wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11454 commits 157 branches 562 tags 714 MiB
Commit graph

418 commits

Author SHA1 Message Date
Thomas Tanghus
7f0c69eb0e Added CRUDS permissions to the OCP namespace. Implements issue #345 2012-11-11 23:09:54 +01:00
Stefan Seidel
8f669880bc Fix WebDAV (and Android Client) not being able to authorize on Debian Squeeze + mod_fcgid installs. 2012-11-09 13:30:07 +01:00
Felix Moeller
a4b2ea586d Style: Remove all the dangling white spaces 2012-11-04 22:16:04 +01:00
Felix Moeller
27ab0357ae Checkstyle: Fix last six NewlineBeforeOpenBrace 2012-11-04 18:36:16 +01:00
Thomas Müller
8ac3849a95 Merge pull request #238 from fmms/checkstyle04 
Checkstyle fixes
 2012-11-04 08:59:45 -08:00
Lukas Reschke
8c4c74b23f Merge pull request #178 from owncloud/JustOneCSRFTokenPerSession 
Just one CSRF token per session
 2012-11-04 05:54:02 -08:00
Felix Moeller
30d7993e01 Checkstyle fixes: NoSpaceAfterComma 2012-11-04 11:10:46 +01:00
Lukas Reschke
d2e842fcc9 Remove uneeded new line 2012-11-01 22:38:21 +01:00
Lukas Reschke
822e4d5f6c Check for redirect_url for logged in users 
This checks if there is a redirect_url for logged in users
 2012-11-01 22:37:37 +01:00
Lukas Reschke
81f019b6c5 Make the redirect_url working again 
Fixes #160
 2012-10-31 22:03:55 +01:00
Lukas Reschke
7a7f12a0c1 Create only one CSRF token per session 
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)

With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
 2012-10-31 18:37:59 +01:00
Bart Visscher
6d09752940 DRY for creating htaccess to protect data-directory 2012-10-30 20:57:19 +01:00
Bart Visscher
246d7ea2ea Separate control code from class definition 2012-10-30 20:56:31 +01:00
Lukas Reschke
f6b6780072 Don't use OC_Setup as it will show up the installer 2012-10-29 22:44:49 +01:00
Lukas Reschke
6903475841 Generate .htaccess when upgrading from old versions 
When upgrading from old ownCloud versions like 2.x the .htaccess is not
generated - which exposes the data to the internet. This fix will
generate a .htaccess when upgrading. (And no one exists)
Fixes #127
 2012-10-29 22:03:18 +01:00
Bart Visscher
fecfeac55d Fix introduced style errors 2012-10-27 17:45:15 +02:00
Bart Visscher
894d44e796 Merge remote-tracking branch 'git://github.com/susinths/SabreDAV_1.7.1.git' 
Conflicts:
	lib/base.php
 2012-10-27 16:33:10 +02:00
Bart Visscher
0120f3fd62 Merge branch 'routing' 
Conflicts:
	core/lostpassword/index.php
	core/lostpassword/resetpassword.php
 2012-10-27 11:58:02 +02:00
Bart Visscher
43e8293d9c Change Symfony/Component/Routing from submodule to composer fetching 2012-10-27 11:32:16 +02:00
Felix Moeller
6a00a6b9ed Make Jenkins more happy. 
This is NoSpaceAfterComma
 2012-10-23 00:28:12 +02:00
Bart Visscher
6081bfa2bc Merge branch 'master' into routing 
Conflicts:
	lib/search/provider/file.php
	settings/ajax/changepassword.php
	settings/settings.php
 2012-10-17 16:38:11 +02:00
Susinthiran Sithamparanathan
b2b84f3a6f Update Sabre to version 1.7.1 2012-10-17 16:17:36 +02:00
Lukas Reschke
de7b46c66a Use get_magic_quotes_gpc() to determine if magic_quotes is enabled 
set_magic_quotes_runtime gives a PHP warning
 2012-10-16 19:42:17 +02:00
Lukas Reschke
59404b5675 Merge pull request #31 from visit1985/persistentcookies 
reresubmit: improved persistent cookies :)
 2012-10-16 04:46:22 -07:00
Victor Dubiniuk
ddcd738357 Merge branch 'extended_log' 
PHP errors logging into the owncloud log
 2012-10-16 01:30:45 +03:00
Michael Göhler
8be9c04a3a 128byte is not 128bit - now we realy use 256bit (same as PHPSESSID) 2012-10-15 20:04:22 +02:00
Michael Göhler
ae1f33db54 implement fixed php session timeout and session id regeneration 2012-10-14 22:36:26 +02:00
Michael Göhler
b92fd984aa removed username and password from token generation 2012-10-14 22:36:26 +02:00
Michael Göhler
a6c4046f48 fixed typo and redundant method call 2012-10-14 22:36:25 +02:00
Michael Göhler
d8fe6fbb40 added a warning message to the log when a cookie is rejected 2012-10-14 22:36:25 +02:00
Michael Göhler
382f8d060c fixed wrong variable usage 2012-10-14 22:36:25 +02:00
Michael Göhler
38b9bffaea call unsetMagicInCookie if token is invalid 2012-10-14 22:36:25 +02:00
Michael Göhler
eb79ccafe3 forgot a class name 2012-10-14 22:36:25 +02:00
Michael Göhler
2ea06f67bd delete all tokens on password change 2012-10-14 22:36:25 +02:00
Michael Göhler
45f1c3f120 further improvements on multiple login token support 
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
 2012-10-14 22:36:25 +02:00
Michael Göhler
ee5d0f328f improve token security 
switched from time() to internal method OC_Util::generate_random_bytes()
 2012-10-14 22:36:25 +02:00
Bart Visscher
4b799a6982 Make the lifetime of the remember login cookie 2012-10-14 22:36:25 +02:00
Bart Visscher
7f3e0b5566 Cleanup login tokens on login success 2012-10-14 22:36:25 +02:00
Bart Visscher
1012d317e3 Add support for multiple login cookie tokens 2012-10-14 22:36:25 +02:00
Michael Göhler
7095b3a083 extend logon page to display multiple error messages 2012-10-14 19:57:24 +02:00
Bart Visscher
9a35bd76fb Use resolved path for require_once in autoloader 2012-10-12 15:47:41 +02:00
Bart Visscher
2c3674ea87 Add logging when stripping apps from autoload include path 2012-10-10 21:06:15 +02:00
Bart Visscher
fe40277ec2 Use __DIR__ instead of __FILE__ to get SERVERROOT 2012-10-10 21:06:15 +02:00
Lukas Reschke
cda2135966 Send a HSTS HTTP header to enforce SSL 2012-10-10 18:56:14 +02:00
Arthur Schiwon
3affeb5bd7 destroy invalid sessions 2012-10-08 13:36:11 +02:00
Bart Visscher
f3a211c03c Implement routing on javascript side 2012-10-05 09:42:36 +02:00
Robin Appelman
f8eebcbb01 reload the current url when login in instead of always redirecting to the default app (oc-1873) 2012-09-30 03:47:37 +02:00
Lukas Reschke
578aa4e425 Removed sectoken 
This token is completly useless since an attacker can easily extract it
from the page.
 2012-09-29 15:18:38 +02:00
Bart Visscher
c9317b5a68 Merge branch 'master' into routing 2012-09-28 21:41:21 +02:00
Bart Visscher
bf1057143c Merge branch 'master' into routing 
Conflicts:
	apps/files/js/filelist.js
	core/js/js.js
	lib/ocs.php
 2012-09-28 15:38:49 +02:00
Christian Reiner
743826bbf3 Reimplementation of CSRF protection including autorefresh 2012-09-28 13:30:44 +02:00
VicDeo
2b6869bcea Uncaught exception logging 2012-09-26 14:38:06 +03:00
Lukas Reschke
c4fc291fa7 Passwords containing a ":" don't work with this explode 
Thanks to mETz
 2012-09-25 19:57:40 +02:00
Victor Dubiniuk
bbf8bb0bb3 Log PHP errors to the OC log 2012-09-12 22:30:04 +03:00
Michael Gapczynski
c5f9b887ff Don't call clearCache() for OC_Minimizer statically, create OC_Minimizer objects for both CSS and JS to clear cache after upgrade 2012-09-12 01:18:07 -04:00
Robin Appelman
46422e6dbe don't use regular expresions for a simple string replace 2012-09-08 23:40:23 +02:00
Bart Visscher
ceec5e593c Remove redundant loadApps 2012-09-07 16:19:08 +02:00
Bart Visscher
5eba579827 Merge branch 'master' into routing 
Conflicts:
	apps/files/js/fileactions.js
	lib/base.php
	lib/helper.php
	lib/ocs.php
 2012-09-07 15:51:44 +02:00
Thomas Mueller
3829460ab8 adding space between) and { 2012-09-07 15:22:01 +02:00
Bart Visscher
5e55b4d6e7 Whitespace fixes in lib 2012-09-07 14:08:29 +02:00
Bart Visscher
9ea7817a40 Remove core.{css,js} cache on upgrade 2012-09-07 13:42:22 +02:00
Thomas Müller
9eccc0121a Respect coding style 2012-09-05 13:22:38 +03:00
Thomas Müller
7901fc33a8 fixing syntax error 2012-09-04 15:54:38 +03:00
Thomas Müller
aff08925c1 fixing syntax error - sorry for that 2012-09-04 15:46:43 +03:00
Thomas Müller
2028500c0a fixing syntax error - sorry for that 2012-09-04 15:42:58 +03:00
Thomas Müller
e4e0b5a822 Respect coding style 2012-09-04 15:34:09 +03:00
Robin Appelman
2508f64efe set debug mode if an xdebug session is active 2012-09-01 20:52:13 +02:00
Robin Appelman
a7255181ad fix autoloader throwing errors for non-oc classes 2012-09-01 15:36:52 +02:00
Robin Appelman
3dacf149de allow configuring user backends in config.php 2012-09-01 02:50:27 +02:00
Robin Appelman
f67aef608f load authentication apps on login 2012-09-01 02:50:27 +02:00
Robin Appelman
ebd813ae95 don't throw errors in the autoloader when a class doesn't exist 2012-09-01 02:50:27 +02:00
Bart Visscher
b483f2aab8 Merge branch 'master' into routing 
Conflicts:
	apps/contacts/js/contacts.js
	apps/contacts/lib/search.php
	apps/files_archive/js/archive.js
	apps/gallery/lib/tiles.php
	apps/gallery/templates/index.php
	lib/ocs.php
 2012-08-30 21:49:28 +02:00
Bart Visscher
db18218a1b Space before tab fixes 2012-08-29 20:34:44 +02:00
Bart Visscher
52f2e7112e Whitespace fixes in lib 2012-08-29 20:28:45 +02:00
Bart Visscher
53e51fe46b Clean user cache on login 2012-08-28 23:07:28 +02:00
Bart Visscher
8a02a8852f Add background job for global file cache cleanup 2012-08-28 23:07:28 +02:00
Bart Visscher
63af75586b Merge branch 'master' into routing 2012-08-15 17:39:00 +02:00
Bart Visscher
db4111f6d5 Routing: Add some core routes 2012-08-12 16:52:36 +02:00
Bart Visscher
8c02494744 Routing: Prepare load funtions to be called from OC_Router 2012-08-12 16:16:22 +02:00
Lukas Reschke
0d8df3f55c Revert "Combine install checks in lib/base.php" 
This reverts commit aa9fbf6639.
 2012-08-11 17:07:35 +02:00
Michael Gapczynski
465767670b Check blacklist when renaming files 2012-08-11 11:04:04 -04:00
Bart Visscher
1025e451a7 Add router match to OC::handleRequest 2012-08-11 01:36:16 +02:00
Bart Visscher
c2160433cd Merge branch 'master' into routing 
Conflicts:
	lib/base.php
 2012-08-11 00:43:26 +02:00
Bart Visscher
72b2324b68 Move loading of routes to OC::getRouter function 2012-08-10 23:31:11 +02:00
Bart Visscher
3722928c46 Change access to router object to getter function 2012-08-10 23:30:04 +02:00
Bart Visscher
3e8b6e816a Create OC_Router in OC::init 2012-08-10 23:03:57 +02:00
Lukas Reschke
8ec45870a3 Validate cookie properly and prevent auth bypass 
BIG (!) thanks to Julien CAYSSOL
 2012-08-10 15:28:59 +02:00
Jakob Sack
0ea4fa298c Backgroundjobs: don't try to access OC_Appconfig if ownCloud has not been installed 2012-08-10 13:53:40 +02:00
Jakob Sack
81b997b56e Merge branch 'backgroundjobs' 2012-08-10 13:00:51 +02:00
Bart Visscher
82b10954e7 Simplify loading app php script files 2012-08-10 12:27:37 +02:00
Bart Visscher
5e7086adc9 Move login handling to OC class 2012-08-10 12:17:13 +02:00
Bart Visscher
83403784d1 Always load when the requested file is css 2012-08-10 11:43:04 +02:00
Bart Visscher
da07245f59 Move OC::loadfile and OC::loadapp next to OC::handleRequest 2012-08-10 11:43:04 +02:00
Bart Visscher
e3c732040b Make OC::loadfile and OC::loadapp protected, only used in OC::handleRequest 2012-08-10 11:43:04 +02:00
Bart Visscher
0973969386 Cleanup OC::loadfile 2012-08-10 11:43:04 +02:00
Bart Visscher
aa9fbf6639 Combine install checks in lib/base.php 2012-08-10 11:43:04 +02:00
Jakob Sack
889f0a1c6d rename appconfig keys for backgroundjobs 2012-08-09 10:40:39 +02:00
Jakob Sack
13a0818fec Be more precise regarding backgroundjobs mode 2012-08-09 01:02:05 +02:00
Bart Visscher
3387454094 Move login code from index.php to OC class 2012-08-08 22:42:51 +02:00
Bart Visscher
9156fb73fd Move handling request of index.php to OC class 2012-08-08 22:42:50 +02:00
Bart Visscher
7522a23693 Remove unused RUNTIME_NOSETUPFS var 2012-08-08 22:42:50 +02:00
Bart Visscher
99ce7ba1df Move serverHost and serverProtocol functions to OC_Request 2012-08-07 20:43:00 +02:00
Bart Visscher
6d0390dcca Fix rewriting GET parameters with ? in REQUESTEDAPP 2012-08-07 20:43:00 +02:00
Bart Visscher
d579defc66 Merge branch 'master' into routing 2012-07-25 17:51:36 +02:00
Arthur Schiwon
57c375ea24 Support for OCA namespace 2012-07-25 12:56:08 +02:00
Bart Visscher
d0cae6a99a Very basic conversion of ocs to Symfony Routing Component 2012-07-21 19:43:50 +02:00
Robin Appelman
33b8de91ea allow a more flexible way of using user backends 2012-07-19 16:31:55 +02:00
Bart Visscher
621b83df72 Remove referer check, this is unreliable. The header doesnt need te exist, or can be wrong 2012-07-04 17:51:07 +02:00
Robin Appelman
12f7cb8767 fix running tests from cli 2012-06-27 13:21:45 +02:00
Bart Visscher
2f0b4983e9 Move app upgrade check to loading of apps 2012-06-27 01:05:12 +02:00
Brice Maron
09a9f5400e Trim url and path of appsroot to have and standart type of path fix oc-1107 2012-06-25 15:50:27 +02:00
Brice Maron
df60d6d5d2 Fixes for multi app dir : 
Url should be given as relative path (to webroot)
Correct link construction from js
 2012-06-22 12:24:56 +02:00
Brice Maron
b5953e7a83 Provide solution for smoother migration for apps to multi-app dir 2012-06-21 22:22:36 +00:00
Brice Maron
e5c56b2433 Merge branch 'master' into multi_app_dir 
Conflicts:
	lib/app.php
	lib/base.php
	lib/minimizer/css.php
	lib/minimizer/js.php
	lib/template.php
	lib/util.php
 2012-06-21 17:15:35 +00:00
Bart Visscher
6404476bec Delay setup of FS until OC_Filesystem is used 2012-06-20 17:10:49 +02:00
Bart Visscher
f54ef5a464 Remove OC::$CONFIG_DATADIRECTORY, not used 2012-06-19 22:54:14 +02:00
Bart Visscher
332603a263 Move formfactor code to OC_Template 2012-06-18 15:40:48 +02:00
Bart Visscher
977cd0df6b Fix errors for minimizer 2012-06-18 11:33:24 +02:00
Bart Visscher
6e9cd63fa1 Only check for apps owncloud version requirment when there is a new owncloud version 2012-06-16 20:52:10 +02:00
Bart Visscher
6d3ae575b6 Remove $DOCUMENTROOT, not used 2012-06-16 00:11:36 +02:00
Brice Maron
4753cc3ebd Merge branch 'master' into multi_app_dir 
Conflicts:
	apps/bookmarks/ajax/addBookmark.php
	config/config.sample.php
	lib/app.php
	remote.php
 2012-06-14 21:16:59 +00:00
Brice Maron
6da5a2fdd4 Add possibility to choose the installation folder 2012-06-14 21:00:02 +00:00
Robin Appelman
76de92477f fix infinite redirect during setup for windows hosts 2012-06-09 14:38:05 +02:00
Georg Ehrke
bdd12df4a2 fix loading of OC::$REQUESTEDAPP if WTFE the app parameter is given but empty aka /?app 2012-06-08 22:31:44 +02:00
Brice Maron
9ec68c819b Change parameter 'web' to 'url' and take array of array in config instead of : separated values 2012-06-07 20:36:55 +00:00
Bart Visscher
4260dce826 Better handling of core.css and core.js 
Fixes calling remote.php on install.
Fixes http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-933
 2012-06-07 21:35:40 +02:00
Brice Maron
0f7fdd4148 ReAdd possibility to load existing app folders 2012-06-07 19:15:31 +00:00
Brice Maron
e8447e0bda Rework to fit with minizer 2012-06-06 21:11:15 +00:00
Brice Maron
cc494259d3 Unit path and webpath, correct some more 2012-06-06 20:24:15 +00:00
Brice Maron
b6c5ca126b First almost working version 2012-06-06 20:23:17 +00:00
Arthur Schiwon
6ca2b49292 avoid too-early database access and thus make owncloud installable again 2012-06-06 17:29:57 +02:00
Bart Visscher
57326ea1f8 Move setting remote_core.* to after setup of OC, also check if it is not set yet 2012-06-05 17:51:52 +02:00
Frank Karlitschek
e747fd794e fix login for hosts running on port 80 2012-06-05 15:26:31 +02:00
Frank Karlitschek
e3031ae28b more reliable host detection for reverse proxy servers 2012-06-05 12:52:23 +02:00
Bart Visscher
4a5973662c Merge branch 'unstable' 
Conflicts:
	apps/files_external/tests/config.php
	apps/files_versions/ajax/getVersions.php
	apps/files_versions/appinfo/app.php
	apps/files_versions/history.php
	apps/files_versions/js/versions.js
	apps/files_versions/templates/history.php
	apps/files_versions/versions.php
	lib/base.php
 2012-06-04 23:02:05 +02:00
Frank Karlitschek
75d56f24f2 try to switch magic quotes off. 
it´s evil and deprecated
 2012-06-01 12:41:38 +02:00
Frank Karlitschek
24d14783d7 added a serverProtocol function that correctly returns the used protocol even if the ssl connection is terminated at a reverse_proxy or at a load balancer 2012-06-01 10:38:44 +02:00
Michael Gapczynski
fbe58755e5 Restrict requested app to apps directory 2012-05-29 12:31:47 -04:00
Frank Karlitschek
a945fa10a6 update copyright 2012-05-26 19:14:24 +02:00
Frank Karlitschek
24318354f2 changed the default from Berlin to UTC. 
Greetings form Berlin by the way ;-)
 2012-05-24 00:49:21 +02:00
Robin Appelman
60fdc13ae6 enable running unit tests from cli 2012-05-22 20:22:53 +02:00
Robin Appelman
b096fd9ed8 log upgrades 2012-05-19 01:55:20 +02:00
Bart Visscher
ce1e4425c2 Combine and minimize core and default app js files 2012-05-16 18:53:46 +02:00
Bart Visscher
f71fec8cdc Combine and minimize core and default app css files 2012-05-16 18:53:46 +02:00
Bart Visscher
5d72681d10 Better place to check caching headers 2012-05-16 18:52:40 +02:00
Robin Appelman
9eb91a111d update to jquery 1.7.2 2012-05-12 00:37:19 +02:00
Bart Visscher
919681f3e6 Make processed css files cachable 2012-05-11 21:33:02 +02:00
Bart Visscher
97233b77cd Remove DOCUMENTROOT static var, and make SUBURI var private 2012-05-11 21:31:51 +02:00
Georg Ehrke
8f2217ca2e make default app choosable 2012-05-11 13:56:52 +02:00
Michael Gapczynski
de95bf62a2 Prevent any null bytes related exploits, thanks to Lukas Reschke 2012-05-10 11:44:06 -04:00