Commit graph

31520 commits

Author SHA1 Message Date
Vincent Petry
a355e3abe3 Merge pull request #23530 from owncloud/fix-shibboleth
Check if request is sent from official ownCloud client
2016-03-24 10:58:08 +01:00
Thomas Müller
06e8c70400 Fix acls for calendar objects and cards - fixes #23273 2016-03-24 09:53:36 +01:00
Thomas Müller
8c2b19d2bc Return proper current-user-principal on v1 endpoints - fixes #23306 2016-03-24 09:53:36 +01:00
Thomas Müller
4c738ea9c4 Fix group shares on v1 caldav and carddav - fixes #23328 2016-03-24 09:53:36 +01:00
Joas Schilling
c0858f42aa Allow the activity app to set the current user when sending emails 2016-03-24 09:36:44 +01:00
Joas Schilling
dad98542a5 We are only formatting an object when it's not null 2016-03-24 09:34:19 +01:00
Lukas Reschke
117b3e0a12 getAppPath can return false
Fixes https://github.com/owncloud/core/issues/23533
2016-03-24 09:19:43 +01:00
Lukas Reschke
cc8c0b6a90 Check if request is sent from official ownCloud client
There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check)

While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.
2016-03-24 08:59:56 +01:00
Jenkins for ownCloud
4b3af9dfe7 [tx-robot] updated from transifex 2016-03-24 01:57:28 -04:00
Achim Königs
4b2f9e4027 add VALARM for birthday events
ACTION=DISPLAY *should* prevents audible alarms.
2016-03-23 23:21:10 +01:00
Thomas Müller
6fc92453f3 Merge pull request #23515 from owncloud/issue-22695-wrong-menu-translations
Fix the translations of the User menu
2016-03-23 23:20:00 +01:00
Arthur Schiwon
c9587cea76 disable Paged Search when chunksize is set to 0, fixes #21136 2016-03-23 19:47:31 +01:00
Vincent Petry
02c2568442 Dropbox stream download with RetryWrapper 2016-03-23 18:06:01 +01:00
Thomas Müller
765cff49fa Merge pull request #23507 from owncloud/fix-23496-master
Avoid fatal php error dring cron execution
2016-03-23 17:21:49 +01:00
Thomas Müller
6aa658e21b Merge pull request #23509 from owncloud/bump_polyfill
[3rdparty] Bump symfony/polyfill packages
2016-03-23 15:49:44 +01:00
Joas Schilling
6026b67280 Fix the translations of the User menu 2016-03-23 15:34:25 +01:00
Thomas Müller
c8d6a9594a Propagate birthday to group shares as well 2016-03-23 14:12:50 +01:00
Roeland Jago Douma
972f9c08cf [3rdparty] Bump symfony/polyfill packages 2016-03-23 14:04:32 +01:00
Thomas Müller
ea07a428f4 Merge pull request #22506 from owncloud/node-get-from-cache
Query the cache when checking if a node exists
2016-03-23 13:08:17 +01:00
Thomas Müller
e979b9c735 Propagate birthdays of shared addressbooks to the sharee's birthday calendar as well 2016-03-23 12:29:45 +01:00
Thomas Müller
1da18a8ceb Text columns should really have a length 🙈 2016-03-23 12:03:54 +01:00
Thomas Müller
765c64c73e fixes #23496 2016-03-23 11:37:00 +01:00
Thomas Müller
7800b9dbc8 Merge pull request #23434 from owncloud/symfony-event-dispatcher
[3rdparty] Bump symfony/event-dispatcher
2016-03-23 11:22:55 +01:00
Thomas Müller
24331be991 Merge pull request #23431 from owncloud/use-dav-sabre-plugin-for-browser-2
Fix display of vcard and calendar object details page in browser plugin
2016-03-23 11:03:55 +01:00
Thomas Müller
e9d62741e8 Merge pull request #23142 from owncloud/request_properties
Fix analyzer warnings in request.php
2016-03-23 11:03:37 +01:00
Thomas Müller
fc18d33ff8 Merge pull request #22895 from owncloud/cleanup_default_share_provider
Remove support for old shares in the default share provider
2016-03-23 11:02:28 +01:00
Vincent Petry
06e7856400 Adjust core unit tests for unload/reload cases 2016-03-23 10:53:40 +01:00
Thomas Müller
164282c72e Fix display of vcard and calendar object details page in browser plugin 2016-03-23 10:35:21 +01:00
Roeland Jago Douma
0358fd301c [3rdparty] Bump symfony/event-dispatcher 2016-03-23 09:32:11 +01:00
Thomas Müller
efd378814c Merge pull request #23362 from owncloud/fix-l10n-for-themes
Read available l10n files also from theme folder
2016-03-23 09:22:21 +01:00
Thomas Müller
61c5717281 Merge pull request #23463 from owncloud/lets-consistently-use-no-referer
Consistently use rel=noreferrer
2016-03-23 09:14:54 +01:00
Thomas Müller
a25872e034 Merge pull request #23495 from owncloud/disable-paste-zone
Disable pastezone for jquery.fileupload
2016-03-23 09:03:50 +01:00
Thomas Müller
abcee56fe3 Merge pull request #23474 from owncloud/RealRancor-exclude_lost_and_found
Exclude lost+found dir in integrity check
2016-03-23 08:05:27 +01:00
Roeland Jago Douma
e6dc80f0f3 Fix warning in request.php
* Added proper @property tags
* RunTimeException => RuntimeException

Makes code analyzers happier
2016-03-23 07:59:20 +01:00
Roeland Jago Douma
da1dbb52e4 Remove dead function
This was used when we did not have lazy shares yet. Now that we no
longer support legacy shares this can go.
2016-03-23 07:58:17 +01:00
Roeland Jago Douma
b26b8d17eb Remove support for old shares in the default share provider
In 9.0 we converted the old shares to the new shares. So for 9.1 we can
savely remove the fallback code.

This code was required when there was no initiator set.

* Fixed unit tests
2016-03-23 07:58:17 +01:00
Jenkins for ownCloud
e6fb139eb9 [tx-robot] updated from transifex 2016-03-23 01:57:22 -04:00
Thomas Müller
640e6351f1 Merge pull request #23485 from owncloud/composer_allow_ocp
Allow OCP classes to be PSR-4 as well
2016-03-22 21:28:45 +01:00
Thomas Müller
d5be21fe81 Merge pull request #23398 from owncloud/block_group_sharing
Allow blocking of group sharing
2016-03-22 21:28:13 +01:00
Thomas Müller
e516612a25 Merge pull request #22679 from owncloud/fix_22668
When the Share API is disabled do not return shares
2016-03-22 21:26:31 +01:00
Thomas Müller
b1e5adf197 Merge pull request #23488 from owncloud/only-use-usersession-if-installed
Only use the user session if ownCloud is already installed
2016-03-22 21:25:36 +01:00
Lukas Reschke
f8ae1bb36e Disable pastezone for jquery.fileupload
jquery.fileupload offers the [`pastezone`](https://github.com/blueimp/jQuery-File-Upload/wiki/Options#pastezone) functionality. This functionality is enabled by default and if somebody copy-pastes something into Chrome it will automatically trigger an upload of the content to any configured jquery.fileupload element embedded in the JS.

This implementation triggers some problems:

1. The pastezone is defined globally by default (🙈). So if there are multiple fileupload's on a page (such as in the personal settings) then stuff is going to be uploaded to all embedded uploads.
2. Our server code is not able to parse the data. For example for uploads in the files app we expect a file name which is not specified => Just an error is thrown. You can reproduce this by taking a file into your clipboard and in Chrome then pressing <kbd>CTRL + V</kbd>.
3. When copy-pasting some string from MS Office on the personal page a temporary avatar with said content is created.

Considering that this is anyways was never working at all and causes bugs I've set the `pastezone` to `null`. This mens that upload via copy and paste will be disabled.

Lesson learned: Third-party JS libraries can have some weird details.
2016-03-22 20:28:57 +01:00
Roeland Jago Douma
00f48ec37b When the Share API is disabled do not return shares
Fixes #22668

Block everything in the OCS Share API
2016-03-22 19:43:23 +01:00
Vincent Petry
d00f95578b Stronger fix for navigate away detection 2016-03-22 18:29:19 +01:00
Lukas Reschke
1fffc30cf0 Only use the user session if ownCloud is already installed
When installing ownCloud with autotest and MySQL some log entries may be created which will invoke the logging class. IUserSession has a dependency on the database which will make the installation fail => 💣
2016-03-22 17:34:20 +01:00
Thomas Müller
460bafea8a Merge pull request #23484 from owncloud/if-class-is-already-loaded-dont-load-it-again
Dont double load class
2016-03-22 17:25:02 +01:00
Roeland Jago Douma
cf3e740ae8 Fix js strings if group sharing is disabled 2016-03-22 17:13:34 +01:00
Roeland Jago Douma
6719f8ca60 Add intergration tests
* Only for sharees right now
* Sharing intergration tests fail due to the test setup we have right
  now
2016-03-22 17:13:34 +01:00
Roeland Jago Douma
e69a09756b Respect disabled group sharing in sharee endpoint
* Fix tests
2016-03-22 17:13:34 +01:00
Roeland Jago Douma
52826d0e24 Block group sharing in API and in share manager
* Fix tests
2016-03-22 17:13:34 +01:00