Commit graph

293 commits

Author SHA1 Message Date
Individual IT Services
f7e66d49fc allow ".." in folder names
".." are valid in folder names, only ".." by itself is invalid
fix for #18987
2015-09-14 10:42:00 +05:45
Vincent Petry
fe575feca8 Prevent scanner going crazy with unavailable storages 2015-08-24 16:42:53 +02:00
Morris Jobke
5699fff889 Merge pull request #17175 from owncloud/add-download-feedback
Add loading spinner to download icon
2015-07-30 16:34:35 +02:00
Roeland Jago Douma
a727cbc7a9 Remove ajax/mimeicon.php and its route 2015-07-09 13:40:13 +02:00
Morris Jobke
e557fe0aab Add proper download started feedback
* this code adds a cookie when a special get parameter is set
* the content of this get parameter is used as value for the cookie
* the cookie expires after 20 seconds
* the JS code checks every 500 milliseconds for the cookie
  -> if the cookie is set the request returned and the download is started
2015-07-07 13:56:49 +02:00
Morris Jobke
f63915d0c8 update license headers and authors 2015-06-25 14:13:49 +02:00
Lukas Reschke
ebb5523698 Verify if path exists
We need to check if the path exists and throw an error instead of handling this situation ungraciously.
2015-06-18 16:48:32 +02:00
Vincent Petry
263bb46ff8 Catch exceptions in files ajax calls 2015-06-03 14:31:58 +02:00
Morris Jobke
59efcb63a3 fix filepicker
* add ability to filter for mimetype
* fixes #15526
* fixes #11563
2015-04-13 10:38:08 +02:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Thomas Müller
4bac595068 adding storage specific filename verification - refs #13640 2015-03-09 10:38:37 +01:00
Thomas Müller
345c527ed0 remove $content parameter 2015-03-02 21:33:17 +01:00
Lukas Reschke
acabd81f42 Remove "Download from URL" feature
Fixes https://github.com/owncloud/core/issues/13326
2015-03-02 21:06:25 +01:00
Morris Jobke
06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Morris Jobke
75a7bcb10c Merge pull request #14199 from owncloud/cast-type-manually
Manually type-cast all AJAX files
2015-02-19 17:19:54 +01:00
Thomas Müller
df58eea93f Merge pull request #13505 from owncloud/streamline-scanning-code
Streamline auth and CSRF check in scan.php
2015-02-19 16:35:05 +01:00
Joas Schilling
200c0c89dc Do not change behaviour of 'false' 2015-02-13 15:18:07 +01:00
Lukas Reschke
a7df23ceba Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈

Fixes https://github.com/owncloud/core/issues/14196 for core
2015-02-13 13:33:20 +01:00
Lukas Reschke
9904b30070 Ensure that passed argument is always a string
Some code paths called the `normalizePath` functionality with types other than a string which resulted in unexpected behaviour.

Thus the function is now manually casting the type to a string and I corrected the usage in list.php as well.
2015-02-13 12:49:34 +01:00
Morris Jobke
108f3327e6 Merge pull request #13502 from owncloud/streamline-authentication-in-newfile
Streamline CSRF and login check
2015-02-07 13:27:46 +01:00
Lukas Reschke
cc80ce70b4 Catch exception properly
`\OCA\Files\Helper::buildFileStorageStatistics` might throw an exception from `OC_Helper::getStorageInfo`, previously this lead to a uncatched exception being thrown when invoking this methods.

This was user triggable by for example calling `/index.php/apps/files/ajax/delete.php` with a not existing dir (for example `dir=asdf/../&allfiles=true`)
2015-02-04 15:58:16 +01:00
Lukas Reschke
3f5d4d82e4 Streamline auth and CSRF check in scan.php
Furthermore a not logged-in user was able to access this page before which resulted in a Fatal PHP error since the filesystem could not get setup properly.
2015-01-20 12:30:16 +01:00
Lukas Reschke
e25a0303f4 Streamline CSRF and login check
Let's make this consistent with other pieces of the code to make it easier to auditable.
2015-01-20 12:24:13 +01:00
Lukas Reschke
003fc183a2 Remove stripslashes() from newfolder.php 2015-01-19 14:12:36 +01:00
Lukas Reschke
96cd7c017a Check for existence of $_GET keys
`$dir` may for example very well not get passed at well.
2015-01-14 14:16:18 +01:00
Lukas Reschke
3ff3f641d6 Get rid of stripslashes()
This conversions are actually totally unneeded and probably left-overs from ages where the safe_mode was still a valid thing.
2015-01-13 17:43:36 +01:00
Morris Jobke
2a03568623 Merge pull request #13279 from owncloud/upload-original-name
Send the proper original name for uploaded files
2015-01-12 17:48:12 +01:00
Robin Appelman
6daedaf344 Send the proper original name for uploaded files 2015-01-12 15:30:47 +01:00
Lukas Reschke
f65cf498f4 Check for existence of $_GET keys
Otherwise PHP errors are thrown in the error log.
2015-01-09 17:46:14 +01:00
Lukas Reschke
199276bcbb Verify existence of $_GET key
Otherwise when the file without any specified mimetype was accessed the error log was flooded with entries such as "Undefined index: mime", there can be multiple issues found about this in the forum and our bugtracker.

To test this access `/index.php/apps/files/ajax/mimeicon.php` with and without `$_GET['mime']`.

Fixes itself.
2015-01-09 02:31:59 +01:00
Robin Appelman
64e3ebae74 Add error handling to getstoragestats.php 2015-01-06 15:56:06 +01:00
Vincent Petry
4b1b93507d Only populate tags in main file list
Moved populateTags to be done on the main file list.
This prevents the public file list to go through the same code and cause
an error when there is no user.
2014-12-18 15:36:18 +01:00
Morris Jobke
e969fe6b12 Merge pull request #12698 from owncloud/handle_readonly_shared_files
Handle readonly shared files
2014-12-12 08:34:28 +01:00
Jörn Friedrich Dreyer
c615b3527f show readonly message in file conflict dialog, make it always selected 2014-12-11 16:32:27 +01:00
Victor Dubiniuk
adc7135429 Skip headers that can not be split 2014-12-08 23:43:43 +03:00
Robin Appelman
4321d7522e Check if files are deletable before trying to delete them 2014-11-26 12:14:35 +01:00
Morris Jobke
c5fa8f1bdc Merge pull request #12421 from owncloud/issue/6101-remove-namespace-permission-constants
Issue/6101 remove namespace permission constants
2014-11-26 08:31:23 +01:00
Joas Schilling
2c39aec8cb Replace deprecated constant with new class constant 2014-11-25 16:30:21 +01:00
Bjoern Schiessle
1d33503487 we no longer need to keep the session open for encryption 2014-11-25 13:37:11 +01:00
Lukas Reschke
3efac5a4f2 Prevent division by zero
Potentially fixes https://github.com/owncloud/core/issues/11742
2014-10-24 00:10:22 +02:00
Jörn Friedrich Dreyer
18e3856092 log exceptions when listing files 2014-10-08 18:49:43 +02:00
Lukas Reschke
6eeb905871 Do only follow HTTP and HTTPS redirects
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

Get final redirect manually using get_headers()

Migrate to HTTPHelper class and add unit tests
2014-09-22 20:02:32 +02:00
Lukas Reschke
c3d90b96c8 Merge pull request #10922 from owncloud/explicit-scan-transactions
Use bigger transactions when doing explicit file system scans
2014-09-09 23:32:32 +02:00
Lukas Reschke
70abce0482 Merge pull request #10739 from owncloud/eventsource-public
Add EventSource to the public API
2014-09-08 18:46:27 +02:00
Robin Appelman
644755df66 Use bigger transactions when doing explicit file system scans 2014-09-08 14:15:41 +02:00
Vincent Petry
e43c9b84c4 Catch exceptions when moving files
When moving files on storages that don't expose permissions, the storage
itself might throw an exception when the permission is denied.

This fix ensures that exceptions are caught and forwarded to the client
instead of just hanging.
2014-09-05 14:54:06 +02:00
Robin Appelman
fa3393674c Better phpdoc and method naming 2014-09-04 13:26:51 +02:00
Robin Appelman
65608d7c92 Use the public api to get event sources 2014-09-03 13:36:15 +02:00
Robin Appelman
d0266c0bf8 Use public api for getting l10n 2014-08-31 10:08:22 +02:00