wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
33047 commits 157 branches 562 tags 714 MiB
Commit graph

13729 commits

Author SHA1 Message Date
Lukas Reschke
5b65591d84 Do not allow directory traversal using "../" 
We should not allow directory traversals using "../" here.

To test access the following URL once with and then without this patch:

http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
 2016-07-01 13:36:05 +02:00
Björn Schießle
8e002b6155 Merge pull request #255 from nextcloud/dav-permission-check 
add some additonal permission checks to the webdav backend
 2016-06-30 14:41:23 +02:00
Bjoern Schiessle
26e14529be fix error message 2016-06-30 13:50:31 +02:00
Lukas Reschke
149218ead9 Fix tests 2016-06-30 13:46:08 +02:00
Lukas Reschke
c771368c4e Add proper throws PHP docs 2016-06-30 13:19:50 +02:00
Lukas Reschke
1e7f0f7341 Add required $message parameter 2016-06-30 13:17:53 +02:00
Bjoern Schiessle
1b74cf72fb check permissions before rollback 2016-06-30 11:27:25 +02:00
Bjoern Schiessle
3571207bd9 add some additonal permission checks to the webdav backend 2016-06-30 11:16:49 +02:00
Morris Jobke
409672d981 Fix update notification text 
* thanks to ungesundes_halbwissen @ transifex
 2016-06-29 16:05:51 +02:00
Bjoern Schiessle
5f6944954b get only vcard which match both the address book id and the vcard uri 2016-06-28 16:11:06 +02:00
Morris Jobke
b6397ef73a Merge pull request #236 from nextcloud/master-sync-upstream 
[Master] sync upstream
 2016-06-28 09:02:03 +02:00
Marius Blüm
52f6d97e4e Merge pull request #235 from nextcloud/fix-app-code 
Add app:check-code for already compatible apps
 2016-06-27 23:02:32 +02:00
Lukas Reschke
e0445856b9 Merge pull request #59 from nextcloud/theming-app 
Theming app
 2016-06-27 21:14:40 +02:00
Lukas Reschke
cd74ad55e4 Only save when value changed or enter is pressed 2016-06-27 20:46:12 +02:00
Lukas Reschke
a08c4a2b13 Add tooltip 2016-06-27 20:36:23 +02:00
Lukas Reschke
6670d37658 Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-06-27 18:23:00 +02:00
Morris Jobke
cee2f5dc65 Merge pull request #233 from nextcloud/allow-users-to-change-global-credentials 
Allow regular users to specify global credentials password
 2016-06-27 17:03:19 +02:00
Morris Jobke
5961d5aae4 Add app:check-code for already compatible apps 
* admin_audit, comments, federation
* removed not needed call to OC_Util::checkAdminUser() (is already
  done by the request handler before)
 2016-06-27 16:50:10 +02:00
Lukas Reschke
341dabf300 Merge pull request #190 from nextcloud/add-wnd-1 
Add "Login credentials" and "User Provided"
 2016-06-27 16:15:31 +02:00
Vincent Petry
f8fa031e9f Merge pull request #25273 from owncloud/ext-fixsessioncredentialsnolazyload 
Quickfix: do not lazy load auth mechanisms for ext storages
 2016-06-27 14:57:29 +02:00
Vincent Petry
1d4c61af47 Merge pull request #25237 from owncloud/search-filelistnextpageresults 
Prerender file list pages to include search results
 2016-06-27 13:46:25 +02:00
Lukas Reschke
1cd255af56
Allow regular users to specify global credentials password 
While the UI is existent the feature simply doesn't work because admin privileges are required for the controller. This adds proper permission checks and also unit tests.

To test this:
1. Enable external storage
2. Login as non-admin user
3. Go to personal page and try to change global credentials
 2016-06-27 12:29:27 +02:00
Vincent Petry
199c8e304c Merge pull request #25250 from owncloud/linkshare-includedeletewithuploadperms 
Add explicit delete permission to link shares
 2016-06-27 12:14:05 +02:00
Vincent Petry
0d3de20b02 Quickfix: do not lazy load auth mechanisms for ext storages 
Some auth mechanisms like SessionCredentials need to register hooks
early, so they cannot be lazy loaded.
 2016-06-27 10:50:10 +02:00
Lukas Reschke
f7f86d61c4 Add comment to "getMailHeaderColor" 2016-06-27 10:48:28 +02:00
Lukas Reschke
51646bb3f6 Use stream instead of rename 2016-06-27 10:47:44 +02:00
Lukas Reschke
0a5c5d9b03 Replace OC_Defaults with \OC::$server->getThemingDefaults() 2016-06-27 10:34:08 +02:00
Jan-Christoph Borchardt
261396019d design and layout fixes for Theming app 2016-06-27 10:26:24 +02:00
Bjoern Schiessle
24144b16d0 make sure that the preview gets updated every time a new image gets uploaded 2016-06-27 10:26:24 +02:00
Bjoern Schiessle
79269427d7 scale preview image 2016-06-27 10:26:24 +02:00
Lukas Reschke
433e8ea123 Disable drop zone 
Otherwise dropping something somewhere can by mistake upload the file and make it available
 2016-06-27 10:26:23 +02:00
Lukas Reschke
a0e92b5fb0 Fix indentation 2016-06-27 10:26:23 +02:00
Lukas Reschke
27b699bdbc Migrate logic to dynamic controller 
Also adds support for having custom login backgrounds
 2016-06-27 10:26:23 +02:00
Bjoern Schiessle
cc321bc140 add some visual feedback if the operation was succesful or not 2016-06-27 10:26:22 +02:00
Bjoern Schiessle
10f6ca20bc write theme settings to database 2016-06-27 10:26:22 +02:00
Jan-Christoph Borchardt
363b76faee basic information architecture for the theming app 2016-06-27 10:26:22 +02:00
Bjoern Schiessle
20d250a674 initial commit for the theming app 2016-06-27 10:26:22 +02:00
Vincent Petry
f65787ffdc Merge pull request #25247 from owncloud/fed-unshare-fail 
Remove a fed share from the local table before trying to notify the remote server
 2016-06-27 09:58:13 +02:00
Jenkins for ownCloud
ee90bef50a [tx-robot] updated from transifex 2016-06-27 01:55:57 -04:00
Lukas Reschke
7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync 2016-06-26 12:55:05 +02:00
Jenkins for ownCloud
52eab2a61a [tx-robot] updated from transifex 2016-06-26 01:55:53 -04:00
Jenkins for ownCloud
3d65979f0a [tx-robot] updated from transifex 2016-06-25 01:56:48 -04:00
Christoph Wurst
c295523ae2 Merge pull request #25259 from owncloud/search-fixsearchfromotherfilelists 
Fix search result link for file results outside default list
 2016-06-24 17:12:02 +02:00
Christoph Wurst
e9a0a6d83a Merge pull request #25257 from owncloud/comments-showerroronsave 
Show error message when posting an invalid comment
 2016-06-24 17:11:20 +02:00
Vincent Petry
b4cf297758 Prerender file list pages to include search results 
When filtering the file list, if a result is on an unrendered page,
make sure to call _nextPage() to prerender the pages in order to
display all matching results.
 2016-06-24 13:55:14 +02:00
Vincent Petry
39b533d0d8
Hide search results after switching directory 
When clicking on a folder result in the search result list, the result
box for "results in another folder" must disappear.
 2016-06-24 11:32:14 +02:00
Vincent Petry
bf3ee69d86
Fix search result link for file results outside default list 
When outside the "All files" list, the search result link must properly
redirect to the "All files" list.
 2016-06-24 11:31:29 +02:00
Vincent Petry
04e3da0cf5 Merge pull request #25171 from owncloud/files_external-list-all 
Add option to `occ files_external:list` to show all configured mounts
 2016-06-24 10:18:14 +02:00
Vincent Petry
56ad4cdfec
Show error message when posting an invalid comment 
When an internal server error occurs while creating or updating a
comment, display a proper error notification in the UI.
 2016-06-24 10:17:12 +02:00
Vincent Petry
955635c7aa Add explicit delete permission to link shares 
Link shares always allowed deletion, however internally the permissions
were stored as 7 which lacked delete permissions. This created an
inconsistency in the Webdav permissions.

This fix makes sure we include delete permissions in the share
permissions, which now become 15.

In case a client is still passing 7 for legacy reasons, it gets
converted automatically to 15.
 2016-06-24 09:48:48 +02:00