* A list of recipients can now be properly formatted with remote shares.
Before the shares where simply shown in full in the "Shared with others"
section.
* Unit tests updated and added
Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system:
1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop
2. MTRand: chr((mt_rand() ^ mt_rand()) % 256)
3. Rand: chr((rand() ^ rand()) % 256)
4. UniqId: Plain uniqid()
An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour.
One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface.
Thanks to David Black from d1b.org for bringing this again to our attention.
This did not happen correctly when the password was enforced since a
different code path was taken.
* moved generation of the default date string to separate function
* added unit test
Calculating the URL is error-prone as it doesn't work when for example `public.php` is requested and might even be harmful as it could leak sensitive information.
Since `oc.js` is even available when maintenance mode is available it is better to use the global `OC.webroot` that is not controlled by any user.
* instead of a static rendering inside PHP use the
JS OC.Notification.showTemporary to hide the
notification after 7 seconds automatically
* fixes#14811
* fix XMLHttpRequest - send after callback is registered
* check for correct type of value - it's a boolean
* return correct content-type in status.php
Added option to disable autoscan of external storages
Mount option file system scan is now an int
Move priority field to avoid undefined field in storage options
All input elements inside the storage options block get parsed into
storage options.
Moving the priority field outside prevents it to appear in the storage
config, as expected. It is still parsed by special code.
- Added StorageConfig class to replace ugly arrays
- Implemented StorageService and StorageController for Global and User
storages
- Async status checking for storages (from Xenopathic)
- Auto-generate id for external storage configs (not the same as
storage_id)
- Refactor JS classes for external storage settings, this mostly
moves/encapsulated existing global event handlers into the
MountConfigListView class.
- Added some JS unit tests for the external storage UI
* Avatar for "xxxx share with you..." to the left
* Avatars for groups and remote shares (use default placeholder)
* Modified and added unit tests
* Use the same css for all the avatars in the dropdown
Doing this in the PHP code is not the right approach for multiple reasons:
1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.
This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
This function is often used in a wrong and potential dangerous way... Thus we should escape the URL per default and offer developers to disable the automatic escaping via an option parameter if they really want that behaviour.
Might break some things, however, those things are then easy to fix and we really have a ton of bugs caused by this...
Fixes https://github.com/owncloud/core/issues/14228
*Changes:*
* "… is not yet properly setup" in line 24 is changed to " … is not yet set up properly" (better word order and space in the middle of "set up", as it is a participle of the verb "to set up").
* "internet" is corrected to "Internet" with a capitalized "I" in lines 54 and 59.
* Also in line 54: "3rd party" is changed to "third-party" to for a more coherent spelling across the different ownCloud components.
* "… apps don´t work" is corrected to "… apps won't work" (with a proper (and hopefully correctly escaped) (apostrophe)[http://en.wikipedia.org/wiki/Apostrophe#Typographic_form] instead of the (acute accent)[http://en.wikipedia.org/wiki/Acute_accent]).
* Still in line 54: The negation is corrected from "… might also not work" to "… might not work, either".
During upgrade, the config settings aren't always available due to
base.php changes. This fix makes the update info page read the product
name and version from the update template, which already had them.
* options for timeout in seconds and if it contains HTML
* if timeout is 0 it will show the message permanently
* removes the notification after a given (default: 5 seconds) timeframe
* based on work by @brantje
* provide JS unit tests for notifications
* add disableEscape parameter to disable this functionality
* drop usage of escapeHTML() that is now done inside t()
* add unit test for escaped and not escaped placeholder
* proper JSDoc
Beside some small improvements and bug fixes this will probably the final state for OC8.
To test this you need to set up two ownCloud instances. Let's say:
URL: myPC/firstOwnCloud user: user1
URL: myPC/secondOwnCloud user: user2
Now user1 can share a file with user2 by entering the username and the URL to the second ownCloud to the share-drop-down, in this case "user2@myPC/secondOwnCloud".
The next time user2 login he will get a notification that he received a server-to-server share with the option to accept/decline it. If he accept it the share will be mounted. In both cases a event will be send back to user1 and add a notification to the activity stream that the share was accepted/declined.
If user1 decides to unshare the file again from user2 the share will automatically be removed from the second ownCloud server and user2 will see a notification in his activity stream that user1@myPC/firstOwnCloud has unshared the file/folder from him.
add ldap-search command to occ
Conflicts:
apps/user_ldap/appinfo/register_command.php
LDAP search filter creation changes:
1. do not prepend * wildcard to search terms. Will result in faster search, but
you don't find "foobar" when looking for "bar"
2. advanced behaviour when search string contains a space and multiple search
attributes are present. The search string is split into single words. The
resulting filter requires that each word at least appears once in any search
attribute. This is supposed to return better results in big LDAPs.
trim search string before passing it on
If the webroot has been set to an empty value or ownCloud has been installed at the root location (`/``) there is a fair chance that the redirect for password resets does not work at all.
This means that while the password is getting resetted the user is not redirected to the login page.
I'm aware that it might be better to just set the webroot to `/` in those cases but this patch is better in the regard that it cannot break stuff.
Thanks to @PVince81 for helping me debugging this. (I'm a moron and assumed it couldn't be THAT easy)
Reported by @cdamken
Creating a new key pair can take 1-2 seconds. So it could happen that the user click the "Reset password" button again which can lead to many nasty things, e.g. we could create two new key pairs in parallel.
This patch wil warn the user of the consequences when resetting the password and requires checking a checkbox (as we had in the past) to reset a password.
Furthermore I updated the code to use our new classes and added some unit tests for it 👯
Fixes https://github.com/owncloud/core/issues/11438
Moved search result type translations to search.js
Load JS translations earlier
Translations need to be loaded earlier to make sure that some JS files
like search.js get access to translations at this time.
This requires the template initialization to be moved to after session
initialization, because only after the session we have access to the
current language.
Added addTranslations and fixed de.js file
Fixed de.js to use OC.L10N.register() and use to correct expected
format.
Added JS unit tests for OC.L10N class
Include translations JS script for all apps
- Added setup checks in JavaScript
- Moved isWebDAVWorking to JS using SetupChecks
- Moved internet connection checks to an ajax call that goes through the
server
Using status.php for this.
I modified status.php to also show, whether we're in maintenance.
Checks every 20 seconds if maintenance is over, if yes: reload.