Commit graph

13035 commits

Author SHA1 Message Date
Thomas Müller
c46f480031 In case of exception we return an html page in case the client is a browser 2016-03-24 19:02:16 +01:00
Thomas Müller
a7e7f5e180 Merge pull request #23511 from owncloud/sidebar-click
sidebar click modification
2016-03-24 13:30:27 +01:00
Thomas Müller
3d51682440 Merge pull request #23342 from owncloud/fix-group-sharing-for-v1-caldav-and-carddav
Fix group shares on v1 caldav and carddav
2016-03-24 12:47:18 +01:00
Erik Pellikka
50655cbf7f sidebar click modification 2016-03-24 11:57:40 +01:00
Thomas Müller
06e8c70400 Fix acls for calendar objects and cards - fixes #23273 2016-03-24 09:53:36 +01:00
Thomas Müller
8c2b19d2bc Return proper current-user-principal on v1 endpoints - fixes #23306 2016-03-24 09:53:36 +01:00
Thomas Müller
4c738ea9c4 Fix group shares on v1 caldav and carddav - fixes #23328 2016-03-24 09:53:36 +01:00
Lukas Reschke
cc8c0b6a90 Check if request is sent from official ownCloud client
There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check)

While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.
2016-03-24 08:59:56 +01:00
Jenkins for ownCloud
4b3af9dfe7 [tx-robot] updated from transifex 2016-03-24 01:57:28 -04:00
Thomas Müller
765cff49fa Merge pull request #23507 from owncloud/fix-23496-master
Avoid fatal php error dring cron execution
2016-03-23 17:21:49 +01:00
Thomas Müller
ea07a428f4 Merge pull request #22506 from owncloud/node-get-from-cache
Query the cache when checking if a node exists
2016-03-23 13:08:17 +01:00
Thomas Müller
765c64c73e fixes #23496 2016-03-23 11:37:00 +01:00
Thomas Müller
24331be991 Merge pull request #23431 from owncloud/use-dav-sabre-plugin-for-browser-2
Fix display of vcard and calendar object details page in browser plugin
2016-03-23 11:03:55 +01:00
Thomas Müller
164282c72e Fix display of vcard and calendar object details page in browser plugin 2016-03-23 10:35:21 +01:00
Thomas Müller
61c5717281 Merge pull request #23463 from owncloud/lets-consistently-use-no-referer
Consistently use rel=noreferrer
2016-03-23 09:14:54 +01:00
Thomas Müller
a25872e034 Merge pull request #23495 from owncloud/disable-paste-zone
Disable pastezone for jquery.fileupload
2016-03-23 09:03:50 +01:00
Jenkins for ownCloud
e6fb139eb9 [tx-robot] updated from transifex 2016-03-23 01:57:22 -04:00
Thomas Müller
d5be21fe81 Merge pull request #23398 from owncloud/block_group_sharing
Allow blocking of group sharing
2016-03-22 21:28:13 +01:00
Lukas Reschke
f8ae1bb36e Disable pastezone for jquery.fileupload
jquery.fileupload offers the [`pastezone`](https://github.com/blueimp/jQuery-File-Upload/wiki/Options#pastezone) functionality. This functionality is enabled by default and if somebody copy-pastes something into Chrome it will automatically trigger an upload of the content to any configured jquery.fileupload element embedded in the JS.

This implementation triggers some problems:

1. The pastezone is defined globally by default (🙈). So if there are multiple fileupload's on a page (such as in the personal settings) then stuff is going to be uploaded to all embedded uploads.
2. Our server code is not able to parse the data. For example for uploads in the files app we expect a file name which is not specified => Just an error is thrown. You can reproduce this by taking a file into your clipboard and in Chrome then pressing <kbd>CTRL + V</kbd>.
3. When copy-pasting some string from MS Office on the personal page a temporary avatar with said content is created.

Considering that this is anyways was never working at all and causes bugs I've set the `pastezone` to `null`. This mens that upload via copy and paste will be disabled.

Lesson learned: Third-party JS libraries can have some weird details.
2016-03-22 20:28:57 +01:00
Roeland Jago Douma
00f48ec37b When the Share API is disabled do not return shares
Fixes #22668

Block everything in the OCS Share API
2016-03-22 19:43:23 +01:00
Roeland Jago Douma
e69a09756b Respect disabled group sharing in sharee endpoint
* Fix tests
2016-03-22 17:13:34 +01:00
Roeland Jago Douma
52826d0e24 Block group sharing in API and in share manager
* Fix tests
2016-03-22 17:13:34 +01:00
Thomas Müller
48ec8ab3d3 Merge pull request #23404 from owncloud/fix-22988
adjust PrincipalUri as returned from Sabre to effective username
2016-03-22 14:49:54 +01:00
Thomas Müller
9fc371e436 Merge pull request #23320 from owncloud/early-creation-of-birthday-calendar
Create the contact birthday calendar right away as soon as the comman…
2016-03-22 10:31:01 +01:00
Thomas Müller
5e4f9b8627 Merge pull request #23440 from owncloud/fix_22286
apply retry wrapper to make sure that we always read/write a complete block
2016-03-22 09:50:05 +01:00
Thomas Müller
ac799a40e3 Merge pull request #23422 from owncloud/icon-and-you-translation-for-comments
Add comment icon and "You commented" translations to activities
2016-03-22 09:49:30 +01:00
Jenkins for ownCloud
aa5bb56010 [tx-robot] updated from transifex 2016-03-22 01:55:40 -04:00
Arthur Schiwon
be572de7f0 fix unittest 2016-03-21 21:53:16 +01:00
Thomas Müller
2357bbf80a Merge pull request #23439 from owncloud/smb-permissions
properly use smb permissions
2016-03-21 18:05:45 +01:00
Thomas Müller
36e1476270 Merge pull request #23388 from owncloud/issue-22887-infinite-background-job-loop-for-old-versions
Do not create a new job when federation failed to connect but use existing job
2016-03-21 18:04:02 +01:00
Thomas Müller
736b80f0cb Merge pull request #23323 from owncloud/gdrive-chunkupload
Chunk upload for GDrive
2016-03-21 18:02:55 +01:00
Thomas Müller
beef371398 Merge pull request #23292 from owncloud/dav-chunking-onlyfirehooksonce
Do not fire pre/post hooks twice on chunk upload
2016-03-21 18:02:30 +01:00
Thomas Müller
492a1ded1c Merge pull request #23083 from owncloud/generate-birthdays-on-upgrade
Birthday events are generated on upgrade
2016-03-21 17:48:02 +01:00
Bjoern Schiessle
f761733f17 apply retry wrapper to make sure that we always read/write a complete block 2016-03-21 17:39:43 +01:00
Vincent Petry
f28f538029 Do not fire pre/post hooks twice on chunk upload 2016-03-21 15:14:58 +01:00
Robin Appelman
8ab70b1231 properly use smb permissions 2016-03-21 14:35:41 +01:00
Robin Appelman
792752772d update icewind/smb to 1.0.8 2016-03-21 14:24:00 +01:00
Robin Appelman
dfbd85d723 update icewind/streams to 0.4.0 and icewind/smb to 1.0.7 in files_external 2016-03-21 14:24:00 +01:00
Robin Appelman
d0dd76bb8a set watch policy in test 2016-03-21 13:53:33 +01:00
Thomas Müller
8852fdaee3 Merge pull request #22789 from owncloud/dav-sharesproperty
Add webdav property for share info in PROPFIND response
2016-03-21 11:15:00 +01:00
Joas Schilling
b7f7fc7241 Do not create a new job when it failed to connect atm 2016-03-21 10:29:53 +01:00
Thomas Müller
e983bd7db0 Merge pull request #23368 from owncloud/use-dav-sabre-plugin-for-browser
In debugging mode we enable Sabre's browser plugin since it helps a l…
2016-03-21 10:13:27 +01:00
Thomas Müller
c77412b1ac Merge pull request #22792 from owncloud/no-recovery-key-if-the-master-key-is-enabled
disable the recovery key if the master key is enabled
2016-03-21 09:49:15 +01:00
Thomas Müller
8442516e10 Merge pull request #23329 from owncloud/fix-21555
Avatar must be saved after login is done and external storages set up…
2016-03-21 09:47:50 +01:00
Joas Schilling
b2f4e4559f Add comment icons and "You commented" translations 2016-03-21 09:41:13 +01:00
Jenkins for ownCloud
35bc315f59 [tx-robot] updated from transifex 2016-03-21 01:55:40 -04:00
Lukas Reschke
6ad957906e Consistently use rel=noreferrer
When linking to external entities we should consistently use rel=noreferrer
2016-03-20 15:27:20 +01:00
Jenkins for ownCloud
1f1d87d413 [tx-robot] updated from transifex 2016-03-20 01:55:09 -04:00
Jenkins for ownCloud
9c053ed465 [tx-robot] updated from transifex 2016-03-19 01:55:39 -04:00
Arthur Schiwon
117c1bffa7 adjust PrincipilUri as returned from Sabre to effective username 2016-03-18 23:31:11 +01:00