Commit graph

49 commits

Author SHA1 Message Date
Thomas Müller
c74c8eff3a Enable x-sendfile only if we do not lock the file system 2015-06-22 12:07:53 +02:00
Vincent Petry
a9bca9e3aa Lock file before download
This will throw a LockedException if a concurrent request is currently
touching that file.
2015-06-18 12:05:26 +02:00
Lukas Reschke
8ce3d6ea57 End processing when file is not found
We have to end the processing when a file is not found or otherwise the method is proceeding and even sending invalid file paths to the sendfile methods.

Due to nginx preventing directory traversals this is luckily not immediately exploitable. We should for hardening purposes however quit the script execution just as we do for 403 cases and others as well.
2015-05-22 11:53:02 +02:00
Bjoern Schiessle
887be709f5 a new approach to display the error message 2015-05-18 10:15:17 +02:00
Thomas Müller
00338f9dca Removing files_encryption left overs 2015-04-07 13:30:28 +02:00
Thomas Müller
3bf269e565 Merge pull request #15229 from owncloud/response-setContentLengthHeader
Add OC_Response::setContentLengthHeader() for Apache PHP SAPI workaround...
2015-04-03 22:51:36 +02:00
Robin McCorkell
ab991458ad Require minimum 1 MiB upload limit 2015-03-27 23:43:35 +00:00
Thomas Müller
a8b756154a Merge pull request #14495 from owncloud/update-mailmap-01
Updating .mailmap
2015-03-26 17:17:18 +01:00
Andreas Fischer
0f58315543 Add OC_Response::setContentLengthHeader() for Apache PHP SAPI workaround.
Do not send Content-Length headers with a value larger than PHP_INT_MAX
(2147483647) on Apache PHP SAPI 32-bit. PHP will eat them and send 2147483647
instead.

When X-Sendfile is enabled, Apache will send a correct Content-Length header,
even for files larger than 2147483647 bytes. When X-Sendfile is not enabled,
ownCloud will not send a Content-Length header. This prevents progress bars
from working, but allows the actual transfer to work properly.
2015-03-26 16:37:38 +01:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
dratini0
d4e5ef4f38 Removed simplified X-accel-redirect even further 2015-03-23 17:51:12 +01:00
dratini0
c432b52c74 Changed the disputed while loop to a single if. 2015-03-23 16:12:03 +01:00
Morris Jobke
06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
dratini0
10e13b172a Extending the X-accel redirect functionality with a more scalable approach. 2015-02-11 22:19:22 +01:00
dratini0
b1594ad1df Revert "Fix: X-Accel-Redirect did not support custom data dir and local mounts"
This reverts commit f2075f803f.
2015-02-11 22:19:22 +01:00
dratini0
80032ec301 Revert "removed a little duplication"
This reverts commit 31970ee740.
2015-02-11 22:19:22 +01:00
dratini0
31970ee740 removed a little duplication 2014-12-30 22:36:13 +01:00
dratini0
f2075f803f Fix: X-Accel-Redirect did not support custom data dir and local mounts 2014-12-30 22:07:04 +01:00
Joas Schilling
8e28bf012c Move constants from GET_TYPE to OC\Files so they can be autoloaded 2014-11-26 12:56:54 +01:00
Lukas Reschke
b3a04840b5 Add type hinting to functions
It's only reasonable to have proper type hinting here which might even help us to catch bugs.
2014-10-24 14:13:40 +02:00
Lukas Reschke
8fc1a9f5a9 Make 404 page easier to understand
Fixes https://github.com/owncloud/core/issues/11133
2014-09-17 22:57:32 +02:00
Lukas Reschke
312ed18d15 Use secure mimetype for content delivery
Adds some hardening against potential CSP bypassed.
2014-09-08 15:57:39 +02:00
Morris Jobke
57ef089aac drop allowZIPdownload and maxZIPSize as options 2014-06-02 16:29:03 +02:00
Robin McCorkell
a7ae2e874a Squash 'a | b' into 'a|b', in /lib 2014-05-13 19:08:14 +01:00
Vincent Petry
d16bb09aed Merge pull request #8045 from josh4trunks/nginx_x-accel_send_uri
Send URI instead of filepath to NGINX for X-Accel
2014-05-06 18:41:06 +02:00
Morris Jobke
623161b9a9 Merge pull request #8023 from flyser/master
Fix setting the max-upload-size for really large values.
2014-05-03 11:49:38 +02:00
Lukas Reschke
81c23b02da Link to previous directory 2014-04-16 21:10:14 +02:00
Lukas Reschke
2bda3f9ae0 Use direct link instead of JS
Due to our CSP policy this link won’t work as it it considered as
inline Javascript.

This commit replaces the link with a static link to the files app.

Reimplementation of #8067 - fixes #7742
2014-04-14 20:16:52 +02:00
josh4trunks
9b4643f386 Send URI instead of filepath to NGINX for X-Accel 2014-04-03 20:46:54 -07:00
Fabian Henze
7cdb16979a Fix setting the max-upload-size for really large values.
php can only parse filesize units up to gigabytes, not terabytes or petabytes.
2014-04-03 01:17:28 +02:00
Vincent Petry
b48510c978 Use the correct resolve method to resolve file storage
When detecting whether the file to be downloaded is on external storage,
the correct path needs to be used.

It turns out that \OC\Files\View is needed to resolve the path correctly
relative to the user's home.
2014-03-26 18:14:35 +01:00
Thomas Müller
b35cd54e87 Merge branch 'zipstreamer' of https://github.com/McNetic/owncloud_core into McNetic-zipstreamer
Conflicts:
	lib/private/files.php
2014-02-20 16:36:37 +01:00
Vincent Petry
952584e9c7 Merge pull request #7195 from owncloud/files-selectall
Do not send file list for select all on Download/delete
2014-02-19 14:33:24 +01:00
Scrutinizer Auto-Fixer
adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00
Thomas Müller
9fac95c2ab Merge branch 'master' into scrutinizer_documentation_patches
Conflicts:
	lib/private/appconfig.php
2014-02-14 23:03:27 +01:00
Vincent Petry
d5397d813c Do not send file list for select all on Download/delete
- When all files are selected, do not send the whole file list
- Download will trigger download for the parent folder, also works
  with root
- Delete will send "allfiles" to the server that will find the file
  list or the passed directory by itself
2014-02-13 20:28:52 +01:00
Vincent Petry
788c8540aa Added isLocal() method to storage, used for xsendfile
Added isLocal() method to Storage to find out whether the storage is
local or not.
This method is used for the x-sendfile logic to find out whether to add
the headers.
2014-02-06 20:53:15 +01:00
Jörn Friedrich Dreyer
2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Nicolai Ehemann
99ad4e8000 switched zip file creation to ZipStreamer to create zip files directly in memory 2014-01-22 12:49:52 +01:00
Nicolai Ehemann
791772abea refactored/cleaned up lib/files.php
cleaned up get() logic
fixed get() to only send headers if requested (xsendfile could get in the way)
do no longer readfile() when already using mod_xsendfile or similar
2014-01-22 11:53:03 +01:00
Jörn Friedrich Dreyer
267e1f3c40 use 'download.zip' as default name for zip downloads instead of 'owncloud.zip' 2014-01-21 12:41:10 +01:00
Nicolai Ehemann
66aa9b4e27 lib/files.php: make use of === instead of == 2014-01-18 15:16:17 +01:00
Vincent Petry
409b510889 Moved content disposition code+workarounds to OCP\Response
Added new OC\Response API called setContentDispositionHeader() that
contains the needed workarounds for UTF8 and IE.

Refactored download code to use the new API.

Removed unused trashbin download file.
2013-12-10 12:42:26 +01:00
Bart Visscher
4c8bc61753 XSendfile and encryption don't work together
The file on disk is encrypted, and not readable on client systems
2013-12-06 17:59:59 +01:00
Thomas Müller
f2fe47bc21 fixing spelling and restructure sentence 2013-11-21 09:59:21 +01:00
Vincent Petry
726a202cdb Fixed getLocalFile() condition for x-send-file
Until now, addSendfileHeader() was called even when no x-send-file
headers were set. Even though the method itself doesn't do anything,
a call to getLocalFile() was done and would trigger a full download
when using external storage.

Additionally, the storage resolution code is wrong and always
returns the local storage of the root filesystem, which caused the code to
be run anyway.

This commit fixes both issues.
2013-11-20 14:33:59 +01:00
Vincent Petry
614e4d485c External storage space is now not counted in total space
Added argument to getFileInfo() to disable adding the size of
mountpoints to a directory's size.

Fixes #5924
2013-11-18 18:09:01 +01:00
Thomas Müller
9c9dc276b7 move the private namespace OC into lib/private - OCP will stay in lib/public
Conflicts:
	lib/private/vcategories.php
2013-09-30 16:36:59 +02:00
Renamed from lib/files.php (Browse further)