wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7848 commits 157 branches 562 tags 714 MiB
Commit graph

320 commits

Author SHA1 Message Date
Jörn Friedrich Dreyer
eaa625c9bc Merge pull request #401 from owncloud/share_hooks 
Create functions to install standard hooks
 2012-11-28 04:35:52 -08:00
Bart Visscher
8bed38c78d Rename install hook functions to register hook 2012-11-15 18:13:54 +01:00
Bernhard Posselt
e642d18e26 When using routing in apps, no apps are loaded in the left navigation tree. To fix this: load apps for matching a request 2012-11-15 14:48:18 +01:00
Bart Visscher
530f3f8be9 Create functions to install standard hooks 
Also use these in tests that needs them
Fix #151
 2012-11-13 23:45:17 +01:00
Bart Visscher
7b53c9d3f0 Merge pull request #157 from owncloud/setup 
Make lib/setup.php usable outside of install setup
 2012-11-12 13:23:31 -08:00
Thomas Tanghus
7f0c69eb0e Added CRUDS permissions to the OCP namespace. Implements issue #345 2012-11-11 23:09:54 +01:00
Stefan Seidel
8f669880bc Fix WebDAV (and Android Client) not being able to authorize on Debian Squeeze + mod_fcgid installs. 2012-11-09 13:30:07 +01:00
Felix Moeller
a4b2ea586d Style: Remove all the dangling white spaces 2012-11-04 22:16:04 +01:00
Felix Moeller
27ab0357ae Checkstyle: Fix last six NewlineBeforeOpenBrace 2012-11-04 18:36:16 +01:00
Thomas Müller
8ac3849a95 Merge pull request #238 from fmms/checkstyle04 
Checkstyle fixes
 2012-11-04 08:59:45 -08:00
Lukas Reschke
8c4c74b23f Merge pull request #178 from owncloud/JustOneCSRFTokenPerSession 
Just one CSRF token per session
 2012-11-04 05:54:02 -08:00
Felix Moeller
30d7993e01 Checkstyle fixes: NoSpaceAfterComma 2012-11-04 11:10:46 +01:00
Lukas Reschke
7a7f12a0c1 Create only one CSRF token per session 
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)

With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
 2012-10-31 18:37:59 +01:00
Bart Visscher
6d09752940 DRY for creating htaccess to protect data-directory 2012-10-30 20:57:19 +01:00
Bart Visscher
246d7ea2ea Separate control code from class definition 2012-10-30 20:56:31 +01:00
Lukas Reschke
f6b6780072 Don't use OC_Setup as it will show up the installer 2012-10-29 22:44:49 +01:00
Lukas Reschke
6903475841 Generate .htaccess when upgrading from old versions 
When upgrading from old ownCloud versions like 2.x the .htaccess is not
generated - which exposes the data to the internet. This fix will
generate a .htaccess when upgrading. (And no one exists)
Fixes #127
 2012-10-29 22:03:18 +01:00
Bart Visscher
fecfeac55d Fix introduced style errors 2012-10-27 17:45:15 +02:00
Bart Visscher
894d44e796 Merge remote-tracking branch 'git://github.com/susinths/SabreDAV_1.7.1.git' 
Conflicts:
	lib/base.php
 2012-10-27 16:33:10 +02:00
Bart Visscher
0120f3fd62 Merge branch 'routing' 
Conflicts:
	core/lostpassword/index.php
	core/lostpassword/resetpassword.php
 2012-10-27 11:58:02 +02:00
Bart Visscher
43e8293d9c Change Symfony/Component/Routing from submodule to composer fetching 2012-10-27 11:32:16 +02:00
Felix Moeller
6a00a6b9ed Make Jenkins more happy. 
This is NoSpaceAfterComma
 2012-10-23 00:28:12 +02:00
Bart Visscher
6081bfa2bc Merge branch 'master' into routing 
Conflicts:
	lib/search/provider/file.php
	settings/ajax/changepassword.php
	settings/settings.php
 2012-10-17 16:38:11 +02:00
Susinthiran Sithamparanathan
b2b84f3a6f Update Sabre to version 1.7.1 2012-10-17 16:17:36 +02:00
Lukas Reschke
de7b46c66a Use get_magic_quotes_gpc() to determine if magic_quotes is enabled 
set_magic_quotes_runtime gives a PHP warning
 2012-10-16 19:42:17 +02:00
Lukas Reschke
59404b5675 Merge pull request #31 from visit1985/persistentcookies 
reresubmit: improved persistent cookies :)
 2012-10-16 04:46:22 -07:00
Victor Dubiniuk
ddcd738357 Merge branch 'extended_log' 
PHP errors logging into the owncloud log
 2012-10-16 01:30:45 +03:00
Michael Göhler
8be9c04a3a 128byte is not 128bit - now we realy use 256bit (same as PHPSESSID) 2012-10-15 20:04:22 +02:00
Michael Göhler
ae1f33db54 implement fixed php session timeout and session id regeneration 2012-10-14 22:36:26 +02:00
Michael Göhler
b92fd984aa removed username and password from token generation 2012-10-14 22:36:26 +02:00
Michael Göhler
a6c4046f48 fixed typo and redundant method call 2012-10-14 22:36:25 +02:00
Michael Göhler
d8fe6fbb40 added a warning message to the log when a cookie is rejected 2012-10-14 22:36:25 +02:00
Michael Göhler
382f8d060c fixed wrong variable usage 2012-10-14 22:36:25 +02:00
Michael Göhler
38b9bffaea call unsetMagicInCookie if token is invalid 2012-10-14 22:36:25 +02:00
Michael Göhler
eb79ccafe3 forgot a class name 2012-10-14 22:36:25 +02:00
Michael Göhler
2ea06f67bd delete all tokens on password change 2012-10-14 22:36:25 +02:00
Michael Göhler
45f1c3f120 further improvements on multiple login token support 
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
 2012-10-14 22:36:25 +02:00
Michael Göhler
ee5d0f328f improve token security 
switched from time() to internal method OC_Util::generate_random_bytes()
 2012-10-14 22:36:25 +02:00
Bart Visscher
4b799a6982 Make the lifetime of the remember login cookie 2012-10-14 22:36:25 +02:00
Bart Visscher
7f3e0b5566 Cleanup login tokens on login success 2012-10-14 22:36:25 +02:00
Bart Visscher
1012d317e3 Add support for multiple login cookie tokens 2012-10-14 22:36:25 +02:00
Michael Göhler
7095b3a083 extend logon page to display multiple error messages 2012-10-14 19:57:24 +02:00
Bart Visscher
9a35bd76fb Use resolved path for require_once in autoloader 2012-10-12 15:47:41 +02:00
Bart Visscher
2c3674ea87 Add logging when stripping apps from autoload include path 2012-10-10 21:06:15 +02:00
Bart Visscher
fe40277ec2 Use __DIR__ instead of __FILE__ to get SERVERROOT 2012-10-10 21:06:15 +02:00
Lukas Reschke
cda2135966 Send a HSTS HTTP header to enforce SSL 2012-10-10 18:56:14 +02:00
Arthur Schiwon
3affeb5bd7 destroy invalid sessions 2012-10-08 13:36:11 +02:00
Bart Visscher
f3a211c03c Implement routing on javascript side 2012-10-05 09:42:36 +02:00
Robin Appelman
f8eebcbb01 reload the current url when login in instead of always redirecting to the default app (oc-1873) 2012-09-30 03:47:37 +02:00
Lukas Reschke
578aa4e425 Removed sectoken 
This token is completly useless since an attacker can easily extract it
from the page.
 2012-09-29 15:18:38 +02:00