Commit graph

33275 commits

Author SHA1 Message Date
Lukas Reschke
5b65591d84 Do not allow directory traversal using "../"
We should not allow directory traversals using "../" here.

To test access the following URL once with and then without this patch:

http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
2016-07-01 13:36:05 +02:00
Lukas Reschke
179a355b2c Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-07-01 11:36:35 +02:00
Vincent Petry
4acb06923d Filelist change dir auto-prepend slash
Prepend a slash to directories in case it was missing since many places
assume that it's there.
2016-07-01 11:10:37 +02:00
Jenkins for ownCloud
2d2d2267f7 [tx-robot] updated from transifex 2016-07-01 01:57:04 -04:00
Vincent Petry
8f90259b02 Merge pull request #25304 from owncloud/local-karma
Always use local karma
2016-06-30 17:29:56 +02:00
Vincent Petry
22746990e6 Merge pull request #25310 from owncloud/search-preventinfiniteloop
Prevent infinite loop in search auto-nextpage
2016-06-30 17:20:25 +02:00
Robin Appelman
9fb92b56ec show configuration options for authentication backends while listing storage
Fixes #22447
2016-06-30 15:50:14 +02:00
Robin Appelman
f982d104f3 hide hidden parameters from list backend/auth parameters 2016-06-30 15:44:42 +02:00
Björn Schießle
8e002b6155 Merge pull request #255 from nextcloud/dav-permission-check
add some additonal permission checks to the webdav backend
2016-06-30 14:41:23 +02:00
Marius Blüm
2cdee70305 Merge pull request #258 from nextcloud/set-disposition
Set content-type to "application/octet-stream"
2016-06-30 14:27:43 +02:00
Bjoern Schiessle
26e14529be fix error message 2016-06-30 13:50:31 +02:00
Lukas Reschke
149218ead9 Fix tests 2016-06-30 13:46:08 +02:00
Morris Jobke
5d0f5f175b Merge pull request #253 from nextcloud/fix-versions
check permissions before rollback
2016-06-30 13:42:45 +02:00
Lukas Reschke
c771368c4e Add proper throws PHP docs 2016-06-30 13:19:50 +02:00
Lukas Reschke
1e7f0f7341 Add required $message parameter 2016-06-30 13:17:53 +02:00
Lukas Reschke
700a57d8b6 Set content-type to "application/octet-stream"
Some browsers such as Firefox on Microsoft Windows otherwise do offer to open the file directly which is kinda silly.
2016-06-30 12:47:46 +02:00
Lukas Reschke
b32b296ed7 Add integration tests 2016-06-30 12:21:01 +02:00
Bjoern Schiessle
1b74cf72fb check permissions before rollback 2016-06-30 11:27:25 +02:00
Bjoern Schiessle
3571207bd9 add some additonal permission checks to the webdav backend 2016-06-30 11:16:49 +02:00
Vincent Petry
5cfbb9624f Prevent infinite loop in search auto-nextpage
When loading the next page of search results, make sure that the loop
can end if there are no more elements in case the total doesn't match.

Also added a check to avoid recomputing the search results whenever the
setFilter() is called with the same value. This happens when navigating
away to another folder, the search field gets cleared automatically and
it calls FileList.setFilter('').
2016-06-30 11:10:48 +02:00
Morris Jobke
f7a69c765a Merge pull request #247 from nextcloud/l10n-fixes
Fix update notification text
2016-06-30 09:11:54 +02:00
Morris Jobke
3acdc1339d Merge pull request #206 from nextcloud/ci-mysql
Add mysql job to CI
2016-06-30 09:06:19 +02:00
Jenkins for ownCloud
1b9fa4dd5f [tx-robot] updated from transifex 2016-06-30 01:55:56 -04:00
Hendrik Leppelsack
1369535d03 always use local karma 2016-06-29 18:45:13 +02:00
Morris Jobke
83a046a0fb Merge pull request #248 from nextcloud/tx-fixes
Update transifex config
2016-06-29 16:41:45 +02:00
Morris Jobke
9a1e393470 Merge pull request #245 from nextcloud/fix-243
targets 3rdparty submodule from Nc instead of oC
2016-06-29 16:34:29 +02:00
Morris Jobke
409672d981 Fix update notification text
* thanks to ungesundes_halbwissen @ transifex
2016-06-29 16:05:51 +02:00
Morris Jobke
01829e8d7c mysql only works with 3 byte UTF-8 2016-06-29 15:53:23 +02:00
Daniel Molkentin
c3b600b934 fix version string 2016-06-29 15:11:48 +02:00
Daniel Molkentin
4a43fbfb5e 9.1.0 RC 1 2016-06-29 15:09:40 +02:00
Thomas Müller
b55ab6d22a Various database migration fixes (#25209)
* String columns with a length higher then 4000 are converted into a CLOB columns automagically - we have to respect this when migrating

* Adding schema migration tests to prevent unnecessary and non-sense migration steps
Fix Oracle autoincrement and unsigned handling

* Fix sqlite integer type for autoincrement

* Use lower case table names - fixes pg

* Fix postgres with default -1 - this only affect pg 9.4 servers - 9.5 seems to work fine
2016-06-29 14:54:41 +02:00
Morris Jobke
c1d990d547 Update transifex config 2016-06-29 14:36:30 +02:00
Vincent Petry
c8fbe39801 Merge pull request #25288 from owncloud/fix-versionrevertperms
Hide revert button when no permission to revert
2016-06-29 12:51:39 +02:00
Björn Schießle
5ace6b53f3 get only vcards which match both the address book id and the vcard uri (#25294) 2016-06-29 12:13:59 +02:00
Jenkins for ownCloud
2b0f053126 [tx-robot] updated from transifex 2016-06-29 05:52:18 -04:00
Morris Jobke
cf798edfec Merge pull request #242 from nextcloud/fix-229
get only vcard which match both the address book id and the vcard uri
2016-06-29 11:41:23 +02:00
Vincent Chan
eb0d740c1d targets 3rdparty submodule from Nc instead of oC 2016-06-28 18:39:51 +02:00
Christoph Wurst
c9a2790893 prevent users from deleting their own session token 2016-06-28 16:17:37 +02:00
Bjoern Schiessle
5f6944954b get only vcard which match both the address book id and the vcard uri 2016-06-28 16:11:06 +02:00
Vincent Petry
f22af90c09 Hide revert button when no permission to revert 2016-06-28 13:00:58 +02:00
Morris Jobke
b6397ef73a Merge pull request #236 from nextcloud/master-sync-upstream
[Master] sync upstream
2016-06-28 09:02:03 +02:00
Jenkins for ownCloud
894b7d93f6 [tx-robot] updated from transifex 2016-06-28 01:57:10 -04:00
Morris Jobke
300f0965ae Merge pull request #238 from nextcloud/lgtm-self-approval-fix
Get rid of LGTM self approvals
2016-06-28 00:28:26 +02:00
Marius Blüm
69937933e1 Get rid of LGTM self approvals
* add missing spaces
2016-06-27 23:18:01 +02:00
Marius Blüm
52f6d97e4e Merge pull request #235 from nextcloud/fix-app-code
Add app:check-code for already compatible apps
2016-06-27 23:02:32 +02:00
Robin Appelman
2a72eff9ee Fix getting the certificate bundle for dav external storage (#25274)
* Fix getting the certificate bundle for dav external storages

* Log the original exception in dav external storage
2016-06-27 22:26:43 +02:00
Christoph Wurst
1710de8afb Login hooks (#25260)
* fix login hooks

* adjust user session tests

* fix login return value of successful token logins

* trigger preLogin hook earlier; extract method 'loginWithPassword'

* call postLogin hook earlier; add PHPDoc
2016-06-27 22:16:22 +02:00
Robin Appelman
88ef163276 handle unavailable fed shares while testing for availability (#25277)
* More explicit http status codes

* handle unavailable fed shares while testing for availability
2016-06-27 21:34:28 +02:00
Georg Ehrke
3c399be6ec fix a ImageExportPlugin Test (#25215) 2016-06-27 21:26:56 +02:00
Lukas Reschke
e0445856b9 Merge pull request #59 from nextcloud/theming-app
Theming app
2016-06-27 21:14:40 +02:00