Commit graph

236 commits

Author SHA1 Message Date
Robin Appelman
7d72f7d8ce keep a read lock while scanning a file or folder 2015-06-15 14:32:29 +02:00
Thomas Müller
b6165b6865 Merge pull request #16912 from owncloud/webdav-smalltransferlockfix
Webdav PUT small file lock must be shared during hooks
2015-06-15 11:30:59 +02:00
Vincent Petry
4497aa4c68 Webdav PUT small file lock must be shared during hooks
Fixed code path for Webdav PUT of small files to use shared locks during
hook execution, and exclusive during the file operation

This makes it possible for versions to be copied by accessing the file
in a post_write hook.
2015-06-12 18:52:18 +02:00
Robin Appelman
05cecb101d verify path when getting a node for sabredav 2015-06-11 17:11:33 +02:00
Vincent Petry
f13a2d9251 Revert "verify path when getting a node for sabredav" 2015-06-11 15:25:06 +02:00
Robin Appelman
4d10dab813 verify path when getting a node for sabredav 2015-06-11 14:12:04 +02:00
Vincent Petry
6ae5ae2e31 Prevent deleting Webdav root 2015-06-05 16:55:09 +02:00
Joas Schilling
1df95ea1ca Fix "@throws" tags on doc blocks 2015-06-05 13:55:59 +02:00
Vincent Petry
06dda427f3 Validate path in getChild 2015-06-05 12:08:18 +02:00
Vincent Petry
6ab38be40e Translate invalid path exception to sabre exception for files 2015-06-03 12:22:31 +02:00
Vincent Petry
270a10b754 Return 423 instead of 503 for locked files 2015-06-01 13:24:02 +02:00
Vincent Petry
0451a6652d Move locking exceptions 2015-06-01 13:24:02 +02:00
Vincent Petry
ba174ac626 Convert LockedException to FileLocked in Sabre connector
For Sabre to be able to return the proper error code instead of 500, the
LockedException is now rethrown as FileLocked exception in the Sabre
connector
2015-06-01 13:22:57 +02:00
Robin Appelman
8665a98744 add locking for non-chunking webdav upload 2015-06-01 13:22:57 +02:00
Robin Appelman
668fafd4d2 close file handle after sending sabre response 2015-06-01 13:22:56 +02:00
Vincent Petry
06f8c80af6 Validate target file name for some webdav ops 2015-05-29 19:14:38 +02:00
Lukas Reschke
ffd73ef2e4 Fix indentation 2015-05-27 14:57:19 +02:00
Scrutinizer Auto-Fixer
fdbc21fc6c Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-05-19 11:23:06 +00:00
Morris Jobke
7ee3f99a4a Merge pull request #16364 from owncloud/add-warning-webdav
Add notice that WebDAV interface is not intended for browsers
2015-05-18 11:28:47 +02:00
Joas Schilling
0991c0cc02 Merge pull request #16292 from owncloud/webdav-storage-fireprehooks
Fire prehooks when uploading directly to storage
2015-05-15 15:08:27 +02:00
Lukas Reschke
13778893d9 Add notice that WebDAV interface is not intended for browsers
Fixes https://github.com/owncloud/core/issues/16359
2015-05-15 09:07:39 +02:00
Vincent Petry
3cae0135ad Fire prehooks when uploading directly to storage 2015-05-13 17:47:04 +02:00
Robin Appelman
11e1acd8ec fix webdav quota check for the root of the dav endpoint 2015-05-12 14:02:27 +02:00
Robin Appelman
06a65fab13 use cross storage move when renaming the part file during webdav put 2015-05-07 14:28:31 +02:00
Robin Appelman
2e897f05b1 triger propagation for webdav uploads
use post hooks for share etag propagator
2015-04-27 14:07:16 +02:00
Lukas Reschke
b9df932e3c Merge pull request #15683 from owncloud/block-legacy-clients
Block old legacy clients
2015-04-24 18:21:10 +02:00
Lukas Reschke
ab9ea97d3a Catch not existing User-Agent header
In case of an not sent UA header consider the client as valid
2015-04-23 16:33:51 +02:00
Lukas Reschke
ed0b465cf9 Use 403 instead a 50x response 2015-04-20 12:53:40 +02:00
Lukas Reschke
4ea205e262 Block old legacy clients
This Pull Request introduces a SabreDAV plugin that will block all older clients than 1.6.1 to connect and sync with the ownCloud instance.

This has multiple reasons:

1. Old ownCloud client versions before 1.6.0 are not properly working with sticky cookies for load balancers and thus generating sessions en masse
2. Old ownCloud client versions tend to be horrible buggy

In some cases we had in 80minutes about 10'000 sessions created by a single user. While this change set does not really "fix" the problem as 3rdparty legacy clients are affected as well, it is a good work-around and hopefully should force users to update their client
2015-04-20 11:12:17 +02:00
Vincent Petry
ffc796edcb Do not trash part files, delete directly 2015-04-21 18:28:15 +02:00
Morris Jobke
e33e5b425a Merge pull request #12006 from owncloud/dav-put-storage
Work directly on the storage when uploading over webdav
2015-04-15 03:08:52 +02:00
Robin Appelman
eeecca04e6 Keep phpdoc updated. 2015-04-14 16:25:52 +02:00
Robin Appelman
308af8b909 pass a stream to the tests 2015-04-14 15:25:52 +02:00
Robin Appelman
2fd44dbde4 rewind and update error message 2015-04-13 14:14:48 +02:00
Robin Appelman
dcfe014103 use our own stream copy instead 2015-04-13 14:13:21 +02:00
Robin Appelman
8af106cc75 block webdav in single user mode 2015-04-09 15:56:41 +02:00
Robin Appelman
cbcee34eb0 update tests 2015-04-09 14:46:25 +02:00
Robin Appelman
6a59502759 Work directly on the storage when uploading over webdav 2015-04-08 14:04:58 +02:00
Thomas Müller
161d80da5b In case of encryption exceptions we return 503 - this will allow the client to retry 2015-04-07 14:17:42 +02:00
Thomas Müller
664b2bb7af cleaning up exception mess 2015-04-07 13:30:30 +02:00
Thomas Müller
bf809ac85a Removing left overs from old encryption app 2015-04-07 13:30:29 +02:00
Thomas Müller
dbdd754c3f Further cleanup of files_encryption 2015-04-07 13:30:28 +02:00
Thomas Müller
00338f9dca Removing files_encryption left overs 2015-04-07 13:30:28 +02:00
Vincent Petry
7ad4dfa201 Merge pull request #15227 from owncloud/ocetag-header
Copy Etag header to OC-Etag for sabre calls
2015-03-27 13:10:27 +01:00
Morris Jobke
e8109f0bc3 Merge pull request #13802 from owncloud/share-partfilepermissions
Fix share permission checks
2015-03-26 22:01:05 +01:00
Lukas Reschke
8ebe667202 Remove unneeded argument 2015-03-26 20:45:39 +01:00
Lukas Reschke
55fd0082aa Serve all files with a Content-Disposition of 'attachment' via WebDAV
As an additional security hardening it's sensible to serve these files with a Content-Disposition of 'attachment'. Currently they are served 'inline' and get a "secure mimetype" assigned in case of potential dangerous files.

To test this change ensure that:

- [ ] Syncing with the Desktop client still works
- [ ] Syncing with the Android client still works
- [ ] Syncing with the iOS client still works

I verified that the 1.8 OS X and iOS client still work with this change.
2015-03-26 20:01:05 +01:00
Vincent Petry
70acd58336 Copy Etag header to OC-Etag for sabre calls 2015-03-26 16:06:43 +01:00
Vincent Petry
a84ade5f32 Revert "adding OC-ETag header"
This reverts commit 30ee8b6f99.
2015-03-26 15:04:41 +01:00
Vincent Petry
daceb1a9ac Revert "adding unit tests"
This reverts commit 8d327c94a8.
2015-03-26 15:04:36 +01:00