Lukas Reschke
5b65591d84
Do not allow directory traversal using "../"
...
We should not allow directory traversals using "../" here.
To test access the following URL once with and then without this patch:
http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
2016-07-01 13:36:05 +02:00
Lukas Reschke
179a355b2c
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
2016-07-01 11:36:35 +02:00
Vincent Petry
4acb06923d
Filelist change dir auto-prepend slash
...
Prepend a slash to directories in case it was missing since many places
assume that it's there.
2016-07-01 11:10:37 +02:00
Jenkins for ownCloud
2d2d2267f7
[tx-robot] updated from transifex
2016-07-01 01:57:04 -04:00
Vincent Petry
8f90259b02
Merge pull request #25304 from owncloud/local-karma
...
Always use local karma
2016-06-30 17:29:56 +02:00
Vincent Petry
22746990e6
Merge pull request #25310 from owncloud/search-preventinfiniteloop
...
Prevent infinite loop in search auto-nextpage
2016-06-30 17:20:25 +02:00
Robin Appelman
9fb92b56ec
show configuration options for authentication backends while listing storage
...
Fixes #22447
2016-06-30 15:50:14 +02:00
Robin Appelman
f982d104f3
hide hidden parameters from list backend/auth parameters
2016-06-30 15:44:42 +02:00
Björn Schießle
8e002b6155
Merge pull request #255 from nextcloud/dav-permission-check
...
add some additonal permission checks to the webdav backend
2016-06-30 14:41:23 +02:00
Marius Blüm
2cdee70305
Merge pull request #258 from nextcloud/set-disposition
...
Set content-type to "application/octet-stream"
2016-06-30 14:27:43 +02:00
Bjoern Schiessle
26e14529be
fix error message
2016-06-30 13:50:31 +02:00
Lukas Reschke
149218ead9
Fix tests
2016-06-30 13:46:08 +02:00
Morris Jobke
5d0f5f175b
Merge pull request #253 from nextcloud/fix-versions
...
check permissions before rollback
2016-06-30 13:42:45 +02:00
Lukas Reschke
c771368c4e
Add proper throws PHP docs
2016-06-30 13:19:50 +02:00
Lukas Reschke
1e7f0f7341
Add required $message parameter
2016-06-30 13:17:53 +02:00
Lukas Reschke
700a57d8b6
Set content-type to "application/octet-stream"
...
Some browsers such as Firefox on Microsoft Windows otherwise do offer to open the file directly which is kinda silly.
2016-06-30 12:47:46 +02:00
Lukas Reschke
b32b296ed7
Add integration tests
2016-06-30 12:21:01 +02:00
Bjoern Schiessle
1b74cf72fb
check permissions before rollback
2016-06-30 11:27:25 +02:00
Bjoern Schiessle
3571207bd9
add some additonal permission checks to the webdav backend
2016-06-30 11:16:49 +02:00
Vincent Petry
5cfbb9624f
Prevent infinite loop in search auto-nextpage
...
When loading the next page of search results, make sure that the loop
can end if there are no more elements in case the total doesn't match.
Also added a check to avoid recomputing the search results whenever the
setFilter() is called with the same value. This happens when navigating
away to another folder, the search field gets cleared automatically and
it calls FileList.setFilter('').
2016-06-30 11:10:48 +02:00
Morris Jobke
f7a69c765a
Merge pull request #247 from nextcloud/l10n-fixes
...
Fix update notification text
2016-06-30 09:11:54 +02:00
Morris Jobke
3acdc1339d
Merge pull request #206 from nextcloud/ci-mysql
...
Add mysql job to CI
2016-06-30 09:06:19 +02:00
Jenkins for ownCloud
1b9fa4dd5f
[tx-robot] updated from transifex
2016-06-30 01:55:56 -04:00
Hendrik Leppelsack
1369535d03
always use local karma
2016-06-29 18:45:13 +02:00
Morris Jobke
83a046a0fb
Merge pull request #248 from nextcloud/tx-fixes
...
Update transifex config
2016-06-29 16:41:45 +02:00
Morris Jobke
9a1e393470
Merge pull request #245 from nextcloud/fix-243
...
targets 3rdparty submodule from Nc instead of oC
2016-06-29 16:34:29 +02:00
Morris Jobke
409672d981
Fix update notification text
...
* thanks to ungesundes_halbwissen @ transifex
2016-06-29 16:05:51 +02:00
Morris Jobke
01829e8d7c
mysql only works with 3 byte UTF-8
2016-06-29 15:53:23 +02:00
Daniel Molkentin
c3b600b934
fix version string
2016-06-29 15:11:48 +02:00
Daniel Molkentin
4a43fbfb5e
9.1.0 RC 1
2016-06-29 15:09:40 +02:00
Thomas Müller
b55ab6d22a
Various database migration fixes ( #25209 )
...
* String columns with a length higher then 4000 are converted into a CLOB columns automagically - we have to respect this when migrating
* Adding schema migration tests to prevent unnecessary and non-sense migration steps
Fix Oracle autoincrement and unsigned handling
* Fix sqlite integer type for autoincrement
* Use lower case table names - fixes pg
* Fix postgres with default -1 - this only affect pg 9.4 servers - 9.5 seems to work fine
2016-06-29 14:54:41 +02:00
Morris Jobke
c1d990d547
Update transifex config
2016-06-29 14:36:30 +02:00
Vincent Petry
c8fbe39801
Merge pull request #25288 from owncloud/fix-versionrevertperms
...
Hide revert button when no permission to revert
2016-06-29 12:51:39 +02:00
Björn Schießle
5ace6b53f3
get only vcards which match both the address book id and the vcard uri ( #25294 )
2016-06-29 12:13:59 +02:00
Jenkins for ownCloud
2b0f053126
[tx-robot] updated from transifex
2016-06-29 05:52:18 -04:00
Morris Jobke
cf798edfec
Merge pull request #242 from nextcloud/fix-229
...
get only vcard which match both the address book id and the vcard uri
2016-06-29 11:41:23 +02:00
Vincent Chan
eb0d740c1d
targets 3rdparty submodule from Nc instead of oC
2016-06-28 18:39:51 +02:00
Christoph Wurst
c9a2790893
prevent users from deleting their own session token
2016-06-28 16:17:37 +02:00
Bjoern Schiessle
5f6944954b
get only vcard which match both the address book id and the vcard uri
2016-06-28 16:11:06 +02:00
Vincent Petry
f22af90c09
Hide revert button when no permission to revert
2016-06-28 13:00:58 +02:00
Morris Jobke
b6397ef73a
Merge pull request #236 from nextcloud/master-sync-upstream
...
[Master] sync upstream
2016-06-28 09:02:03 +02:00
Jenkins for ownCloud
894b7d93f6
[tx-robot] updated from transifex
2016-06-28 01:57:10 -04:00
Morris Jobke
300f0965ae
Merge pull request #238 from nextcloud/lgtm-self-approval-fix
...
Get rid of LGTM self approvals
2016-06-28 00:28:26 +02:00
Marius Blüm
69937933e1
Get rid of LGTM self approvals
...
* add missing spaces
2016-06-27 23:18:01 +02:00
Marius Blüm
52f6d97e4e
Merge pull request #235 from nextcloud/fix-app-code
...
Add app:check-code for already compatible apps
2016-06-27 23:02:32 +02:00
Robin Appelman
2a72eff9ee
Fix getting the certificate bundle for dav external storage ( #25274 )
...
* Fix getting the certificate bundle for dav external storages
* Log the original exception in dav external storage
2016-06-27 22:26:43 +02:00
Christoph Wurst
1710de8afb
Login hooks ( #25260 )
...
* fix login hooks
* adjust user session tests
* fix login return value of successful token logins
* trigger preLogin hook earlier; extract method 'loginWithPassword'
* call postLogin hook earlier; add PHPDoc
2016-06-27 22:16:22 +02:00
Robin Appelman
88ef163276
handle unavailable fed shares while testing for availability ( #25277 )
...
* More explicit http status codes
* handle unavailable fed shares while testing for availability
2016-06-27 21:34:28 +02:00
Georg Ehrke
3c399be6ec
fix a ImageExportPlugin Test ( #25215 )
2016-06-27 21:26:56 +02:00
Lukas Reschke
e0445856b9
Merge pull request #59 from nextcloud/theming-app
...
Theming app
2016-06-27 21:14:40 +02:00