Commit graph

256 commits

Author SHA1 Message Date
Morris Jobke
aa10825026 update deprecation message 2015-10-14 14:08:45 +02:00
Joas Schilling
e2806b0ae8 Update list of deprecated methods 2015-10-14 14:08:45 +02:00
Morris Jobke
b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Thomas Müller
b2dd5cb616 save excluded groups in json format - fixes #10983 2015-10-01 15:37:55 +02:00
Thomas Müller
68bf4440d3 Merge pull request #19293 from owncloud/individual-it-move_initTemplate
[jenkins] do not load unnecessary code in case of webdav
2015-09-25 13:49:51 +02:00
Individual IT Services
db84791bb0 Todo for myself to eliminate double code
This will be in a new PR
2015-09-25 15:43:12 +05:45
Individual IT Services
2e42f99d00 add $prepend option to addStyle() & addVendorStyle() 2015-09-25 15:41:55 +05:45
Individual IT Services
bf1cb20e90 do not load unnecessary code in case of webdav
changing from "protected static" to "protected"
as suggested by @nickvergessen
https://github.com/owncloud/core/pull/19114#discussion_r39719851

moving initTemplate() into template constr.

reduce to move initTemplate only

cleanup spaces
2015-09-23 11:57:10 +02:00
Martin
491250320a Replaces if ($file === '.' || $file === '..') by if(\OC\Files\Filesystem::isIgnoredDir($file)). Eases to find where this operation is used. 2015-09-22 17:53:15 +02:00
Morris Jobke
c4c9c5ffad Merge pull request #18684 from owncloud/explicit-upgrade-version
Explicit upgrade version + prevent downgrades
2015-09-09 11:08:55 +02:00
Lukas Reschke
a03422c55a Cache generated result
Saves 50ms
2015-09-08 21:28:15 +02:00
Bjoern Schiessle
37513f9411 don't read certificates if ownCloud is not installed 2015-08-30 19:00:03 +02:00
Vincent Petry
d5b0b55eef Throw exception on downgrade attempt 2015-08-30 18:07:22 +02:00
Lukas Reschke
8313a3fcb3 Add mitigation against BREACH
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
Vincent Petry
b3a1aef934 Merge pull request #13641 from owncloud/cache-storage-status
Store storage availability in database
2015-08-07 17:31:03 +02:00
Thomas Müller
c3cac887f5 - more injection
- less static calls
- use params on sql queries
- handle sql exception on database and user creation gracefully
2015-07-30 00:04:30 +02:00
Robin McCorkell
df19cabb44 Store storage availability in database
Storage status is saved in the database. Failed storages are rechecked every
10 minutes, while working storages are rechecked every request.

Using the files_external app will recheck all external storages when the
settings page is viewed, or whenever an external storage is saved.
2015-07-20 16:27:26 +01:00
Morris Jobke
d52e197b0d Merge pull request #16965 from owncloud/getUserFolder-in-IRootFolder
Add getUserFolder to IRootFolder
2015-07-09 14:29:47 +02:00
Thomas Müller
1385b1ec48 Remove OC_Appconfig 2015-07-03 18:00:16 +02:00
Thomas Müller
d3ac73c0c9 Remove OC_Log 2015-07-03 18:00:16 +02:00
Vincent Petry
cc373ab89a Merge pull request #15470 from rullzer/files_sharing_getUrlContent
Move away from private static function OC_Util::getUrlContent
2015-07-03 17:47:46 +02:00
Morris Jobke
3e97ca3b96 Add getUserFolder to IRootFolder
* untangle DI of user specific folders
* allows to autodetect the dependency
2015-07-03 11:11:58 +02:00
Morris Jobke
f63915d0c8 update license headers and authors 2015-06-25 14:13:49 +02:00
Victor Dubiniuk
4239054383 Add type hint for OC_Channel 2015-05-27 18:03:11 +03:00
Thomas Müller
3babcd0344 Merge pull request #16339 from owncloud/master-override-channel
Allow change update channel via public API
2015-05-26 11:42:41 +02:00
Vincent Petry
7386257676 Merge pull request #16075 from owncloud/skeleton-copy-delay
wait with copying the skeleton untill login and setupfs are done
2015-05-20 13:52:08 +02:00
Christian Hoffmann
35207ae363 Clean-up of orthography, grammar
* Changed "instead to" to "instead of".
* Changed "setup" to "set up" (past participle).
2015-05-19 21:15:22 +02:00
Robin Appelman
077d41a9ce wait with copying the skeleton untill login and setupfs are done 2015-05-18 12:11:31 +02:00
Roeland Jago Douma
9866066d3e Depreatace OC_Util::getUrlContent
It is just a wrapper and the other functions are deprecated already
2015-05-18 11:03:48 +02:00
Victor Dubiniuk
af814ba270 Allow change update channel via public API 2015-05-13 20:29:33 +03:00
Lukas Reschke
cbfdbf96d2 Mute XCache error when trying to clear the opcode cache
From https://github.com/owncloud/core/issues/16287:

> This is caused by XCache at 8e59d4c64b/lib/private/util.php (L1276) where we are trying to reset the opcode cache with `XC_TYPE_PHP`.
> I suspect that while XCache is installed its opcode component is not used. Unfortunately, the XCache API is not really properly documented and thus I don't know what API we would have to call to check whether the `XC_TYPE_PHP` cache is populated. In fact, there is an [open XCache bug](http://xcache.lighttpd.net/ticket/176) since 7 years that discusses this problem and is likely to never get fixed since XCache is abandonware.

Fixes https://github.com/owncloud/core/issues/16287
2015-05-12 19:22:39 +02:00
Lukas Reschke
11310355ed Don't depend on always_populate_raw_post_data 2015-05-05 12:36:15 +02:00
Lukas Reschke
7c5558327d Check mbstring.func_overload only if the mb module is installed.
Fixes https://github.com/owncloud/core/issues/14670
2015-05-04 17:13:25 +02:00
Lukas Reschke
64393b4c03 Remove PHP 5.4 warning in checkSetup
This is catched in index.php as older PHP versions will never execute the code path until there due to 5.4 syntax changes.
2015-05-04 17:11:17 +02:00
Lukas Reschke
4b9e034968 Remove hard-dependency on disabled output_buffering
This removes the hard-dependency on output buffering as requested at https://github.com/owncloud/core/issues/16013 since a lot of distributions such as Debian and Ubuntu decided to use `4096` instead of the PHP recommended and documented default value of `off`.

However, we still should encourage disabling this setting for improved performance and reliability thus the setting switches in `.user.ini` and `.htaccess` are remaining there. It is very likely that we in other cases also should disable the output buffering but aren't doing it everywhere and thus causing memory problems.

Fixes https://github.com/owncloud/core/issues/16013
2015-05-04 14:15:15 +02:00
Lukas Reschke
0abce86b31 Disallow Windows Server in Server Check
Will prevent users from use ownCloud on Windows Server 🙈
2015-04-09 15:56:37 +02:00
Thomas Müller
bf809ac85a Removing left overs from old encryption app 2015-04-07 13:30:29 +02:00
Robin Appelman
f585994c4b setup mount manager before wrappers 2015-04-02 13:28:36 +02:00
Robin Appelman
3cb53b7756 setup storage wrappers before setting up the filesystem 2015-04-01 17:12:06 +02:00
Lukas Reschke
65202d2a18 Add check for activated local memcache
Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it.

Fixes https://github.com/owncloud/core/issues/14956
2015-03-28 13:59:22 +01:00
Robin McCorkell
1511a42da7 Check for relative datadirectory path 2015-03-27 23:29:46 +00:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Lukas Reschke
5f044ebf1b Add wrapper for Guzzle 2015-03-25 16:04:41 +01:00
Robin Appelman
73874ca27f Merge pull request #14704 from owncloud/storage-wrapper-mount
pass mountpoint to storage wrapper callback
2015-03-19 16:20:38 +01:00
Robin Appelman
8f9ddef435 kill fileoperations proxy
check is now handled by storage backends
2015-03-18 15:04:28 +01:00
Lukas Reschke
00f5025ff1 Add cURL as hard-dependency
It is required by other functionalities such as S2S anyways and ownCloud will fail hard at a lot of places without it.
2015-03-12 18:39:54 +01:00
Robin Appelman
7adda88786 Copy mount options to the storage 2015-03-11 15:06:48 +01:00
Thomas Müller
6c1a1234f8 Properly handle available databases at runtime and respect setup checks in command line as well 2015-03-11 09:27:12 +01:00
Thomas Müller
81fa9550a0 No need to restart the web server in cli mode 2015-03-11 09:27:12 +01:00
Lukas Reschke
6dc59019af Merge pull request #14346 from owncloud/storage-based-path-validation
adding storage specific filename verification
2015-03-10 11:02:47 +01:00