Commit graph

44 commits

Author SHA1 Message Date
Lukas Reschke
8313a3fcb3 Add mitigation against BREACH
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
Joas Schilling
0fcd273714 Select the timezone on the right timestamp and assert it 2015-04-07 10:13:51 +02:00
Lukas Reschke
65202d2a18 Add check for activated local memcache
Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it.

Fixes https://github.com/owncloud/core/issues/14956
2015-03-28 13:59:22 +01:00
Robin McCorkell
1511a42da7 Check for relative datadirectory path 2015-03-27 23:29:46 +00:00
Joas Schilling
1686653fdd The iran timezone removed the DST handling which breaks the timezone lib 2015-03-23 14:08:47 +01:00
Joas Schilling
276d678080 Etc timezones don't exist for .5 and .75 offsets 2015-03-03 09:08:47 +01:00
Robin Appelman
5542fafd36 allow overwriting the appmanager in oc_util by subclassing 2015-02-18 14:24:50 +01:00
Joas Schilling
26100a6dfb Move timezone logic out of server.php 2014-12-16 16:16:22 +01:00
Joas Schilling
4d232e536e Deprecate Util::formatDate()
Make DateTimeFormatter a service and adjust tests that have been inaccurate
2014-12-10 11:58:56 +01:00
Morris Jobke
0d4f0ab871 reduce OC_Preferences, OC_Config and \OCP\Config usage
* files_encryption
* files_versions
* files_trashbin
* tests
* status.php
* core
* server container
2014-12-08 22:42:37 +01:00
Joas Schilling
ea4c25609d Replace uniqid calls with $this->getUniqueID so tests pass again on windows 2014-12-03 12:10:55 +01:00
Joas Schilling
cb3a598cdb Make root tests extend the \Test\TestCase 2014-11-19 14:53:51 +01:00
Thomas Müller
69db442c49 fixing expected values for formatDate() unit tests 2014-10-21 16:05:35 +02:00
Thomas Müller
c587a4aaa2 Merge pull request #11222 from owncloud/store-users-timezone-master
send browsers timezone back tp the server on login
2014-09-23 13:45:21 +02:00
Lukas Reschke
1565d82b81 Use only lower-case letters
Fixes https://github.com/owncloud/core/issues/11239
2014-09-22 21:29:03 +02:00
Thomas Müller
814114ab8e enhance formatDate function to accept an optional argument containing the time zone 2014-09-22 15:03:28 +02:00
Thomas Müller
007802121c requesttoken has now a length of 30 chars 2014-09-10 15:35:21 +02:00
Vincent Petry
9d5f18c02f Added test for needUpgrade for core 2014-09-02 17:28:05 +02:00
Vincent Petry
e05b95636b Fix upgrade process when apps enabled for specific groups
Fix issue where the currently logged user was causing side-effects when
upgrading.
Now setting incognito mode (no user) on update to make sure the whole
apps list is taken into account with getEnabledApps() or isEnabled().
2014-09-02 17:16:14 +02:00
Vincent Petry
7c17452028 Added unit test for default app URL 2014-07-01 16:55:29 +02:00
ringmaster
0e85618c42 Can't use assertInstanceOf on wrapped storage; use assertTrue(instanceOfStorage() instead. 2014-06-04 07:55:46 +02:00
Thomas Müller
ed8e0f0a92 updating unit test expectations 2014-05-28 13:47:27 +02:00
Bjoern Schiessle
12338e0ef0 allow admin to disable sharing for specific groups of users 2014-05-22 10:43:44 +02:00
Lukas Reschke
9d3b639ce6 Remove uneeded newline 2014-04-22 20:11:34 +02:00
Lukas Reschke
589c74e176 Fix indentation 2014-04-22 20:10:46 +02:00
Lukas Reschke
f07180639c Add unit tests for arrays and "
OC_Util::sanitizeHTML() also supports array but we actually had no unit test for it. Additionally this commit introduces a test for escaping " into "
2014-04-22 20:09:55 +02:00
Vincent Petry
797e0a614c Added extra checks for invalid file chars in newfile.php and newfolder.php
- added PHP utility function to check for file name validity
- fixes issue where a user can create a file called ".." from the files UI
- added extra checks to make sure newfile.php and newfolder.php also
  check for invalid characters
2014-02-18 17:54:32 +01:00
Jens-Christian Fischer
506393090b Add 'mail_from_address' configuration
In environments where there are rules for the email addresses, the "from
address" that owncloud uses has to be configurable.

This patch adds a new configuration variable 'mail_from_address'.
If it is configured, owncloud will use this as the sender of *all*
emails. (OwnCloud uses 'sharing-noreply' and 'password-noreply' by
default). By using the 'mail_from_address' configuration, only this
email address will be used.
2014-01-24 14:04:37 +01:00
Vincent Petry
356eef0739 Quota storage wrapper is now used for all users in sharing mode
When accessing a shared folder, the folder's owner appears as mountpoint
but wasn't wrapped by a quota storage wrapper.

This fix makes sure that all home storages are wrapped by a quota
storage wrapper, if applicable, to make sure quotas are respected when
uploading into shared folders.
2013-11-21 12:04:54 +01:00
kondou
9c5416fe4a Clean up \OC\Util
- Use camelCase

 - Add some phpdoc

 - Fix some indents

 - Use some more spacing
2013-08-15 15:57:32 +02:00
kondou
a51af39595 Add unittests
Unittests for:

- search/result

- util

- preferences
2013-08-05 14:47:14 +02:00
Thomas Müller
409268f322 adding test case with no / 2013-07-30 08:54:39 +02:00
Thomas Müller
085fdfec2f adding unit tests for OC_Util::basename 2013-07-29 23:32:03 +02:00
Victor Dubiniuk
c0b210f0d5 Add unit test 2013-07-09 17:46:11 +03:00
Miquel Rodríguez Telep / Michael Rodríguez-Torrent
93a6ed3dab Ensure instanceid contains a letter
instanceid is generated by uniqid() and then used as the
session_name. Because session_name requires at least one letter
and uniqid() does not guarantee to provide that, in the case that
uniqid() generates a string of only digits, the user will be stuck
in an infinite login loop because every request will generate a
new PHP session.
2013-03-26 21:49:32 +00:00
itheiss
410b991221 Move testcase to own test function
Move testcase for getDefaultEmailAddress with mail_domain set in config.php to own test function.
2013-03-26 09:40:27 +01:00
itheiss
d00b2f610e Extend test case for getDefaultEmailAddress()
see #2499
2013-03-22 10:08:53 +01:00
Thomas Mueller
6019cdd5bd adding test case for getDefaultEmailAddress() + fixing #1844 again 2013-03-04 21:10:18 +01:00
Thomas Mueller
ef88ceba8c drop SimpleTest compatibility 2013-01-24 16:47:17 +01:00
Felix Moeller
a4b2ea586d Style: Remove all the dangling white spaces 2012-11-04 22:16:04 +01:00
Thomas Müller
59c2414439 Fixing typo 2012-10-18 23:27:49 +03:00
Thomas Müller
a707fd639d Fixing expectation - comma was stupid anyhow 2012-10-18 22:22:41 +03:00
Lukas Reschke
3fc9fbeef7 Expectation should be first parameter 2012-10-18 18:35:19 +03:00
Lukas Reschke
8a87585c9d Little test for some util.php functions 2012-10-13 14:35:20 +02:00