Commit graph

25453 commits

Author SHA1 Message Date
Oliver Kohl D.Sc.
bfdae9e2c7 Merge pull request #16562 from owncloud/revert-15203-revert-15201-webdav-ng-bugfix
FIX for webdav.mediencenter.t-online.de

https://webdav.mediencenter.t-online.de returns invalid response code.

e.g.
{"reqId":"f9a1c394b98108e4e5ca62bf47829c64","remoteAddr":"81.189.45.224","app":"PHP","message":"Undefined offset: 2 at \/var\/www\/owncloud\/3rdparty\/sabre\/dav\/lib\/Sabre\/DAV\/Client.php#569","level":3,"time":"2015-03-25T18:25:48+00:00","method":"GET","url":"\/index.php\/apps\/files\/ajax\/getstoragestats.php?dir=External%2FT-Cloud%2FTests"}

e.g.
{"reqId":"3407d66672b3cef206b0af883e49bff4","remoteAddr":"46.74.125.245","app":"PHP","message":"Undefined index: {DAV:}getlastmodified at \/var\/www\/owncloud\/lib\/private\/files\/storage\/dav.php#563","level":3,"time":"2015-03-25T16:33:21+00:00"}
2015-05-26 14:31:09 +02:00
Lukas Reschke
bc6d17ed74 Add check for availability of /dev/urandom
Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system:

1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop
2. MTRand: chr((mt_rand() ^ mt_rand()) % 256)
3. Rand: chr((rand() ^ rand()) % 256)
4. UniqId: Plain uniqid()

An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour.

One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface.

Thanks to David Black from d1b.org for bringing this again to our attention.
2015-05-26 14:16:07 +02:00
Oliver Kohl D.Sc
f8938f004d Revert "Revert "FIX for webdav.mediencenter.t-online.de"" 2015-05-26 13:36:45 +02:00
Vincent Petry
d7c18b04bd Merge pull request #16521 from owncloud/unbold-placeholder-image
use normal font weight instead of bold for image placeholders
2015-05-26 12:55:05 +02:00
Björn Schießle
f70c309c2d Merge pull request #16561 from owncloud/add-default-timeout-back
Add connection timeout to default POST options
2015-05-26 12:23:57 +02:00
Vincent Petry
f1fc7b155c Merge pull request #16515 from owncloud/deprecate-useless-helper-class
Deprecate useless helper class
2015-05-26 12:22:05 +02:00
Vincent Petry
23bbf287ff Merge pull request #16518 from owncloud/external-link-arrow
use arrow icon for external link to Apps dev docs, like in Help section
2015-05-26 12:17:50 +02:00
Vincent Petry
7b10e7b747 Merge pull request #16520 from owncloud/fix-float-spinner-position
fix float spinner position
2015-05-26 12:13:15 +02:00
Vincent Petry
39c6a36488 Merge pull request #16532 from owncloud/cors-no-cookie-auth
Disallow cookie auth for cors requests
2015-05-26 12:12:04 +02:00
Björn Schießle
ab0747113c Merge pull request #16452 from owncloud/enc_ftp_upload
always write file, if fseek doesn't work we write the whole file
2015-05-26 12:02:41 +02:00
Thomas Müller
3babcd0344 Merge pull request #16339 from owncloud/master-override-channel
Allow change update channel via public API
2015-05-26 11:42:41 +02:00
Lukas Reschke
dff361dc5c Add connection timeout to default POST options
Fixes https://github.com/owncloud/core/issues/16560
2015-05-26 11:22:50 +02:00
jknockaert
a577e723b0 flush() comments + perf opt 2015-05-26 10:22:52 +02:00
Jenkins for ownCloud
6198fb20cb [tx-robot] updated from transifex 2015-05-26 01:54:57 -04:00
Jenkins for ownCloud
fe610a65d3 [tx-robot] updated from transifex 2015-05-25 01:55:06 -04:00
Jenkins for ownCloud
06934e7c00 [tx-robot] updated from transifex 2015-05-24 01:55:03 -04:00
Jenkins for ownCloud
e189435499 [tx-robot] updated from transifex 2015-05-23 01:55:05 -04:00
Bernhard Posselt
13592921f1 Merge pull request #16536 from rullzer/unit_tests_16511
Unit tests for #16511
2015-05-22 19:08:17 +02:00
Vincent Petry
ce34edacfa Merge pull request #16526 from owncloud/enc_fix_versions_webdav_upload
remove part file extension before we read a filekey
2015-05-22 16:42:52 +02:00
Bjoern Schiessle
c63f2286c0 copy keys before we move a file between storages to make sure that the new target file reuses the old file key, otherwise versions will break 2015-05-22 15:41:28 +02:00
Roeland Jago Douma
914c74ea9b Unit tests for #16511
Make sure that password is updated on focusout of the password field or
on pressing enter in the password field.
2015-05-22 15:09:21 +02:00
Bernhard Posselt
c8e3599cad disallow cookie auth for cors requests
testing ...

fixes

fix test

add php doc

fix small mistake

add another phpdoc

remove not working cors annotations from files app
2015-05-22 14:06:26 +02:00
Bjoern Schiessle
fef75e5417 remove part file extension before we read a filekey to reuse a existing key if possible, otherwise stuff like versioning will break 2015-05-22 12:12:31 +02:00
Lukas Reschke
8ce3d6ea57 End processing when file is not found
We have to end the processing when a file is not found or otherwise the method is proceeding and even sending invalid file paths to the sendfile methods.

Due to nginx preventing directory traversals this is luckily not immediately exploitable. We should for hardening purposes however quit the script execution just as we do for 403 cases and others as well.
2015-05-22 11:53:02 +02:00
Vincent Petry
b82d902e18 Merge pull request #16493 from owncloud/cache-movewithcorrectmimetype
Get correct mimetype when moving and changing extension
2015-05-22 11:37:11 +02:00
Joas Schilling
d7b2bc9e2f Merge pull request #16516 from owncloud/fix-phpdoc-trait
Fix PHPDoc
2015-05-22 09:47:59 +02:00
Jenkins for ownCloud
156881efce [tx-robot] updated from transifex 2015-05-22 01:55:04 -04:00
Jan-Christoph Borchardt
79c5790a72 use normal font weight instead of bold for image placeholders 2015-05-22 03:26:30 +02:00
Jan-Christoph Borchardt
6bba345f34 fix float spinner position 2015-05-22 02:30:55 +02:00
Jan-Christoph Borchardt
cd0fa062eb add example theme 2015-05-22 02:17:46 +02:00
Jan-Christoph Borchardt
94e4f448ee use arrow icon for external link to Apps dev docs, like in Help section 2015-05-22 01:17:22 +02:00
Jan-Christoph Borchardt
2fccfbe278 also replace logo-mail with new look 2015-05-22 00:35:12 +02:00
Lukas Reschke
3d8ea96e55 Fix PHPDoc
Use correct parameters
2015-05-22 00:17:38 +02:00
Jan-Christoph Borchardt
78a0464354 replace logo-wide on share page as well with better icon + text 2015-05-22 00:04:47 +02:00
Lukas Reschke
c1f8829590 Deprecate useless helper class
The helper class has no real reason anymore with 8.1.0 as we now have better public APIs. No need for an `IHelper` class like that from my opinion.
2015-05-21 23:35:37 +02:00
Jan-Christoph Borchardt
4e93d9e3a2 remove logo-wide from tests 2015-05-21 22:40:26 +02:00
jknockaert
bf6151e799 fix calculation of $count, $count is always 8129 so we need to check this
against the unencrypted file size
2015-05-21 14:15:26 +02:00
Bjoern Schiessle
5a20edac82 test to simulate a non-seekable stream wrapper 2015-05-21 14:15:26 +02:00
jknockaert
fb51880a4a encrypted filesize calculation in flush() 2015-05-21 14:15:26 +02:00
Bjoern Schiessle
38bceb0d74 distinguish between source and target mount point to allow copy/rename between system wide mount points and user specific mountpoints 2015-05-21 14:06:45 +02:00
Lukas Reschke
94077caea9 Merge pull request #16499 from owncloud/fix-phpdoc-annotations
Fix PHPDoc 🙈
2015-05-21 13:54:01 +02:00
Lukas Reschke
694d639f94 Fix PHPDoc 🙈
*sigh*
2015-05-21 13:07:54 +02:00
Vincent Petry
22968e806c Get correct mimetype when moving and changing extension
Fixes issue when restoring folders from trash cross-storage, as such
folders have an extension ".d12345678".

Fixes issue when moving folders between storages and at the same time
changing their extension.
2015-05-21 10:57:58 +02:00
Joas Schilling
896130b68d Merge pull request #16473 from owncloud/occ_16221
occ option to update all third party apps without disable
2015-05-21 09:47:54 +02:00
Jenkins for ownCloud
42dd40ad80 [tx-robot] updated from transifex 2015-05-21 01:55:57 -04:00
Steffen Lindner
48040c46cb Skip disable3rdParty Apps 2015-05-20 17:06:00 +02:00
Vincent Petry
d560d1ef2a Merge pull request #16469 from oparoz/restore-minheight-for-single-public-previews
Restore min-height for single previews
2015-05-20 16:48:27 +02:00
Morris Jobke
39d1e99228 Merge pull request #16322 from owncloud/trash-view
dont go trough the view when moving to trash
2015-05-20 14:44:01 +02:00
Morris Jobke
1a67e5cdc3 Merge pull request #16465 from owncloud/s2s-returnpropererrorwhenpublicwebdavdisabled
Return 401 when accessing public webdav and s2s is disabled
2015-05-20 14:28:45 +02:00
Olivier Paroz
13ab251c6d Restore min-height for single previews 2015-05-20 14:09:31 +02:00