Lukas Reschke
8313a3fcb3
Add mitigation against BREACH
...
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:
1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data
Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.
To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
Morris Jobke
1f96fb3352
Merge pull request #18279 from owncloud/fix-ldap-proxy-everyonecount
...
also don't count group members when more than 1 ldap configs are active
2015-08-13 17:18:09 +02:00
Jan-Christoph Borchardt
4e53b5922d
Merge pull request #18178 from owncloud/files-sidebar-actions
...
Sidebar file actions
2015-08-13 17:17:10 +02:00
Robin Appelman
00deffdd47
update icewind/smb to 1.0.3
2015-08-13 16:28:44 +02:00
Morris Jobke
af7ffe5492
Merge pull request #18262 from owncloud/add-basic-tests-for-scanners
...
Add a basic unit test which notifies us about incompatible extending
2015-08-13 15:36:17 +02:00
Arthur Schiwon
571e99b152
also don't count group members when more than 1 ldap configs are active
2015-08-13 14:44:17 +02:00
Joas Schilling
20d8576d3d
Fix config map provider for tests
2015-08-13 13:07:49 +02:00
Joas Schilling
70504920e7
Fix default values of sharing capabilities
...
The problem is the UI used a different default than the capabilities.
So when you never touched the config, the setting in admins said "disabled"
while the capabilities said "enabled".
2015-08-13 12:46:52 +02:00
Joas Schilling
acc452ae74
Add a basic unit test which notifies us about incompatible extending
2015-08-13 11:38:10 +02:00
Thomas Müller
1d219cf799
With V2 we should ensure that the status codes are kept in sync
2015-08-13 10:45:25 +02:00
Vincent Petry
55dc74bba4
Merge pull request #16543 from rullzer/files_sharing_proper_function_args
...
files_sharing private function to proper signature
2015-08-13 10:13:21 +02:00
Vincent Petry
b811124aac
Merge pull request #18231 from owncloud/fix-show-shared-storage-full-temporary
...
Show storage full warning for shared storages temporary
2015-08-13 10:05:53 +02:00
Jan-Christoph Borchardt
970440f604
Merge pull request #18122 from owncloud/replace-tipsy
...
Replace tipsy with tooltip
2015-08-13 09:12:53 +02:00
Morris Jobke
6f909b19cc
Merge pull request #17785 from owncloud/snapjs-sensitivity
...
fix mobile scrolling, lower sidebar sensitivity, fix #11193
2015-08-12 23:20:08 +02:00
Hendrik Leppelsack
e5444a1a5d
replace tipsys with tooltips
2015-08-12 23:09:49 +02:00
Morris Jobke
9872411909
Merge pull request #18242 from owncloud/password-feedback
...
more understandable 'Wrong password' feedback
2015-08-12 22:55:50 +02:00
Lennart Rosam
b91186c503
Fix 17677
2015-08-12 22:18:28 +02:00
Jan-Christoph Borchardt
e16cf0c45f
more understandable 'Wrong password' feedback
2015-08-12 18:43:09 +02:00
Vincent Petry
c964eff17b
Make file actions work from sidebar
...
The favorite icon in the sidebar now triggers the file action and also
updates itself according to the model's state when triggered from the
file row.
The thumbnail triggers the default action.
Currently only one FileInfoModel is used for the selection and state
synchronization between views.
FileList reload now auto-closes the sidebar.
2015-08-12 17:30:20 +02:00
Vincent Petry
997577cf7a
Introduce FileInfoModel
...
FileInfoModel is a backbone model that will make it possible to track
changes and update views accordingly
2015-08-12 17:29:54 +02:00
Vincent Petry
aac7c19ab7
Fix showMenu animation callback
2015-08-12 17:28:55 +02:00
Morris Jobke
e6bf4e559a
Show strage full warning for shared storages temporary
...
* removed the setDefault call because then it will always be
reshown
* was added with ba475d4862
* fixes #18208
2015-08-12 14:14:43 +02:00
Thomas Müller
326de6f9b4
Merge pull request #18065 from owncloud/new-trashbin-retention
...
New trashbin retention
2015-08-12 13:13:45 +02:00
Thomas Müller
abd3d5c6a5
Merge pull request #17982 from owncloud/appframework-sanitize-name
...
Sanitize class names before registerService/query
2015-08-12 12:19:24 +02:00
Thomas Müller
33727131ac
Merge pull request #17865 from rullzer/less_static_prov_api
...
Move Provisioning API to OCP
2015-08-12 12:16:55 +02:00
Thomas Müller
eb13cb8d75
Merge pull request #18127 from owncloud/dav-request-tests
...
add test framework for doing full request webdav tests
2015-08-12 10:07:20 +02:00
Robin McCorkell
24e45d5954
Merge pull request #18207 from owncloud/bump-version
...
Bump version patch number, fixes #18129
2015-08-11 17:43:41 +01:00
Robin McCorkell
cd5342d0ff
Merge pull request #18202 from owncloud/revert-route-breaking-changes
...
Revert route breaking changes
2015-08-11 15:28:06 +01:00
Robin McCorkell
fa8b1074e8
Bump version patch number, fixes #18129
2015-08-11 14:43:32 +01:00
Roeland Jago Douma
b41bccd385
Check for userSession->getUser() === null
2015-08-11 15:37:06 +02:00
Roeland Jago Douma
b25c3beb2f
[provisioning api] Fix grouptest
2015-08-11 15:22:59 +02:00
Roeland Jago Douma
77b6e3d5ec
Extend tests for files_sharing api
2015-08-11 15:16:35 +02:00
Roeland Jago Douma
f2e0c98a9b
Move private functions to proper list of arguments
...
Some private static functions in the OCS Share API
(files_sharing/api/local.php) take a params array with all the info
inside. This is bad for the limited type checking and is not clear.
2015-08-11 15:16:22 +02:00
Jan-Christoph Borchardt
d04a6bce6f
Merge pull request #17709 from owncloud/fileactions-dropdown
...
Move file actions to dropdown
2015-08-11 15:13:59 +02:00
Robin Appelman
b7cbff23d9
handle single file dav endpoints
2015-08-11 14:46:46 +02:00
Robin Appelman
fd35365041
only add tags plugin when loggedin
2015-08-11 14:43:46 +02:00
Robin Appelman
d15870b998
fix setup/teardown
2015-08-11 14:43:46 +02:00
Robin Appelman
b0c8654f9e
split out creating the sabre dav server to it's own factory
2015-08-11 14:43:46 +02:00
Robin Appelman
8c5302847b
add test framework for doing full request webdav tests
2015-08-11 14:43:46 +02:00
Robin McCorkell
cd0a2874de
Merge pull request #17852 from owncloud/register-alias-factory
...
Add test for factories
2015-08-11 13:30:56 +01:00
Joas Schilling
32ccd66214
Revert "make knowledge base url configurable"
...
This reverts commit 8fb89056bd
.
2015-08-11 14:20:25 +02:00
Joas Schilling
c16fd29f29
Revert "Only load app routes if the app has already been loaded"
...
This reverts commit 50ebea41f6
.
2015-08-11 14:19:59 +02:00
Thomas Müller
aed068b237
Merge pull request #17868 from owncloud/x-forwarded-for
...
Set default 'forwarded for' headers for reverse proxy
2015-08-11 14:02:46 +02:00
Thomas Müller
d5bba42030
Merge pull request #17932 from owncloud/fix_move_files
...
make sure that hooks are emitted properly on file move operation
2015-08-11 13:54:09 +02:00
Roeland Jago Douma
2148120883
[provisioning api] Test for correct displayname
2015-08-11 13:01:37 +02:00
Roeland Jago Douma
4bffe393e9
Declare fields
2015-08-11 12:51:00 +02:00
Roeland Jago Douma
934f98b592
[provisioning api] Improve apps test coverage
2015-08-11 12:47:57 +02:00
Roeland Jago Douma
ed1f034e6b
Fix groups
2015-08-11 12:47:42 +02:00
Morris Jobke
0abc637782
Merge pull request #18171 from owncloud/fix-language-of-files-activities-in-emails
...
Correctly make use of the languageCode argument in the files activity extension
2015-08-11 12:34:58 +02:00
Roeland Jago Douma
96949649f0
[provisioning api] improve coverage for groups
2015-08-11 11:47:01 +02:00