Commit graph

23810 commits

Author SHA1 Message Date
Lukas Reschke
284bd6647c Merge pull request #14759 from owncloud/clean-up-code
Clean-up code and use proper exception types
2015-03-10 14:18:21 +01:00
Thomas Müller
4ffca58bc4 don't rely on \OCP\User::getUser() - it is not set properly in case of async operations 2015-03-10 11:47:52 +01:00
Thomas Müller
7cb6811a7b tearDown the filesystem right before setting it up again 2015-03-10 11:47:06 +01:00
Lukas Reschke
6dc59019af Merge pull request #14346 from owncloud/storage-based-path-validation
adding storage specific filename verification
2015-03-10 11:02:47 +01:00
Thomas Müller
214fa44400 Merge pull request #14534 from owncloud/add-child-src
Add support for 'child-src' directive
2015-03-10 10:30:44 +01:00
Robin Appelman
dcd2d7aff5 Add unit tests for external share mananger 2015-03-10 10:17:53 +01:00
Lukas Reschke
48243a2949 Allow iframes from same domain in share view
This is required because the PDF Viewer itself is embedded using an iframe from the same domain. The default policy is blocking this.

Going on further, we have to come up with a solution in the future how to handle previews by applications, one example might be that they call their own endpoint and not the generic share page to allow applications to have full control over how to display previews.

Anyways, to test this behaviour use a decent newer browser (such as Chrome 41) and share a PDF file, obviously the PDF viewer needs to be enabled as well. Without this patch publicly shared PDF files should not get previewed and an error is thrown. (if it isn't then your browser is probably not obeying our Content-Security-Policy and you might consider switching to another one ;))
2015-03-10 10:06:15 +01:00
Joas Schilling
87431605b8 Add test for UniqueConstraintViolationException on wrong key 2015-03-10 09:26:45 +01:00
Jenkins for ownCloud
e069d9d3f9 [tx-robot] updated from transifex 2015-03-10 01:55:39 -04:00
Thomas Müller
c8ed88f4d6 Merge pull request #14689 from owncloud/better-missing-resource-handling
Log errors and create 404 in network list when a css or js is missing
2015-03-09 23:33:25 +01:00
Thomas Müller
2f61884956 Merge pull request #14753 from owncloud/verify-csrf-token-earlier
Verify CSRF token already in update.php and not the EventSource code
2015-03-09 23:06:15 +01:00
Thomas Müller
89be55a672 let insertIfNotExist() throw the native DBALException - no need to hide the real exception 2015-03-09 22:37:49 +01:00
Thomas Müller
b966a4eb17 Adding unit test which shows insertIfNotExists to fall apart in certain situations 2015-03-09 22:37:49 +01:00
Joas Schilling
2747a83a49 Get the id before using it 2015-03-09 22:37:49 +01:00
Joas Schilling
3115d66d60 Better save then sorry 2015-03-09 22:37:49 +01:00
Joas Schilling
940163e16b insertIfNotExists() for storage insertion 2015-03-09 22:37:49 +01:00
Joas Schilling
c917ea183c Only check unique keys for the comparison on filecache insert & update otherwise 2015-03-09 22:37:49 +01:00
Joas Schilling
8fa692388b Allow specifying the compare-array for insertIfNotExists() 2015-03-09 22:37:49 +01:00
Morris Jobke
94b7fa17c5 Merge pull request #14720 from owncloud/fix-shareetagpropagation
Fix size propagation over shared storage boundary
2015-03-09 16:24:06 +01:00
Morris Jobke
d34662122d Merge pull request #14429 from owncloud/issue/14176-validate-timezone-before-using
Etc timezones don't exist for .5 and .75 offsets
2015-03-09 16:16:16 +01:00
Vincent Petry
ec19d9c267 Add unit test for size propagation across share boundaries 2015-03-09 12:56:22 +01:00
Joas Schilling
01cd83a902 Merge pull request #14713 from owncloud/issue/14671-preview-delete-check-for-valid-fileid
Check whether the file id is valid, before using it to delete the previews
2015-03-09 11:56:46 +01:00
Lukas Reschke
2ac6f3a4f5 Clean-up code and use proper exception types 2015-03-09 11:48:55 +01:00
Joas Schilling
a12e16e985 Check whether the file id is valid, before using it to delete the previews 2015-03-09 11:25:18 +01:00
Thomas Müller
3623f14e73 no translation service in common storage class 2015-03-09 10:38:38 +01:00
Thomas Müller
2367797c17 Respect http header 'Accept-Language' on ocs and remote.php calls 2015-03-09 10:38:38 +01:00
Thomas Müller
33b11682f9 translate error messages 2015-03-09 10:38:38 +01:00
Lukas Reschke
2f18a09a20 Optimize loop 2015-03-09 10:38:38 +01:00
Thomas Müller
abacfd84da fixing js unit tests 2015-03-09 10:38:38 +01:00
Thomas Müller
e28d314b53 deprecate isValidFileName() 2015-03-09 10:38:38 +01:00
Thomas Müller
49e1a81eba fixing namespaces and PHPDoc 2015-03-09 10:38:37 +01:00
Thomas Müller
4bac595068 adding storage specific filename verification - refs #13640 2015-03-09 10:38:37 +01:00
Lukas Reschke
c0a02f1615 Verify CSRF token already in update.php and not the EventSource code
Issue report:
> Hum, well I upgraded the package then visited the web interface to
trigger the update and it failed; the UI would say there was a
possible CSRF attack and after that it'd be stuck in maintenance mode.
Tried a few times (by editing maintenance to false in owncloud.conf)
and same result each time.

That smells partially like an issue caused by our EventSource implementation, due to legacy concerns the CSRF verification happens within the EventSource handling and not when the actual endpoint is called, what happens here then is:

1. User has somehow an invalid CSRF token in session (or none at all)
2. User clicks the update button
3. Invalid CSRF token is sent to update.php - no CSRF check there => Instance gets set in maintenance mode
4. Invalid CSRF token is processed by the EventSource code => Code Execution is stopped and ownCloud is stuck in maintenance mode

I have a work-around for this problem, basically it verifies the CSRF token already in step 3 and cancels execution then. The same error will be shown to the user however he can work around it by refreshing the page – as stated by the error. I think that’s an acceptable behaviour for now: INSERT LINK

To verify this test:

1. Delete your ownCloud cookies
2. Increment the version in version.php
3. Try to upgrade
=> Before the patch: Instance shows an error, is set to upgrade mode and a refresh does not help
=> After the patch: Instance shows an error, a refresh helps though.

This is not really the best fix as a better solution would be to catch such situations when bootstrapping ownCloud, however, I don’t dare to touch base.php for this sake only, you never know what breaks then…

That said: There might be other bugs as well, especially the stacktrace is somewhat confusing but then again it installing ownCloud under /usr/share/owncloud/ and I bet that is part of the whole issue ;-)
2015-03-09 10:07:30 +01:00
Thomas Müller
fccede8f50 Merge pull request #14750 from owncloud/possible-fix-for-OC_Version
proper filename for "require version.php"
2015-03-09 09:55:21 +01:00
Morris Jobke
348fe105b1 Merge pull request #14706 from owncloud/ldap-reset-paged-search-on-null-limit
LDAP: set up paged search even if limit is 0
2015-03-09 08:12:25 +01:00
Morris Jobke
d550143ba0 proper filename for "require version.php" 2015-03-09 08:03:28 +01:00
Morris Jobke
674654c210 Merge pull request #14743 from owncloud/autoconfig-password
Convert 'abcpassword' to 'abcpass' during setup
2015-03-09 07:54:22 +01:00
Jenkins for ownCloud
174f8cef64 [tx-robot] updated from transifex 2015-03-09 01:54:36 -04:00
Jenkins for ownCloud
377165ae51 [tx-robot] updated from transifex 2015-03-08 01:54:36 -05:00
Robin McCorkell
f43b047636 Convert 'abcpassword' to 'abcpass' during setup
This allows autoconfig files to use 'dbpassword' instead of 'dbpass', which
is more consistent with config.php
2015-03-07 13:10:43 +00:00
Jenkins for ownCloud
73c2157171 [tx-robot] updated from transifex 2015-03-07 01:54:37 -05:00
Morris Jobke
81dc550af0 Merge pull request #14736 from owncloud/errors-list
adjust list of errors, more compact and readable
2015-03-06 23:13:44 +01:00
Lukas Reschke
60c507cd4e Merge pull request #14722 from owncloud/master-14711
Fix totally broken AppStore code...
2015-03-06 18:52:12 +01:00
Thomas Müller
a77a6f3b48 Merge pull request #14734 from owncloud/unit-test-insertIfNotExist
[sqlite] Use an atomic implementation on sqlite for insertIfNotExist() + use it in the file cache ...
2015-03-06 18:20:22 +01:00
Thomas Müller
1b08b7c726 use insertIfNotExist() in cache put 2015-03-06 15:32:58 +01:00
Jan-Christoph Borchardt
db02edd7c8 adjust list of errors, more compact and readable 2015-03-06 15:27:21 +01:00
Thomas Müller
4e37831d85 Fix PHPDoc on the way .... 2015-03-06 14:54:57 +01:00
Thomas Müller
987b683895 Use an atomic implementation on sqlite for insertIfNotExist() 2015-03-06 14:54:54 +01:00
Jenkins for ownCloud
d11f040720 [tx-robot] updated from transifex 2015-03-06 01:54:52 -05:00
Lukas Reschke
d5a8225c0e Fix totally broken AppStore code...
As it turned out the AppStore code was completely broken when it came from apps delivered from the appstore, this meant:

1. You could not disable and then re-enable an application that was installed from the AppStore. It simply failed hard.
2. You could not disable apps from the categories but only from the "Activated" page
3. It did not show the activation state from any category page

This code is completely static and thus testing it is impossible. We really have to stop with "let's add yet another feature in already existing static code". Such stuff has to get refactored first.

That said, this code works from what I can say when clicking around in the AppStore page GUI. However, it may easily be that it does not work with updates or whatsever as I have no chance to test that since the AppStore code is not open-source and it is impossible to write unit-tests for that.

Fixes https://github.com/owncloud/core/issues/14711
2015-03-06 00:16:17 +01:00