Commit graph

61 commits

Author SHA1 Message Date
Joas Schilling
2c39aec8cb Replace deprecated constant with new class constant 2014-11-25 16:30:21 +01:00
Bjoern Schiessle
1d33503487 we no longer need to keep the session open for encryption 2014-11-25 13:37:11 +01:00
Morris Jobke
6fb2477fb7 Merge pull request #12262 from owncloud/removeAbsoluteDirectoryPathFromTemplate
Don't disclose relative directory path for single shared files of user
2014-11-25 10:09:16 +01:00
Lukas Reschke
8589079590 Close session only if encryption app is not enabled
Fixes https://github.com/owncloud/core/issues/12389
2014-11-24 15:02:49 +01:00
Thomas Müller
cbb9caf030 Merge pull request #12226 from owncloud/remove-phpass
Remove phpass and migrate to new Hasher interface
2014-11-20 14:59:59 +01:00
Lukas Reschke
a6ebb17610 Remove unused variable and make Scrutinizer happy. 2014-11-18 18:52:00 +01:00
Lukas Reschke
f3ab4f3faf Don't disclose relative directory path for single shared files of user
The "dir" key is used within the public sharing template to indicate in which directory the user currently is when sharing a directory with subdirectories. This is needed by the JS scripts.

However, when not accessing a directory then "dir" was set to the relative path of the file (from the user's home directory), meaning that for every public shared file the sharee can see the path.
(For example if you share the file "foo.txt" from "finances/topsecret/" the sharee would still see the path "finances/topsecret/" from the shared HTML template)

This is not the excpected behaviour and can be considered a privacy problem, this patch addresses this by setting "dir" to an empty key.
2014-11-18 18:51:57 +01:00
Lukas Reschke
1b85f40cbe $file only contains the filename and not the absolute path, that means that files in a subdirectory will not get properly resolved and an empty filesize is returned.
This feature only exists on master.
2014-11-18 17:14:26 +01:00
Lukas Reschke
8595b76df2 Remove phpass and migrate to new Hasher interface
This PR removes phpass and migrates to the new Hasher interface.

Please notice that due to https://github.com/owncloud/core/issues/10671 old hashes are not updated but the hashes are backwards compatible so this shouldn't hurt.
Once the sharing classes have a possibility to update the passwords of single shares those methods should be used within the newHash if block.
2014-11-17 13:39:13 +01:00
Vincent Cloutier
fad621140b Added download size on public sharing 2014-11-14 16:26:59 +01:00
Lukas Reschke
988c85d292 Refactor file sharing public link handling
fixes download issue introduced by #10755

Conflicts:
	apps/files_sharing/public.php
2014-11-14 16:26:59 +01:00