Commit graph

10 commits

Author SHA1 Message Date
Joas Schilling
94ad54ec9b Move tests/ to PSR-4 (#24731)
* Move a-b to PSR-4

* Move c-d to PSR-4

* Move e+g to PSR-4

* Move h-l to PSR-4

* Move m-r to PSR-4

* Move s-u to PSR-4

* Move files/ to PSR-4

* Move remaining tests to PSR-4

* Remove Test\ from old autoloader
2016-05-20 15:38:20 +02:00
Joas Schilling
9eade36ae5
Fix namespaces in AppFramework tests 2016-05-18 18:57:45 +02:00
Lukas Reschke
8133d46620 Remove dependency on ICrypto + use XOR 2015-10-21 17:33:41 +02:00
Lukas Reschke
8313a3fcb3 Add mitigation against BREACH
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
Thomas Müller
3ecf7fce79 Fix unit test within OCSController 2015-08-03 22:19:04 +02:00
Lukas Reschke
886bda5f81 Refactor OC_Request into TrustedDomainHelper and IRequest
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.

This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.

Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.

Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
2015-02-16 22:13:00 +01:00
Thomas Müller
c60dabd11b Request requires a second parameter 2015-02-09 23:06:55 +01:00
Bernhard Posselt
9873aa3d9e fix license email 2015-02-05 14:10:16 +01:00
Bernhard Posselt
b89ddcfe41 fix license email 2015-02-05 14:09:01 +01:00
Bernhard Posselt
fdc64e370c add a controller and reponse for ocs 2015-02-05 14:02:17 +01:00