Commit graph

23281 commits

Author SHA1 Message Date
Lukas Reschke
bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Thomas Müller
1155ad6e38 Merge pull request #14633 from owncloud/issue/14627-maintenance-mode-message-misleading
Maintenance mode message might be misleading
2015-03-02 06:49:28 -08:00
Vincent Petry
e61aa3723e Merge pull request #14573 from owncloud/enc-migrate-disable-updater
Disable the cache updater when doing the encryption migration
2015-03-02 14:53:29 +01:00
Lukas Reschke
e1f833a611 Merge pull request #14635 from owncloud/cleanup-config.sample.php
Cleanup config.sample.php
2015-03-02 14:35:54 +01:00
Joas Schilling
195c577c77 Add a repair step to delete old tables 2015-03-02 12:02:14 +01:00
Morris Jobke
8cf61c09c8 fix link for Preview documentation 2015-03-02 10:45:22 +01:00
Morris Jobke
297285249a fix line breaks in config.sample.php 2015-03-02 10:44:18 +01:00
Thomas Müller
9c79b1fc6d Merge pull request #14608 from kampka/master
Don't swallow errors in console.php
2015-03-02 01:40:57 -08:00
Thomas Müller
58ec0ea734 Merge pull request #14535 from owncloud/fix-files-external
fix files external test run and add common-tests option
2015-03-02 00:51:38 -08:00
Joas Schilling
0f09989824 Maintenance mode message might be misleading 2015-03-02 09:51:25 +01:00
Morris Jobke
4009f15255 Merge pull request #14593 from owncloud/fix/13994
Add detection for invalid CLI configuration for settings page
2015-03-02 09:19:26 +01:00
Morris Jobke
7194952db4 Merge pull request #14570 from rullzer/ocs_sane_permissions
Shares should have a least read permission
2015-03-02 08:38:36 +01:00
Jenkins for ownCloud
3f91e3757f [tx-robot] updated from transifex 2015-03-02 01:55:00 -05:00
Roeland Jago Douma
4436a9ce35 Shares should have a least read permission
* Throw 400 when a share is created or updated without read permissions
* Added unit tests
2015-03-01 17:13:17 +01:00
Lukas Reschke
afb0d742b9 Simplify code 2015-03-01 12:35:41 +01:00
Morris Jobke
a6f5d3e1e8 Merge pull request #14614 from jakobsack/master
Show time difference of last cron run instead of absolute time
2015-03-01 12:22:39 +01:00
Morris Jobke
36a4ee27ba Merge pull request #14605 from owncloud/checkserver-disable-hhvm
Disable some server checks when running on HHVM
2015-03-01 12:12:01 +01:00
Jakob Sack
97a624dba5 Improve language on backgroundjob admin page 2015-03-01 11:51:40 +01:00
Lukas Reschke
faddd1e256 Simplify code 2015-03-01 11:46:39 +01:00
Jenkins for ownCloud
ff85d38c2a [tx-robot] updated from transifex 2015-03-01 01:54:38 -05:00
Jakob Sack
7a84c90d71 Rename $human_time to $relative_time in cron settings 2015-02-28 21:49:23 +01:00
Jakob Sack
0efed5c216 Add absolute time of last cronjob as hover tip 2015-02-28 21:48:19 +01:00
Jakob Sack
6e906fc4d4 Use relative time for cron status 2015-02-28 21:09:25 +01:00
Christian Kampka
bf01327cd0 Don't swallow errors in console.php 2015-02-28 12:31:11 +01:00
Lukas Reschke
d0c6af2cb5 Disable bootstrap.php checks when HHVM is used 2015-02-28 10:11:12 +01:00
Lukas Reschke
4100610390 Disable some server checks when running on HHVM
Ref https://github.com/owncloud/core/issues/10837#issuecomment-76516839
2015-02-28 10:08:41 +01:00
Jenkins for ownCloud
42f6448da2 [tx-robot] updated from transifex 2015-02-28 01:55:32 -05:00
Lukas Reschke
d201f1c47e Fix version rev 2015-02-28 00:47:43 +01:00
Frank Karlitschek
270d404ee2 This is 8.0.1 now 2015-02-28 00:39:41 +01:00
Frank Karlitschek
95e3c56d2a This is not 8.1 pre alpha 2015-02-28 00:26:31 +01:00
Lukas Reschke
b6d8a48ce1 Add detection for invalid CLI configuration for settings page
This change will log all failures that prevent the CLI cronjob from happening to the database and display a warning to administrators when an error happened.

To test:

1. Configure some invalid CLI php.ini settings
2. Enable the CLI cronjob and run php cron.php
3. See the errors printed and also in the admin page
4. Configure the CLI settings correctly
5. Errors should be gone.

Fixes https://github.com/owncloud/core/issues/13994
2015-02-27 20:20:34 +01:00
Morris Jobke
7452d0434a proper description of appcodechecker in config sample 2015-02-27 20:02:07 +01:00
Lukas Reschke
13b0b7dfaf Merge pull request #14585 from owncloud/fix-avatars-for-users-with-at
Use custom attribute instead of the div identifier
2015-02-27 18:40:53 +01:00
Lukas Reschke
92b5517229 Use custom attribute instead of the div identifier
Otherwise problems arrive when a username contains characters such as an `@`

Fixes https://github.com/owncloud/user_shibboleth/issues/38
2015-02-27 17:38:59 +01:00
Vincent Petry
22bc622f9b Move keys instead of copy during encryption key migration 2015-02-27 17:14:17 +01:00
Robin Appelman
89735ab22b add some tests for disabled updater 2015-02-27 17:14:17 +01:00
Robin Appelman
6f000ffc7b Disable the cache updater when doing the encryption migration 2015-02-27 17:14:16 +01:00
Robin Appelman
f6182aa87e Allow disabling the cache updater 2015-02-27 17:14:16 +01:00
Morris Jobke
b4dfd043d7 Merge pull request #14575 from owncloud/cache-rename-overwrite
Fix cache update when doing a rename that overwrites the target
2015-02-27 17:11:37 +01:00
Robin Appelman
fc027bceb7 Fix cache update when doing a rename that overwrites the target 2015-02-27 16:39:58 +01:00
Bernhard Posselt
970b14d297 Merge pull request #13616 from owncloud/streamresponse
AppFramework StreamResponse
2015-02-27 15:43:01 +01:00
Bernhard Posselt
95239ad21e AppFramework StreamResponse
First stab at the StreamResponse, see #12988

The idea is to use an interface ICallbackResponse (I'm not 100% happy with the name yet, suggestions?) that allow the response to output things in its own way, for instance stream the file using readfile

Unittests are atm lacking, plan is to

check if a mock of ICallbackResponse will be used by calling its callback (also unhappy with this name) method
Usage is:

$response = new StreamResponse('path/to/file');

rename io to output, add additional methods and handle error and not modified cases when using StreamResponse

fix indention and uppercasing, also handle forbidden cases

fix indention

fix indention

no forbidden, figuring out if a file is really readable is too complicated to get to work across OSes and streams

remove useless import

remove useless import

fix intendation
2015-02-27 15:42:33 +01:00
Morris Jobke
0c058490f4 Merge pull request #14566 from owncloud/fix-avatars-in-master
Fix avatars in master
2015-02-27 15:41:40 +01:00
Joas Schilling
c5a9bad919 Merge pull request #14567 from owncloud/node-check-fileinfo-interface
Add "throws" lines to calling methods and interface aswell
2015-02-27 15:15:09 +01:00
Lukas Reschke
5c2fafa05f Read from IRequest instead of reading twice
Potentially fixes https://github.com/owncloud/core/issues/14541 and https://github.com/owncloud/core/issues/14506
2015-02-27 14:22:35 +01:00
Thomas Müller
8abb80c642 Merge pull request #14565 from owncloud/more-https
Add more HTTPS endpoints
2015-02-27 03:31:08 -08:00
Joas Schilling
3a6a0501c4 Add "throws" lines to calling methods and interface aswell 2015-02-27 12:16:53 +01:00
Lukas Reschke
8818165e07 Fix avatars in master 2015-02-27 12:03:58 +01:00
Thomas Müller
7fe07e93fe Merge pull request #14437 from owncloud/node-check-fileinfo
Check if we have a proper fileinfo
2015-02-27 02:56:13 -08:00
Lukas Reschke
b048e7129a Add more HTTPS endpoints
The doc server can now finally speak SSL...
2015-02-27 11:37:30 +01:00