Commit graph

22971 commits

Author SHA1 Message Date
Morris Jobke
75a7bcb10c Merge pull request #14199 from owncloud/cast-type-manually
Manually type-cast all AJAX files
2015-02-19 17:19:54 +01:00
Thomas Müller
df58eea93f Merge pull request #13505 from owncloud/streamline-scanning-code
Streamline auth and CSRF check in scan.php
2015-02-19 16:35:05 +01:00
Thomas Müller
767dd4bde7 Merge pull request #14267 from owncloud/encode-eventsource
Encode requesttoken
2015-02-19 16:21:12 +01:00
Thomas Müller
bdc503b03d Merge pull request #14295 from owncloud/encode-request-token-for-avatars
Encode Requesttoken for avatars
2015-02-19 16:20:41 +01:00
Thomas Müller
7cd3f17d9c Merge pull request #14311 from raimund-schluessler/Fix#14310
Fix #14310
2015-02-19 16:17:19 +01:00
Thomas Müller
6e4fa80fe6 Merge pull request #14377 from owncloud/port-14041
Port of #14041 to master
2015-02-19 15:49:30 +01:00
Arthur Schiwon
7ada41259c Port of #14041 to master
on ownCloud upgrade: upgrade all apps in order, load important ones

Fix "other" app update stack
2015-02-19 14:38:22 +01:00
Morris Jobke
0e47d1fcca Merge pull request #14338 from owncloud/fix-nav-heigt
If no link text has been set for the navigation show the link nonetheless
2015-02-19 13:11:53 +01:00
Thomas Müller
84eb00e428 Merge pull request #14342 from owncloud/disallow-path-traversals-in-file-view
Disallow path traversals in file view
2015-02-19 10:27:04 +01:00
Jenkins for ownCloud
294137dda6 [tx-robot] updated from transifex 2015-02-19 01:55:43 -05:00
Thomas Müller
b32d31a2f1 Merge pull request #13836 from owncloud/part-no-cache-update
Dont update the cache when working with part files
2015-02-19 00:08:10 +01:00
Thomas Müller
88126498a0 Merge pull request #14349 from owncloud/contributetrackerupdate
add documentation issue trackers and use https everywhere
2015-02-18 20:43:16 +01:00
Jan-Christoph Borchardt
83bc951630 Merge pull request #12213 from sebomoto/add-loadfeedback
Add loadfeedback
2015-02-18 19:42:18 +01:00
Volkan Gezer
74ed727b5f add documentation issue trackers and use https everywhere 2015-02-18 19:13:49 +01:00
Lukas Reschke
46ca0fa481 Add some basic PHPDoc to functions 2015-02-18 18:17:33 +01:00
Lukas Reschke
41e5850450 Prevent directory traversals in ctr of \OC\Files\View
This prevents a misusage of \OC\Files\View by calling it with user-supplied input. In such cases an exception is now thrown.
2015-02-18 18:17:33 +01:00
Clark Tomlinson
8d09cc3b91 Merge pull request #13989 from owncloud/enhancment/security/11857
Allow AppFramework applications to specify a custom CSP header
2015-02-18 10:27:29 -05:00
Clark Tomlinson
84cc90a0ee Merge pull request #14335 from owncloud/enable-strict-mode-per-deafult
Fix invalid `ini_set` directives
2015-02-18 10:06:12 -05:00
Lukas Reschke
e4bf3fcb53 Merge pull request #14330 from owncloud/revert-13879-add_debug_log_for_memcache_instantiation
Revert "add debug log for memcache instantiation"
2015-02-18 15:45:38 +01:00
Clark Tomlinson
c4fdb9cc24 Merge pull request #14324 from owncloud/fix/14320
Check if instance is not yet installed
2015-02-18 09:40:32 -05:00
Bernhard Posselt
a5074fa629 if no link text has been set for the navigation show the link nonetheless 2015-02-18 15:34:31 +01:00
Lukas Reschke
593681a4a9 Fix invalid ini_set directives
Somehow they got messed up. Because PHP does automatic type juggling this has worked before as well however it's not guaranteed that this might work in the future as well.
2015-02-18 15:18:27 +01:00
Vincent Petry
610761d1f7 Merge pull request #14211 from owncloud/activity/225-files-extension-jenkins
Activity/225 Move displaying of files related activities to files app
2015-02-18 14:47:15 +01:00
Vincent Petry
837365fff2 Merge pull request #14210 from owncloud/activity/225-sharing-extension-jenkins
Activity/225 sharing extension
2015-02-18 14:46:58 +01:00
Lukas Reschke
cd4c064ebf Revert "add debug log for memcache instantiation" 2015-02-18 14:16:14 +01:00
Lukas Reschke
a666f804c7 Use the untrusted domain in the installer 2015-02-18 13:59:37 +01:00
Lukas Reschke
1a41f8f6f9 Check if instance is not yet installed
Due to a security hardening in 8.1 a missing value of empty trusted domains in the config would provoke an error as this was misused by a lot of users.

This caused a problem where the initial installation happened from another domain than 127.0.0.1 as in this case the domain was considered untrusted as no value was defined. However, this special case should not get intercepted.

To test:
- [ ] Installing ownCloud on 127.0.0.1 works
- [ ] Installing ownCloud on another domain / IP works
- [ ] When setting up ownCloud from 127.0.0.1 and accessing it from the domain above the trusted domain error should be shown if not specified in the config

Fixes https://github.com/owncloud/core/issues/14320
2015-02-18 13:06:46 +01:00
Thomas Müller
caa6d3e2db Merge pull request #13857 from owncloud/phpseclib-0.3.9
Update phpseclib to version 0.3.9.
2015-02-18 10:17:34 +01:00
Thomas Müller
2b1f39cd6b Merge pull request #14308 from owncloud/fix-14247
Add mapping for a broken varchar type.
2015-02-18 10:05:33 +01:00
Jenkins for ownCloud
b9c39b60ec [tx-robot] updated from transifex 2015-02-18 01:55:40 -05:00
Andreas Fischer
c640e2fa66 Update phpseclib to version 0.3.9. 2015-02-18 01:16:23 +01:00
Lukas Reschke
ceaa193df2 Merge pull request #14273 from owncloud/require-at-least-apcu-4-0-6
Use APCu only if available in version 4.0.6 and higher
2015-02-18 01:07:54 +01:00
Morris Jobke
5d7d2adcbf Merge pull request #14207 from owncloud/propfind-optimize
Optimize quota calculation for propfind
2015-02-18 00:18:47 +01:00
Raimund Schlüßler
958c1858f8 Fix #14310 2015-02-17 21:48:10 +01:00
Daniel Hansson
c652d3077c Merge pull request #14293 from owncloud/issue/14270-fix-public-share-download-activities
Correctly create activities for public downloads
2015-02-17 21:41:40 +01:00
Victor Dubiniuk
090db867d5 Add mapping for a broken varchar type. Fixes #14247 2015-02-17 23:22:57 +03:00
Joas Schilling
0833a6e332 Correctly create activities for public downloads 2015-02-17 17:26:03 +01:00
Clark Tomlinson
ac13cf04ba Merge pull request #14266 from owncloud/encodeUriComponentPerDefault
Encode parameters in `OC.generateUrl` by itself
2015-02-17 10:37:06 -05:00
Lukas Reschke
0ea6de2f8c Encode Requesttoken for avatars
Fixes new avatar selection in master half, other half will work when https://github.com/owncloud/core/pull/14266 has get merged.

Shocking to see how much places in our code do it wrong 🔫
2015-02-17 15:25:38 +01:00
Lukas Reschke
8e6a7350f9 Merge pull request #14289 from owncloud/remove-null-byte-check
Remove Null Byte Check
2015-02-17 14:47:27 +01:00
Lukas Reschke
27c1409be5 Encode parameters in OC.generateUrl by itself
This function is often used in a wrong and potential dangerous way... Thus we should escape the URL per default and offer developers to disable the automatic escaping via an option parameter if they really want that behaviour.

Might break some things, however, those things are then easy to fix and we really have a ton of bugs caused by this...

Fixes https://github.com/owncloud/core/issues/14228
2015-02-17 14:41:06 +01:00
Lukas Reschke
20d57c8bfe Remove Null Byte Check
This is not relevant anymore since we require PHP 5.4
2015-02-17 14:19:20 +01:00
Lukas Reschke
b701bbd8c5 Use APCu only if available in version 4.0.6 and higher
APCu before 4.0.6 is unbelievable buggy and tend to segfault the PHP process (i.e. the whole webserver)

This potentially fixes https://github.com/owncloud/core/issues/14175

Requires a backport to stable8
2015-02-17 13:28:02 +01:00
Lukas Reschke
76c511de92 Merge pull request #14056 from owncloud/refactor/13976
Refactor OC_Request into TrustedDomainHelper and IRequest
2015-02-17 13:17:04 +01:00
Vincent Petry
e8f16db49d Merge pull request #13866 from rullzer/avatar_share_dialog
Avatars in share dialog
2015-02-17 10:17:36 +01:00
Jenkins for ownCloud
30ca14021c [tx-robot] updated from transifex 2015-02-17 01:56:23 -05:00
Lukas Reschke
cebf9f6a5a Incorporate review changes 2015-02-16 22:13:03 +01:00
Lukas Reschke
992164446c Add blackmagic due to cyclic dependency 🙈 2015-02-16 22:13:01 +01:00
Lukas Reschke
9f91d64918 Make scrutinizer happy 2015-02-16 22:13:00 +01:00
Lukas Reschke
886bda5f81 Refactor OC_Request into TrustedDomainHelper and IRequest
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.

This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.

Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.

Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
2015-02-16 22:13:00 +01:00