Commit graph

268 commits

Author SHA1 Message Date
Lukas Reschke
ae3425d2da Merge branch 'master' into securityutils
Conflicts:
	lib/private/util.php
2014-08-31 15:21:09 +02:00
Lukas Reschke
d26a9c3c58 Add some security utilities
This adds some security utilities to core including:
- A library for basic crypto operations (e.g. to encrypt passwords)
- A better library for cryptographic actions which allows you to specify the charset
- A library for secure string comparisions

Remove .htaccess

Remove .htaccess

Fix typo

Add public API

Use timing constant comparision

Remove CBC constant

Adjust code

Remove confusing $this
2014-08-27 00:18:04 +02:00
Lukas Reschke
7acdd018a1 Add support for getting the real client IP behind proxies
Fixes https://github.com/owncloud/core/issues/10624

Fix copy paste fail

Add unittest for comma separated headers

Revert 3rdparty
2014-08-27 00:05:04 +02:00
Robin McCorkell
b5c2964070 Merge pull request #9818 from owncloud/fix-mount-file-config
Comment out mount_file config option
2014-08-24 17:32:24 +01:00
Robin McCorkell
9094b380ca Comment out mount_file config option
Prevents sample config issues with external storages. Fixes #9734
2014-08-20 20:25:06 +01:00
Lukas Reschke
fdb203ff1e Merge pull request #10409 from owncloud/iShallNotCopyStuffWithoutThinking
Add a copied_sample_config switch
2014-08-19 11:03:57 +02:00
Björn Schießle
19610157d3 Merge pull request #10425 from owncloud/set_default_share_folder
Set default share folder
2014-08-19 10:21:21 +02:00
Lukas Reschke
c33d1cacd4 Add a copied_sample_config switch
Hopefully this will stop people from copying the sample config. I'm so annoyed by all those wrong bug reports...

Add some explanation about this switch

Move check to init
2014-08-19 09:57:03 +02:00
Bjoern Schiessle
c9903f2e68 make share folder configurable 2014-08-18 16:52:48 +02:00
Stefan Rado
ccc46be740 Make skeleton directory configurable. 2014-08-16 01:07:42 +02:00
Lukas Reschke
5bb4772858 Move authentication failed logging to checkPassword
Fixes https://github.com/owncloud/core/issues/10366
2014-08-15 12:13:00 +02:00
Bjoern Schiessle
4bbdcfbccf support aes 256 2014-07-23 12:14:01 +02:00
Frank Karlitschek
f92b5a2507 update appstore api url 2014-07-17 21:54:46 -04:00
Joas Schilling
bef0934719 Add comment to overwrite* configs about CLI/cron problems 2014-07-07 15:08:46 +02:00
Vincent Petry
c005515ebd Support for multiple default apps
If a default app isn't visible for the user, try the next one.
Else fallback to the "files" app.
2014-07-01 15:42:26 +02:00
Jörn Friedrich Dreyer
5756aba594 add disclaimer to objectstore example config 2014-06-23 16:42:05 +02:00
Jörn Friedrich Dreyer
5722e31d1a add autocreate config option for containers, implement autocreate and delete of containers, use generated container names for tests 2014-06-18 12:53:20 +02:00
Jörn Friedrich Dreyer
1410cb10b4 add 'objectstore' configuration example 2014-06-18 12:53:20 +02:00
Bjoern Schiessle
277f25222a if file doesn't exist, check parent folder 2014-06-14 10:14:07 +02:00
Frank Karlitschek
87101e6638 Merge pull request #9018 from owncloud/dbms-socket-support
Refactor OC_DB::connect() to properly support sockets.
2014-06-13 18:09:51 +02:00
josh4trunks
55ccd6da51 Update notes on dbhost 2014-06-05 20:17:50 -07:00
Vincent Petry
da889ff029 Added experimental switch to count external storage data in quota
This includes all mountpoints except the Shared one in
the used space calculation.

Added unit tests for ext storage inclusion in quota calculation
2014-06-04 16:08:59 +02:00
Owen Winkler
da6aae28ad Merge pull request #8607 from owncloud/filescan_app_hook
Allow apps to control via a hook skipping add/remove a file during filescan
2014-05-30 12:38:37 -04:00
Volkan Gezer
bb8ee2e9af fix wording 2014-05-30 16:00:57 +02:00
ringmaster
16ae63bdfd Updates per comments on PR:
* Use "filesystem_cache_readonly" config setting, update comment in config.sample
* Use $this->cacheActive to cache config setting
* Add public Scanner::setCacheActive() to set $cacheActive programmatically
2014-05-30 09:42:41 -04:00
Lukas Reschke
62eb5cd6b0 Add a warning to the configuration file
Some people believe that they should copy the sample config to the "real" config. I noticed this several times in IRC and on the bugtracker.

I guess this warning should be enough to avoid this in the future.
2014-05-29 17:43:59 +02:00
ringmaster
26d169b27c Use 'filesystem_check_enable' as a config option. 2014-05-27 16:01:16 -04:00
Robin Appelman
151c48494e Add a config option fro setting the filesystem watcher policy 2014-05-23 12:20:31 +02:00
Andreas Fischer
e381d7d180 Merge pull request #8440 from wakeup/master
Minor changes in config.sample

* wakeup/master:
  Update config.sample.php
  Minor changes in config.sample
2014-05-03 23:39:10 +02:00
Volkan Gezer
1a0fc49018 Update config.sample.php 2014-05-03 15:38:44 +02:00
Volkan Gezer
6dfc63a240 Minor changes in config.sample
* appcodechecker accepts boolean.
* using different ports in trusted domains

Partially fixes #330
2014-05-03 14:41:36 +02:00
Thomas Müller
7c0340c63c Merge pull request #7852 from josh4trunks/basic_auth_fix
Fixes login / logout when HTTP Basic Headers are avilable.
2014-04-28 21:46:52 +02:00
Lukas Reschke
2bea7ec2e7 Add another example to the trusted_domains config
Users often ask in IRC or the forum how to add another domain. 
Hopefully they will be able to find it out on their own if we have an example with two domains.
2014-04-26 22:37:30 +02:00
Lukas Reschke
c92a138489 Preventing access to the config folder
It isn't uncommon that admins create a backup file of the config (i.e. `config.php.bak`) before performing any changes. This would allow everybody to read the backup of the configuration file which contain several secret and critical values.

I don't believe this is worth a backport or getting added to the installer. It's just a nice to have. People that create public readable backups of their configuration are the one to blame, not us :-)
2014-04-24 08:33:58 +02:00
josh4trunks
2d9b46e3b9 Remove missed stuff from merge 2014-04-03 22:17:31 -07:00
josh4trunks
4ddf5d92f2 Fixes login / logout when HTTP Basic Headers are avilable. 2014-04-03 22:12:57 -07:00
Vincent Petry
cf361b6b4a Allow using "/" in "overwritewebroot"
Whenever the reverse proxy is using "/" as the webroot, it is now
possible to set that value in "overwritewebroot"
2014-03-31 15:36:48 +02:00
Vincent Petry
040f430f0c Merge pull request #7829 from owncloud/cachefolderlocation
Cache folder is now configurable
2014-03-28 12:08:38 +01:00
Vincent Petry
10c9b8eb99 Cache folder is now configurable
When using an external cache folder, it is automatically mounted in
FileSystem::initFileSystem so that any app can use it transparently
by creating a view on the "/$user/cache" directory.
2014-03-24 12:57:11 +01:00
kondou
547b563464 Log last cron execution
Fixes #2012
2014-03-12 15:20:51 +01:00
kondou
da19109f40 Config to disable basic_auth username chacking
This can be confusing and/or annoying
2014-02-26 18:06:13 +01:00
Lukas Reschke
c9ab11a9bd Merge pull request #7259 from owncloud/overwritehost-always
Add overwritehost config on setup and upgrade
2014-02-22 07:35:56 +01:00
Lukas Reschke
fe44ac264b Add overwritehost config on setup and upgrade 2014-02-21 15:19:01 +01:00
Thomas Müller
f19276f7bc Merge branch 'master' into no-css-js-delivery-via-php
Conflicts:
	config/config.sample.php
2014-02-21 09:51:51 +01:00
Lukas Reschke
c869e0116b Merge pull request #6999 from kofemann/mount-config
mount: make location of mount.json configurable
2014-02-20 15:15:00 +01:00
Lukas Reschke
2955d9b483 Indentation 2014-02-20 13:54:05 +01:00
Thomas Müller
8cf73ca42f integrate assetic for asset pipeline-ing 2014-02-20 13:28:27 +01:00
Andreas Fischer
bbfd97ce03 Merge pull request #6247 from owncloud/memcached-multiple-servers
Add support for multiple memcached servers.

* owncloud/memcached-multiple-servers:
  Readd support for memcached_server config variable.
  Add support for multiple memcached servers.
2014-02-08 14:21:19 +01:00
Vincent Petry
912da8d277 Added session_keepalive setting
When session_keepalive is true (default) the heartbeat will be send as
often as the half of the session timeout value.
2014-02-04 13:56:10 +01:00
Tigran Mkrtchyan
8cc9727520 mount: make location of mount.json configurable
do not share users data with config files

Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
2014-01-29 17:14:23 +01:00
Jens-Christian Fischer
3ca85cd841 updated config.sample.php with mail_from_address parameter 2014-01-24 16:24:52 +01:00
Andreas Fischer
320353c237 Add support for multiple memcached servers. 2014-01-10 00:57:34 +01:00
Andreas Fischer
5db73c05fb Document memcached settings in config.sample.php 2013-12-09 01:20:10 +01:00
Robin Appelman
9eca2471b3 Merge branch 'master' into backgroundscan-reuse-etag 2013-12-06 18:27:46 +01:00
Robin Appelman
e888bdda30 get rid of failing test that don't cause additional downloads 2013-12-06 18:26:38 +01:00
Bjoern Schiessle
6b7fdda4f5 config switch to disable auto expire for the trash bin 2013-12-04 16:11:40 +01:00
Robin Appelman
a609a53647 add documentation for single user config option to config.sample.php 2013-11-25 16:01:42 +01:00
Wikinaut
63952aaeab Update config.sample.php
/* Enable maintenance mode to disable ownCloud
   If you want to prevent users to login to ownCloud before you start doing some maintenance work, 
   you need to set the value of the maintenance parameter to true. 
   Please keep in mind that users who are already logged-in are kicked out of ownCloud instantly.
*/
2013-11-12 00:59:35 +01:00
Frank Karlitschek
6a60a47d59 add options to disable the check for a working .htaccess file in data and for a working WebDAV server. This are advanced settings that are needed in special situations where our check fail and the user runs into an http timeout. 2013-10-17 16:27:43 +02:00
Morris Jobke
0641365a10 Merge pull request #4780 from AxelRb/master
On an auth failure the uid and the IP address should be logged to the st...
2013-10-10 07:21:36 -07:00
Axel Roenn
08a0435704 Added the config option to log ip addresses , default false 2013-10-09 17:21:35 +02:00
Bjoern Schiessle
6a411833b9 let admin specify timezone for log file entries 2013-10-07 15:34:48 +02:00
kondou
65413a95dc Merge branch 'master' into oc_avatars
Conflicts:
	config/config.sample.php
2013-09-03 04:43:11 +02:00
blizzz
431cf06e99 Merge pull request #4672 from owncloud/ocs_cleanup
Ocs cleanup
2013-09-02 14:24:46 -07:00
Owen Winkler
9a263a500a Employ config option for OpenSSL config file, if provided.
This should help make OpenSSL configuration on Windows servers easier by allowing the openssl.cnf file to be set directly in the ownCloud config, rather than in SetEnv commands that don't exist and are hard to replicate in IIS.
2013-09-02 09:59:00 -04:00
Owen Winkler
fb34f49913 Start a branch for easier OpenSSL configuration. 2013-09-02 09:58:19 -04:00
kondou
76b1b5b6a3 Provide 'enable_avatars' in config.php, to disable avatars 2013-09-01 18:17:14 +02:00
Frank Karlitschek
a5633bb155 remove the config option that is no longer needed 2013-08-31 18:03:10 +02:00
Georg Ehrke
b7758d0f8d Merge master into oc_preview 2013-08-29 10:50:55 +02:00
Georg Ehrke
70b6e2161e invert logic of disable_previews 2013-08-29 10:08:53 +02:00
Bart Visscher
3fd2df4088 Only enable logrotate when configured. Also rotate size is settable. 2013-08-28 17:41:27 +02:00
Georg Ehrke
1dab076750 make it possible to disable previews 2013-08-23 23:05:44 +02:00
Georg Ehrke
48f0c54261 style fixes for preview lib 2013-08-19 12:16:55 +02:00
Georg Ehrke
af983b843d fix merge conflicts 2013-08-05 14:27:38 +02:00
Thomas Müller
d1a39ab01c Merge pull request #4293 from owncloud/config-date
make log date configurable, default to iso 8601
2013-08-04 15:18:05 -07:00
Thomas Müller
ad952f215d add 'logdateformat' to config.sample.php 2013-08-04 23:13:19 +02:00
Lennart Rosam
ad329f541b users's -> user's 2013-08-02 11:19:33 +02:00
Lennart Rosam
504beb6cfd Fix typo (again >.<).. gnah 2013-08-02 10:01:34 +02:00
Lennart Rosam
79351d064f Make default language configurable via config.php 2013-08-02 09:41:31 +02:00
Thomas Müller
7425efade7 Merge branch 'master' into oc_preview
Conflicts:
	3rdparty
	lib/template.php
2013-07-30 00:34:36 +02:00
Georg Ehrke
b4a5239278 fix syntax in config.sample.php 2013-07-29 16:30:04 +02:00
Björn Schießle
0a9bb8ba73 reduce time for auto expire to 30 days by default 2013-07-26 15:15:47 +02:00
kondou
d9c697534d Fix some typos 2013-07-16 06:01:26 +02:00
Georg Ehrke
a357e5b284 merge conflicts ... 2013-07-10 12:41:53 +02:00
Thomas Mueller
3b91ce695f session_life_time -> session_lifetime
default session_lifetime is 24hrs
recreation of session is triggered at 50% of the session life time
2013-06-28 15:17:54 +02:00
Thomas Mueller
794c189650 session life time is now configurable and set to the same value 2013-06-26 09:21:38 +02:00
Georg Ehrke
5c1d4fc186 yet another update for config.sample.php 2013-06-05 11:18:57 +02:00
Georg Ehrke
78e8712366 update config.sample.php 2013-06-05 11:17:29 +02:00
Georg Ehrke
1bed3253ab add sample config for previews 2013-05-25 11:05:37 +02:00
icewind1991
3b576c5f77 Merge pull request #3111 from owncloud/csp-audio
Allow loading of external media ressources
2013-04-24 08:17:42 -07:00
Lukas Reschke
4f96d7fb85 Allow loading of external media ressources 2013-04-24 16:45:51 +02:00
Florian Scholz
03aa86d8a6 - xframe restriction configurable now 2013-04-24 14:45:40 +02:00
Thomas Mueller
46722d8282 fixes #2789 - no internet connectivity check if there is non on purpose 2013-04-08 22:41:20 +02:00
Frank Karlitschek
adb8197c0b Update config.sample.php
clarify documentation. Fixes https://github.com/owncloud/core/issues/2624
2013-04-05 13:44:49 +03:00
Brice Maron
63804f4153 Change logQuery from define() to OC::Config 2013-03-30 22:36:55 +01:00
itheiss
f0733b2cb5 fix missing ',' after "mail_domain" parameter 2013-03-26 10:37:07 +01:00
itheiss
02d53deecc Update to reflect new parameter mail_domain
see #2568
2013-03-26 09:49:51 +01:00
Lukas Reschke
50460d9032 Remove uneeded \ since we're using " 2013-03-02 00:04:44 +01:00
Björn Schießle
d8fee28b3b add switch to enable/disable the possibility to change the display name by the user 2013-02-10 14:43:31 +01:00
Georg Ehrke
0a16d25724 make it possible to modify the links to the clients 2013-02-06 15:20:43 +01:00
Thomas Müller
f04a91bd60 Merge pull request #1445 from owncloud/CSP_font
Allow loading of external fonts
2013-02-04 10:36:43 -08:00
Lukas Reschke
5fcb35efd6 Also allow local files 2013-02-04 18:43:26 +01:00
Lukas Reschke
bb90b0ee6e Allow the loading of local font files embedded via data: 2013-02-04 18:38:16 +01:00
Lukas Reschke
8de0f96a24 Allow loading of external fonts
Required by several applications like our pdf viewer
2013-02-04 17:51:52 +01:00
Lukas Reschke
3def7f8187 Make fileblacklist configurable 2013-02-03 23:03:06 +01:00
herbrechtsmeier
7747f49263 add SSL proxy support
Add support for a reverse proxy that only forwards SSL connections
unencrypted to the web server.

This patch allows to detect the reverse proxy via regular expression for
the remote IP address and conditional overwrite the host name, protocol
and web root.
2013-01-31 18:43:30 +01:00
Stefan Herbrechtsmeier
ab2b79cda6 add multiple domains reverse proxy support
Add support for a reverse proxy that handles multiple domains via different
web roots (http[s]://proxy.tld/domain.tld/owncloud).

As the reverse proxy web root is transparent for the web server the
REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace
the direct use of this _SERVER variables with function calls and extend
this functions to overwrite the web root. Additionally it adds a Sabre
request backend that extends the Sabre_HTTP_Request to use the same
functions.
2013-01-31 18:42:31 +01:00
Björn Schießle
8067a1394e fix merge conflicts 2013-01-28 11:18:04 +01:00
Thomas Müller
857b15db37 Merge pull request #1318 from j-ed/master
added parameter mail_smtpauthtype to set SMTP authentication type.
2013-01-28 01:42:46 -08:00
j-ed
4d74738fe7 Update config/config.sample.php
added parameter mail_smtpauthtype to set SMTP authentication type.
2013-01-26 12:04:06 +01:00
Lukas Reschke
0d6a577481 Warn users not to enable DEBUG in productive environments
The debug mode should not be enabled in productive environments and is also a security risk since some apps outputs unsanitized debug data to the template.
2013-01-25 18:14:37 +01:00
Lukas Reschke
047f1988c3 Merge branch 'master' into no-inline-js 2013-01-25 16:11:07 +01:00
Lukas Reschke
e5cc5a0a2d Allow the loading of external images 2013-01-25 14:26:14 +01:00
Lukas Reschke
0517465f4d Allow admins to change the CSP policy in the config file 2013-01-23 13:42:52 +01:00
j-ed
dcda792fbc Update config/config.sample.php
fixed an other typo.
2013-01-22 21:42:39 +01:00
j-ed
dfa5f2de4d Update config/config.sample.php
Fixed type in line 70. Thank you for pointing me to that typo.
2013-01-22 21:33:01 +01:00
Björn Schießle
039bc91597 fix typo in comment 2013-01-22 17:46:35 +01:00
Björn Schießle
b694f996d9 allow admin to change retention obligation for the trash bin, default value is 180 days 2013-01-22 15:33:54 +01:00
j-ed
9c069530cb Update config/config.sample.php
Added three additional mail_smtp.. parameters.
- mail_smtpdebug - enable debug messages to analyse SMTP problems.
- mail_smtptimeout - set SMTP timeout which is set to 10s by
  default and this is sometimes to short especially if a malware/
  spam scanner is used.
- mail_smtpsecure - force secure SMTP connections.
2013-01-22 14:24:00 +01:00
Bart Visscher
a8f963d9cf Spaces to tabs 2013-01-16 18:09:16 +01:00
Lukas Reschke
eab6d7eb23 Enhanced auth is totally unmaintained and broken
Let's remove it, it's also not secure anymore with the introduction of
our API etc...
(And doesn't work with ldap etc…)
2013-01-14 21:39:49 +01:00
Michael Gapczynski
ceafb5d7d1 Add maintenance mode entry to config.sample.php 2013-01-04 10:31:59 -05:00
Thomas Mueller
1727b2e84d add smtp port configuration option 2013-01-02 19:04:08 +01:00
root
a64a923d56 call it "proxy" instead of "curlproxy"
Thanks Bart for the hint.
This also switches "==" to "<>" and not the code actually works ;-)
2012-12-19 18:50:19 +01:00
Frank Karlitschek
019da9943a add curl proxy support. Fixes #504
https://github.com/owncloud/core/issues/504
2012-12-19 18:50:19 +01:00
Robin Appelman
ffd14dfd09 add sample configuration for user backends 2012-11-25 14:43:45 +01:00
Frank Karlitschek
6cb3774706 make it possible to manually override the hostname and protocol if the automatic detection from ownCloud fails. This can happen in reverse proxy situations or with loadbalancers setups. 2012-11-22 19:22:00 +01:00
Lukas Reschke
59404b5675 Merge pull request #31 from visit1985/persistentcookies
reresubmit: improved persistent cookies :)
2012-10-16 04:46:22 -07:00
Lukas Reschke
e299c241df Make enhanced auth configurable 2012-10-16 01:08:05 +02:00
Lukas Reschke
6f2e8788ca Make enhanced auth time configurable 2012-10-16 01:02:03 +02:00
Bart Visscher
4b799a6982 Make the lifetime of the remember login cookie 2012-10-14 22:36:25 +02:00
Lukas Reschke
f271afa31c Correct "ownCloud" 2012-09-23 20:23:37 +03:00
Brice Maron
fcaf04cad9 Add little more doc about app folders 2012-06-21 22:00:48 +00:00
Brice Maron
df83df5263 Correct sample config 2012-06-14 21:19:11 +00:00
Brice Maron
4753cc3ebd Merge branch 'master' into multi_app_dir
Conflicts:
	apps/bookmarks/ajax/addBookmark.php
	config/config.sample.php
	lib/app.php
	remote.php
2012-06-14 21:16:59 +00:00
Brice Maron
6da5a2fdd4 Add possibility to choose the installation folder 2012-06-14 21:00:02 +00:00
Frank Karlitschek
897bfa8814 finally fix the updater. next is an automatic updater. but this is a bit more tricky. 2012-06-09 17:43:02 +02:00
Frank Karlitschek
6119f05ac0 generate a random salt during installation and store it in the config.php. use it to salt the password hashing. 2012-06-08 12:31:37 +02:00
Frank Karlitschek
f568b7ccb4 add spacing lines to our awesome new sample config file. readability++ 2012-06-08 11:49:14 +02:00
Brice Maron
dd98afc56c Add doc about multi app dir in sample config 2012-06-07 20:56:21 +00:00
Bart Visscher
e867edd1c8 Add help texts to config options in config.sample.php 2012-06-07 22:47:18 +02:00
Bart Visscher
9d936976a9 Make check for writable apps dir configurable 2012-06-05 17:51:52 +02:00
Frank Karlitschek
a72e6cc113 fix oc-780 2012-05-31 21:28:58 +02:00
Georg Ehrke
8f2217ca2e make default app choosable 2012-05-11 13:56:52 +02:00
Thomas Mueller
07f2e316e4 removing executable bit from various files 2012-04-30 12:05:57 +02:00
Frank Karlitschek
c6144535a8 document the log settings 2012-04-21 23:30:14 +02:00
Frank Karlitschek
a86d89f5ca Add a static code checker for evil patterns in apps.
Disabled by default for now.
We will check for private api calls here later once the public api is in place
2012-04-21 22:47:56 +02:00
Frank Karlitschek
2fbc92bd4b new OC_Mail class to handle all mail sending. The benefit is that is way mor flexible than the standard mail command. can be configured to use a remote smtp relay for example. also port the lostpassword code 2012-04-20 20:49:35 +02:00
Frank Karlitschek
a191b75c31 make it possible to connect to other ocs appstores and other ocs knowledgebase servers.
also make it possible to switch the app store and the knowledgebase off completely.
2012-03-23 15:52:41 +01:00
Frank Karlitschek
a62e109e8c make the location of the 3rdparty folder flexible.
It´s automatically search in the owncloud folder and in the parent folder.
override with an option in config.php is also possible
2012-02-23 15:37:38 +01:00