Commit graph

31247 commits

Author SHA1 Message Date
Vincent Petry
a355e3abe3 Merge pull request #23530 from owncloud/fix-shibboleth
Check if request is sent from official ownCloud client
2016-03-24 10:58:08 +01:00
Lukas Reschke
cc8c0b6a90 Check if request is sent from official ownCloud client
There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check)

While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.
2016-03-24 08:59:56 +01:00
Jenkins for ownCloud
4b3af9dfe7 [tx-robot] updated from transifex 2016-03-24 01:57:28 -04:00
Thomas Müller
6fc92453f3 Merge pull request #23515 from owncloud/issue-22695-wrong-menu-translations
Fix the translations of the User menu
2016-03-23 23:20:00 +01:00
Thomas Müller
765cff49fa Merge pull request #23507 from owncloud/fix-23496-master
Avoid fatal php error dring cron execution
2016-03-23 17:21:49 +01:00
Thomas Müller
6aa658e21b Merge pull request #23509 from owncloud/bump_polyfill
[3rdparty] Bump symfony/polyfill packages
2016-03-23 15:49:44 +01:00
Joas Schilling
6026b67280 Fix the translations of the User menu 2016-03-23 15:34:25 +01:00
Roeland Jago Douma
972f9c08cf [3rdparty] Bump symfony/polyfill packages 2016-03-23 14:04:32 +01:00
Thomas Müller
ea07a428f4 Merge pull request #22506 from owncloud/node-get-from-cache
Query the cache when checking if a node exists
2016-03-23 13:08:17 +01:00
Thomas Müller
765c64c73e fixes #23496 2016-03-23 11:37:00 +01:00
Thomas Müller
7800b9dbc8 Merge pull request #23434 from owncloud/symfony-event-dispatcher
[3rdparty] Bump symfony/event-dispatcher
2016-03-23 11:22:55 +01:00
Thomas Müller
24331be991 Merge pull request #23431 from owncloud/use-dav-sabre-plugin-for-browser-2
Fix display of vcard and calendar object details page in browser plugin
2016-03-23 11:03:55 +01:00
Thomas Müller
e9d62741e8 Merge pull request #23142 from owncloud/request_properties
Fix analyzer warnings in request.php
2016-03-23 11:03:37 +01:00
Thomas Müller
fc18d33ff8 Merge pull request #22895 from owncloud/cleanup_default_share_provider
Remove support for old shares in the default share provider
2016-03-23 11:02:28 +01:00
Thomas Müller
164282c72e Fix display of vcard and calendar object details page in browser plugin 2016-03-23 10:35:21 +01:00
Roeland Jago Douma
0358fd301c [3rdparty] Bump symfony/event-dispatcher 2016-03-23 09:32:11 +01:00
Thomas Müller
efd378814c Merge pull request #23362 from owncloud/fix-l10n-for-themes
Read available l10n files also from theme folder
2016-03-23 09:22:21 +01:00
Thomas Müller
61c5717281 Merge pull request #23463 from owncloud/lets-consistently-use-no-referer
Consistently use rel=noreferrer
2016-03-23 09:14:54 +01:00
Thomas Müller
a25872e034 Merge pull request #23495 from owncloud/disable-paste-zone
Disable pastezone for jquery.fileupload
2016-03-23 09:03:50 +01:00
Thomas Müller
abcee56fe3 Merge pull request #23474 from owncloud/RealRancor-exclude_lost_and_found
Exclude lost+found dir in integrity check
2016-03-23 08:05:27 +01:00
Roeland Jago Douma
e6dc80f0f3 Fix warning in request.php
* Added proper @property tags
* RunTimeException => RuntimeException

Makes code analyzers happier
2016-03-23 07:59:20 +01:00
Roeland Jago Douma
da1dbb52e4 Remove dead function
This was used when we did not have lazy shares yet. Now that we no
longer support legacy shares this can go.
2016-03-23 07:58:17 +01:00
Roeland Jago Douma
b26b8d17eb Remove support for old shares in the default share provider
In 9.0 we converted the old shares to the new shares. So for 9.1 we can
savely remove the fallback code.

This code was required when there was no initiator set.

* Fixed unit tests
2016-03-23 07:58:17 +01:00
Jenkins for ownCloud
e6fb139eb9 [tx-robot] updated from transifex 2016-03-23 01:57:22 -04:00
Thomas Müller
640e6351f1 Merge pull request #23485 from owncloud/composer_allow_ocp
Allow OCP classes to be PSR-4 as well
2016-03-22 21:28:45 +01:00
Thomas Müller
d5be21fe81 Merge pull request #23398 from owncloud/block_group_sharing
Allow blocking of group sharing
2016-03-22 21:28:13 +01:00
Thomas Müller
e516612a25 Merge pull request #22679 from owncloud/fix_22668
When the Share API is disabled do not return shares
2016-03-22 21:26:31 +01:00
Thomas Müller
b1e5adf197 Merge pull request #23488 from owncloud/only-use-usersession-if-installed
Only use the user session if ownCloud is already installed
2016-03-22 21:25:36 +01:00
Lukas Reschke
f8ae1bb36e Disable pastezone for jquery.fileupload
jquery.fileupload offers the [`pastezone`](https://github.com/blueimp/jQuery-File-Upload/wiki/Options#pastezone) functionality. This functionality is enabled by default and if somebody copy-pastes something into Chrome it will automatically trigger an upload of the content to any configured jquery.fileupload element embedded in the JS.

This implementation triggers some problems:

1. The pastezone is defined globally by default (🙈). So if there are multiple fileupload's on a page (such as in the personal settings) then stuff is going to be uploaded to all embedded uploads.
2. Our server code is not able to parse the data. For example for uploads in the files app we expect a file name which is not specified => Just an error is thrown. You can reproduce this by taking a file into your clipboard and in Chrome then pressing <kbd>CTRL + V</kbd>.
3. When copy-pasting some string from MS Office on the personal page a temporary avatar with said content is created.

Considering that this is anyways was never working at all and causes bugs I've set the `pastezone` to `null`. This mens that upload via copy and paste will be disabled.

Lesson learned: Third-party JS libraries can have some weird details.
2016-03-22 20:28:57 +01:00
Roeland Jago Douma
00f48ec37b When the Share API is disabled do not return shares
Fixes #22668

Block everything in the OCS Share API
2016-03-22 19:43:23 +01:00
Lukas Reschke
1fffc30cf0 Only use the user session if ownCloud is already installed
When installing ownCloud with autotest and MySQL some log entries may be created which will invoke the logging class. IUserSession has a dependency on the database which will make the installation fail => 💣
2016-03-22 17:34:20 +01:00
Thomas Müller
460bafea8a Merge pull request #23484 from owncloud/if-class-is-already-loaded-dont-load-it-again
Dont double load class
2016-03-22 17:25:02 +01:00
Roeland Jago Douma
cf3e740ae8 Fix js strings if group sharing is disabled 2016-03-22 17:13:34 +01:00
Roeland Jago Douma
6719f8ca60 Add intergration tests
* Only for sharees right now
* Sharing intergration tests fail due to the test setup we have right
  now
2016-03-22 17:13:34 +01:00
Roeland Jago Douma
e69a09756b Respect disabled group sharing in sharee endpoint
* Fix tests
2016-03-22 17:13:34 +01:00
Roeland Jago Douma
52826d0e24 Block group sharing in API and in share manager
* Fix tests
2016-03-22 17:13:34 +01:00
Roeland Jago Douma
195efc12eb Add config to sharemanager 2016-03-22 17:13:34 +01:00
Roeland Jago Douma
35024beb9c Add allow sharing with groups checkbox to admin page 2016-03-22 17:13:34 +01:00
Thomas Müller
6aa28037c7 Merge pull request #23437 from owncloud/save-query-when-the-list-is-empty
Save the query when we get tags for no objects
2016-03-22 17:12:24 +01:00
Roeland Jago Douma
5b78c604b5 Move IServerContainter to PSR-4 2016-03-22 16:39:19 +01:00
Roeland Jago Douma
f838d24c5d Allos OCP classes to be PSR-4 as well
This adds the OCP namespace to the composer autoloader as well.
This means that now we can use proper PSR-4 filenames in OCP.
2016-03-22 16:31:18 +01:00
Lukas Reschke
8e72e51b21 Dont double load class
If the class already exists we should not load it twice. Since the composer autoloader is also used in core this could otherwise load a file twice.

This leads to problems otherwise with case insensitive operating systems like OS X. We can get rid of this once all file names in OC follow PSR-4, until then we probably need this check.
2016-03-22 16:19:12 +01:00
Thomas Müller
ffe57a55d9 Merge pull request #23461 from owncloud/activity-491-autoloading-issue-without-sharing
Fix "AutoloadNotAllowedException" when files_sharing is disabled
2016-03-22 15:12:25 +01:00
Thomas Müller
0cd93a8e72 Merge pull request #23411 from owncloud/new_sharing_to_composer
Move sharing 2.0 to composer autoloader
2016-03-22 15:10:11 +01:00
Thomas Müller
48ec8ab3d3 Merge pull request #23404 from owncloud/fix-22988
adjust PrincipalUri as returned from Sabre to effective username
2016-03-22 14:49:54 +01:00
Lukas Reschke
5d170e0505 Merge branch 'exclude_lost_and_found' of https://github.com/RealRancor/core into RealRancor-exclude_lost_and_found 2016-03-22 12:58:14 +01:00
Joas Schilling
dcca20a48a Save the query when we get tags for no objects 2016-03-22 11:13:11 +01:00
Thomas Müller
9fc371e436 Merge pull request #23320 from owncloud/early-creation-of-birthday-calendar
Create the contact birthday calendar right away as soon as the comman…
2016-03-22 10:31:01 +01:00
Thomas Müller
7426be0937 Merge pull request #23448 from owncloud/issue-22993-soften-exception-on-enable-default-app
Do not abort with an exception when a default app can not be enabled
2016-03-22 10:19:59 +01:00
Thomas Müller
da8781e425 Merge pull request #23443 from owncloud/some-more-logging-information
Log more information by default
2016-03-22 10:06:32 +01:00