Commit graph

29034 commits

Author SHA1 Message Date
Thomas Müller
bb8dbc291b Merge pull request #21005 from owncloud/verify_password_before_unshare
The ajax code path unshares a link share when updating the password
2015-12-09 10:05:20 +01:00
Thomas Müller
bc744ff6de Merge pull request #21038 from owncloud/share-computesharepermissions-notstore
Fix (re)share permission checks in a few code paths
2015-12-09 10:04:56 +01:00
Thomas Müller
6ba22f0243 Merge pull request #21043 from owncloud/add-php-doc
Add type description
2015-12-09 10:04:30 +01:00
Joas Schilling
5c0be3b565 Fix the last insert id test by changing to an autoincrement table 2015-12-09 09:51:33 +01:00
Lukas Reschke
b50987165e Add support for read only config dir
We already support the `config_is_read_only` for the config file itself. However not for the whole directory (which is a bug).

This unifies the check in the checkServer routine with the one in base.php. Now one can enable a read only config folder so that ownCloud is not allowed to overwrite it's own source code.

To test this set the whole config folder to read only, clear your session, refresh, see it fails, add the new code, refresh, see it works. Also verify that setup still works fine. (obviously setup does not work with a read only config Also verify that setup still works fine. (obviously setup does not work with a read only config))

Fixes https://github.com/owncloud/core/issues/14455
2015-12-09 08:54:11 +01:00
Lukas Reschke
025f021fd4 Remove dead code
Silences two other security warnings, also I cleaned up the PHPDoc a little bit.
2015-12-09 08:18:47 +01:00
Jenkins for ownCloud
dda9525c4b [tx-robot] updated from transifex 2015-12-09 01:55:14 -05:00
Lukas Reschke
61da3d530d Verify return type
Can also be null. Silences another security warning...
2015-12-09 07:32:19 +01:00
Lukas Reschke
11e98e2de6 Fix PHPDoc and check if path does exists
Mutes another security warning of some static scanners.
2015-12-09 06:57:24 +01:00
Robin Appelman
8c1afb8fb9 Add tests 2015-12-08 18:01:44 +01:00
Vincent Petry
d0cca6c3ad Add explicit check for groups excluded from sharing
Since isSharable() doesn't do the check for groups excluded from
sharing, adding an explicit check in the sharing code.
2015-12-08 16:48:33 +01:00
Vincent Petry
28e9bc1156 Fix more unit tests to pass a mock storage instead of null to FileInfo 2015-12-08 16:33:39 +01:00
Thomas Müller
13993c4a6d Merge pull request #21037 from owncloud/fix-irritating-ldap-log-entry
passing an empty base in this diagnosis call will not result  in LDAP…
2015-12-08 16:24:50 +01:00
Lukas Reschke
7c45eaa70b Add type description
Allows IDEs and static code analyzers. Would have saved me some minutes today :)
2015-12-08 15:20:54 +01:00
Thomas Müller
0dd111ca2e Merge pull request #21018 from owncloud/scrutinizer-patch-1
Scrutinizer Auto-Fixes
2015-12-08 14:51:57 +01:00
Thomas Müller
49095fa4bb Merge pull request #21031 from owncloud/sanitize-findAppInDirectories
Sanitize the appId passed to `findAppInDirectories`
2015-12-08 13:52:04 +01:00
Thomas Müller
45fe8271ab Merge pull request #21030 from owncloud/querybuilder-new-features
Querybuilder new features
2015-12-08 13:51:45 +01:00
Thomas Müller
85409b6701 Merge pull request #20786 from owncloud/systemtags-dav
DAV endpoint for system tags
2015-12-08 13:51:25 +01:00
Vincent Petry
6e4006d139 Add reshare permission checks
Added in isSharable() in incoming remote share.
Added in isSharable() in regular incoming share.
Added in FileInfo to make sure the proper attributes are returned to the
clients.
2015-12-08 13:13:26 +01:00
Vincent Petry
e241d26316 Compute share permissions in the view
The share permissions are now computed in the View/FileInfo instead of
storing them directly/permanently on the storage
2015-12-08 13:04:22 +01:00
Arthur Schiwon
b91c9851a3 passing an empty base in this diagnosis call will not result in LDAP errors
Neither in "Invalid DN syntax" nor in "Object not found"
2015-12-08 12:32:02 +01:00
Joas Schilling
9f98849306 Add a method to the get "to use" table and column name 2015-12-08 11:04:28 +01:00
Thomas Müller
fe8dc0bd5e Merge pull request #21022 from owncloud/get-rid-of-by-reference
Get rid of by reference
2015-12-08 11:04:25 +01:00
Thomas Müller
c88438790c Merge pull request #20979 from owncloud/settings-groups-entry
Add 'my groups' anchor to the personal page sidebar
2015-12-08 11:04:09 +01:00
Thomas Müller
ae2287e255 Merge pull request #21025 from owncloud/remove-legacy-trusted-domain-support
Remove legacy repair steps + do not cast trusted domains
2015-12-08 11:03:33 +01:00
Thomas Müller
fd356eadc6 Merge pull request #20951 from owncloud/Make_showing_logs_optional
Controlled arguments for run script
2015-12-08 10:15:28 +01:00
Thomas Müller
c93664468c Merge pull request #21028 from owncloud/fix-php-doc-for-storage-config
Use proper PHPDoc reference
2015-12-08 10:04:41 +01:00
Lukas Reschke
715f89a9d9 Sanitize the appId passed to findAppInDirectories
Would have prevented quite some security bugs in the past. Nice hardening for now.
2015-12-08 10:03:22 +01:00
Joas Schilling
a3391248e4 Add select distinct to the query builder 2015-12-08 09:49:21 +01:00
Lukas Reschke
f55a56ff6c Use proper PHPDoc reference 2015-12-08 09:45:20 +01:00
Joas Schilling
f2c7acb3c0 Allow getting the last insert id without much hassle 2015-12-08 09:40:20 +01:00
Joas Schilling
5453daab03 More fixes to the docs 2015-12-08 09:11:50 +01:00
Lukas Reschke
6d3eb7673d Add unit test for nested arrays 2015-12-08 09:07:38 +01:00
Lukas Reschke
4b293dffe5 Use \OCP\Util::sanitizeHTML instead of \OC_Util::sanitizeHTML 2015-12-08 08:56:47 +01:00
Lukas Reschke
70c228a7cc Get rid of passing a reference
Fixes https://github.com/owncloud/core/issues/14643
2015-12-08 08:56:46 +01:00
Lukas Reschke
8289943a0f Do not trust casting 2015-12-08 08:50:00 +01:00
Lukas Reschke
451ba4ddaa Remove unused repair steps
These ones are not necessary anymore for the new major release.
2015-12-08 08:46:41 +01:00
Lukas Reschke
6ea7410041 Remove legacy check
This one is not required anymore as we have the RepairConfig repair step since November 2014.
2015-12-08 08:44:42 +01:00
Thomas Müller
d6276faff6 Merge pull request #21014 from owncloud/share-unsharelinkpapercut
Fix unshare link click element
2015-12-08 08:39:33 +01:00
Lukas Reschke
8903afec26 Don't write directives from CLI 2015-12-08 08:17:04 +01:00
Lukas Reschke
0a89073c47 Run .htaccess updates in any case
This is the same what we also do in updater.php and thus this aligns the code. Makes the code paths more consistent.
2015-12-08 08:16:24 +01:00
Lukas Reschke
235094ab54 Remove version check out of .htaccess
This can now be achieved using the new code signing.
2015-12-08 08:16:23 +01:00
Lukas Reschke
3bce1b20fe Add DirectorySlash to dynamic .htaccess write
When `DirectorySlash off` is set then Apache will not lookup folders anymore. This is required for example when we use the rewrite directives on an existing path such as  `/core/search`. By default Apache would load `/core/search/` instead `/core/search` so the redirect would fail here.

This leads however to the problem that URLs such as `localhost/owncloud` would not load anymore while `localhost/owncloud/` would. This has caused problems such as https://github.com/owncloud/core/pull/21015

With this change we add the `DirectorySlash off` directive only when the `.htaccess` is writable to the dynamic part of it. This would also make `localhost/owncloud` work again as it would trigger the 404 directive which triggers the redirect in base.php.
2015-12-08 08:10:55 +01:00
Jenkins for ownCloud
736e133c04 [tx-robot] updated from transifex 2015-12-08 01:56:19 -05:00
Scrutinizer Auto-Fixer
0f1be1b601 Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-12-07 20:08:20 +00:00
Thomas Müller
b15d77c934 Merge pull request #21015 from owncloud/update-redirecttocorrectpage
Redirect to correct URL after updating
2015-12-07 19:55:45 +01:00
Thomas Müller
4100263bd6 Merge pull request #20996 from owncloud/issue-12215-remove-password-reset-when-not-possible
Issue 12215 remove password reset when not possible
2015-12-07 19:55:26 +01:00
Vincent Petry
69ab047f89 Redirect to correct URL after updating
Now requires a trailing slash to make sure we don't land on the
forbidden page.
2015-12-07 18:08:00 +01:00
Vincent Petry
5567b6cee2 Fix unshare link click element
When clicking on the unshare link (trash icon), the correct link element
needs to be used instead of whatever child was clicked. Then, that
element might contain a visible loading icon.

This fixes the spinner detection and also prevents a full page reload in
case the spinner was visible.
2015-12-07 17:58:17 +01:00
Thomas Müller
bec34f1275 Merge pull request #21006 from owncloud/scrutinizer-patch-1
Scrutinizer Auto-Fixes
2015-12-07 17:49:43 +01:00