-15 03:08:52 +02:00
Robin Appelman
eeecca04e6 Keep phpdoc updated. 2015-04-14 16:25:52 +02:00
Robin Appelman
308af8b909 pass a stream to the tests 2015-04-14 15:25:52 +02:00
Robin Appelman
2fd44dbde4 rewind and update error message 2015-04-13 14:14:48 +02:00
Robin Appelman
dcfe014103 use our own stream copy instead 2015-04-13 14:13:21 +02:00
Robin Appelman
8af106cc75 block webdav in single user mode 2015-04-09 15:56:41 +02:00
Robin Appelman
cbcee34eb0 update tests 2015-04-09 14:46:25 +02:00
Robin Appelman
6a59502759 Work directly on the storage when uploading over webdav 2015-04-08 14:04:58 +02:00
Thomas Müller
161d80da5b In case of encryption exceptions we return 503 - this will allow the client to retry 2015-04-07 14:17:42 +02:00
Thomas Müller
664b2bb7af cleaning up exception mess 2015-04-07 13:30:30 +02:00
Thomas Müller
bf809ac85a Removing left overs from old encryption app 2015-04-07 13:30:29 +02:00
Thomas Müller
dbdd754c3f Further cleanup of files_encryption 2015-04-07 13:30:28 +02:00
Thomas Müller
00338f9dca Removing files_encryption left overs 2015-04-07 13:30:28 +02:00
Vincent Petry
7ad4dfa201 Merge pull request #15227 from owncloud/ocetag-header
Copy Etag header to OC-Etag for sabre calls
2015-03-27 13:10:27 +01:00
Morris Jobke
e8109f0bc3 Merge pull request #13802 from owncloud/share-partfilepermissions
Fix share permission checks
2015-03-26 22:01:05 +01:00
Lukas Reschke
8ebe667202 Remove unneeded argument 2015-03-26 20:45:39 +01:00
Lukas Reschke
55fd0082aa Serve all files with a Content-Disposition of 'attachment' via WebDAV
As an additional security hardening it's sensible to serve these files with a Content-Disposition of 'attachment'. Currently they are served 'inline' and get a "secure mimetype" assigned in case of potential dangerous files.

To test this change ensure that:

- [ ] Syncing with the Desktop client still works
- [ ] Syncing with the Android client still works
- [ ] Syncing with the iOS client still works

I verified that the 1.8 OS X and iOS client still work with this change.
2015-03-26 20:01:05 +01:00
Vincent Petry
70acd58336 Copy Etag header to OC-Etag for sabre calls 2015-03-26 16:06:43 +01:00
Vincent Petry
a84ade5f32 Revert "adding OC-ETag header"
This reverts commit 30ee8b6f99.
2015-03-26 15:04:41 +01:00
Vincent Petry
daceb1a9ac Revert "adding unit tests"
This reverts commit 8d327c94a8.
2015-03-26 15:04:36 +01:00
Vincent Petry
cda7f7fd61 Merge pull request #15168 from owncloud/oc-etag-master
adding OC-ETag header
2015-03-26 13:52:43 +01:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Thomas Müller
8d327c94a8 adding unit tests 2015-03-26 10:49:26 +01:00
Thomas Müller
43beaba0dc Merge pull request #15171 from owncloud/sabre-logforbiddenasdebug
Log forbidden in debug level
2015-03-24 23:31:35 +01:00
Lukas Reschke
ec12f5e019 Merge pull request #14949 from owncloud/sabre-2.1.3
Update sabre-2.1.3 thirdparty submodule
2015-03-24 23:16:57 +01:00
Vincent Petry
72c1c89bcd Log forbidden in debug level 2015-03-24 22:08:11 +01:00
Thomas Müller
30ee8b6f99 adding OC-ETag header 2015-03-24 21:36:46 +01:00
Vincent Petry
331f0196e0 Merge pull request #15150 from owncloud/sabre-removerangeexceptionforencryption
Remove range header exception for encryption
2015-03-24 14:29:01 +01:00
jknockaert
a1b68b5a48 Remove range header exception for encryption
revert #10422
2015-03-24 13:19:49 +01:00
Vincent Petry
eb894e6625 Soft fail in CustomPropertiesBackend whenever storage not available
When a storage is not available, it will not fail the whole call any
more but still return a usable file list.
2015-03-23 17:41:32 +01:00
Vincent Petry
5ba508b346 Fix permission checks in Sabre connector
This fixes moving files in and out of shared folders with some exotic
permission combinations.
2015-03-19 21:18:48 +01:00
Vincent Petry
50194c31b4 Soft fail in custom properties backend
This makes it possible for clients to still receive a file list (minus
the broken files) instead of getting no list at all
2015-03-18 12:36:37 +01:00
Vincent Petry
5ea8ab3bb0 Fix Principal connector override 2015-03-17 12:22:29 +01:00
Thomas Müller
0f3e36fdfd Adding a more meaningful message for sabre dav exception - fixes #14516 2015-03-11 11:53:31 +01:00
Thomas Müller
49e1a81eba fixing namespaces and PHPDoc 2015-03-09 10:38:37 +01:00