Commit graph

37692 commits

Author SHA1 Message Date
Joas Schilling
0c0ce25b3c Merge pull request #3881 from nextcloud/downstream-26842
Backbone Webdav Adapter MKCOL support
2017-03-17 13:53:04 +01:00
Joas Schilling
4caae91b83
Fail when the test mail could not be sent
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 13:45:25 +01:00
Joas Schilling
75b81c3e01
Always suggest the overwrite.cli.url
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 13:40:58 +01:00
blizzz
a5c8016c8b Merge pull request #3883 from nextcloud/downstream-26968
Ignore exception when deleting keys of deleted user
2017-03-17 11:33:50 +01:00
Joas Schilling
c65848effe Merge pull request #3878 from nextcloud/downstream-26303
Fixed failing test which was ignoring a required (not null) column
2017-03-17 11:10:21 +01:00
Joas Schilling
70bd819dd2
Cleanup test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 10:59:53 +01:00
Joas Schilling
2f16f3ba44
Fix unit test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 10:39:08 +01:00
Joas Schilling
ebabf81473
Clean up the test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 10:35:22 +01:00
Joas Schilling
bd97b7d130
Use DI
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 10:23:04 +01:00
Roeland Jago Douma
3f331e02f9 Merge pull request #3893 from nextcloud/downstream-27069
Add integration test for trashbin
2017-03-17 10:10:00 +01:00
Joas Schilling
e548d27d3a Merge pull request #3885 from nextcloud/downstream-26529
Skip FailedStorage in background scan
2017-03-17 10:06:58 +01:00
Joas Schilling
5a8129f8ef Merge pull request #3886 from nextcloud/downstream-26995
Chunking NG: Assemble in natural sort order of files
2017-03-17 10:05:25 +01:00
Joas Schilling
199405ddc0
Safer queries
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 09:59:56 +01:00
Joas Schilling
0a1135a7cc
Better output
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 09:59:25 +01:00
Joas Schilling
d504408efd Merge pull request #3894 from nextcloud/downstream-27008
Integration test check download without saving file locally
2017-03-17 09:17:36 +01:00
Joas Schilling
e8750f618b
Correctly escape the footer description from theming
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-17 09:11:41 +01:00
Roeland Jago Douma
51846c95d9 Merge pull request #3856 from nextcloud/escape-likes-in-database-user-backend
Escape like parameters in database user backend
2017-03-17 08:53:10 +01:00
Roeland Jago Douma
57fc7f60d3
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-17 08:51:03 +01:00
Roeland Jago Douma
85601259fb
Add LegacyHooks
Use a helper class to listen to the eventDispatcher calls from the share
manager to emit the old \OC_Hooks

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-17 08:50:56 +01:00
Roeland Jago Douma
5c9baf4ae2
Add unshare event
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-17 08:41:34 +01:00
Roeland Jago Douma
9915aa6d9c Merge pull request #3870 from nextcloud/add-base-uri-to-csp-policy
Add base-uri to CSP policy
2017-03-17 08:39:02 +01:00
Roeland Jago Douma
7a3acff782 Merge pull request #3874 from nextcloud/harden-js-by-disabling-eval-execution
Harden JS by disabling jQuery eval
2017-03-17 08:31:12 +01:00
Roeland Jago Douma
88e68b5058 Merge pull request #3875 from nextcloud/use-new-short-urls
Use cleaner social media URLs
2017-03-17 08:30:07 +01:00
Jörn Friedrich Dreyer
5155a5288c
Add CleanupRemoteStorages command
cleanup files, address review

Fix CleanupRemoteStoragesTest tests

Fix test expectation.
Added files count to check filecache deletion.

Sort by numeric id for deterministic test results

Removed precise order test and added storage check

Remove inaccurate removal message check which has a different order on
Oracle.

Added more checks to confirm that existing storages still exist.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:09:52 -06:00
Philipp Schaffrath
2ccf544ad7
Fixed failing test which was ignoring a required (not null) column (#26303)
* Fixed failing test which was ignoring a required (not null) column

* restored test to original, catching DriverException which also catches ConstraintViolationException

* catch ConstraintViolationException again

* removed unnecessary field from this test

* clobfield should be nullable

* clobfield now is nullable

* removed autoincrement since whenever this strategy is enabled, oracle would not throw constraint violation exceptions (needed for setValues), which mysql still does

* this field does not auto increment anymore

* mark integerfield as primary, since it is not getting marked as such through auto increment anymore,
integerfield default always has been 0 instead of null

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:09:07 -06:00
Vincent Petry
6488ed3cff
Backbone Webdav Adapter MKCOL support
Usually Backbone collections cannot be created and just simply exists.
But in the Webdav world they need to be creatable.

This enhancement makes it possible to use a Backbone Model to represent
such collections and when creating it, it will use MKCOL instead of PUT.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:08:48 -06:00
Vincent Petry
aebb8c3639
Ignore exception when deleting keys of deleted user
Whenever a user was deleted for encryption where the keys are stored in
the home, we can ignore user existence exceptions because it means the
keys are already gone.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:07:23 -06:00
Vincent Petry
377fdf3860
Skip null groups in group manager (#26871) (#26956)
* Skip null groups in group manager (#26871)

* Skip null groups in group manager

* Also skip null groups in group manager's search function

* Add more group null checks in sharing code

* Add unit tests for null group safety in group manager

* Add unit tests for sharing code null group checks

* Added tests for null groups handling in sharing code

* Ignore moveShare optional repair in mount provider

In some cases, data is inconsistent in the oc_share table due to legacy
data. The mount provider might attempt to make it consistent but if the
target group does not exist any more it cannot work. In such case we
simply ignore the exception as it is not critical. Keeping the
exception would break user accounts as they would be unable to use
their filesystem.

* Adjust null group handing + tests

* Fix new group manager tests

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:07:03 -06:00
Vincent Petry
cbebfaaf2b
Skip FailedStorage in background scan
The background job that scans storages must skip failed storages to
avoid potential exceptions, especially when the failed storage comes
from a shared storage where the source is not accessible.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:06:48 -06:00
Markus Goetz
075a606514
Chunking NG: Assemble in natural sort order of files
For https://github.com/owncloud/client/pull/5476

Before this, the assembly could be bogusly in the order 0,1,10,11,2,3 etc.

As per the spec "The name of every chunk should be its chunk number."
https://github.com/cernbox/smashbox/blob/master/protocol/chunking.md

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:06:31 -06:00
Vincent Petry
3740f9bc26
Integration test check download without saving file locally
Use Guzzle stream mode to download the contents instead of using a
temporary local file.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:57:16 -06:00
Morris Jobke
5d29e84118
Add drone.yml config
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:54:13 -06:00
Vincent Petry
659006c234
Add integration test for trashbin
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:53:58 -06:00
Vincent Petry
7256940524
Redirect unlink to rmdir (#27101)
Many API callers will call unlink even for directories and it can mess
up with some wrappers like the encryption wrapper

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:45:03 -06:00
Morris Jobke
cc077e67d7 Merge pull request #2824 from nextcloud/ext-storage-expireversions
Properly expire ext storage versions (#26601)
2017-03-16 23:00:55 -06:00
Morris Jobke
ead9a10cc5 Merge pull request #3619 from nextcloud/fix-scss-for-apps
Fix SCSS usage in apps
2017-03-16 22:51:31 -06:00
Nextcloud bot
5683365a2c
[tx-robot] updated from transifex 2017-03-17 01:07:41 +00:00
Lukas Reschke
86cba3ee45
Use cleaner social media URLs
We now have nice cleaner URLs since a longer time, let's use them.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:45:49 +01:00
Lukas Reschke
39afcbd49f Merge pull request #3679 from nextcloud/socialsharing
Add social sharing
2017-03-16 23:08:47 +01:00
Lukas Reschke
148e7abb51
Harden JS by disabling jQuery eval
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.

This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:03:02 +01:00
Lukas Reschke
c4fe36cc02 Merge pull request #3862 from nextcloud/dont-set-the-status-twice
Don't set the HTTP status twice
2017-03-16 22:05:47 +01:00
Lukas Reschke
d134dea508
Don't call function in constructor
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 21:59:47 +01:00
Lukas Reschke
9e957d0ac9
Adjust integration test
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 20:51:40 +01:00
Morris Jobke
cd4ebe2777 Merge pull request #3008 from nextcloud/appmenu-experiment
Show apps in header
2017-03-16 13:03:41 -06:00
Lukas Reschke
5f8f29508f
Adjust tests to include base-uri
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 18:12:10 +01:00
Roeland Jago Douma
2a9d1a7147 Merge pull request #3863 from nextcloud/additional-hardening-of-t
Harden t() with DOMPurify
2017-03-16 15:54:04 +01:00
Lukas Reschke
adfd1e63f6
Add base-uri to CSP policy
As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 15:16:20 +01:00
Lukas Reschke
6c8d48b0f6
Harden t() with DOMPurify
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 14:17:42 +01:00
Lukas Reschke
793d7d1bd7 Merge pull request #3860 from nextcloud/fix_master_after_3802
Fix unit tests of master
2017-03-16 14:08:32 +01:00
Joas Schilling
3a53784f80
Don't set the HTTP status twice
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 13:35:41 +01:00