Commit graph

413 commits

Author SHA1 Message Date
Bart Visscher
2488a495c6 Merge pull request #1384 from owncloud/upgrade_fix
Check for upgrade/maintance mode before trying to load an app
2013-02-01 07:12:06 -08:00
Stefan Herbrechtsmeier
ab2b79cda6 add multiple domains reverse proxy support
Add support for a reverse proxy that handles multiple domains via different
web roots (http[s]://proxy.tld/domain.tld/owncloud).

As the reverse proxy web root is transparent for the web server the
REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace
the direct use of this _SERVER variables with function calls and extend
this functions to overwrite the web root. Additionally it adds a Sabre
request backend that extends the Sabre_HTTP_Request to use the same
functions.
2013-01-31 18:42:31 +01:00
Robin Appelman
057920b165 Still load js files in maintance mode 2013-01-30 23:05:44 +01:00
Robin Appelman
f452d2d0c4 Check for upgrade/maintance mode before trying to load an app 2013-01-30 22:55:33 +01:00
Robin Appelman
207aa22d12 merge master into filesystem 2013-01-30 19:24:24 +01:00
irgsmirx
0bce22966c Update lib/base.php
Correction of typo "locate" -> "locale".
2013-01-30 14:27:08 +01:00
Robin Appelman
74f6f85628 merge master into filesystem 2013-01-28 19:37:58 +01:00
Robin Appelman
232cc3211b add oc:// streamwrapper to provide access to ownCloud's virtual filesystem 2013-01-28 15:35:30 +01:00
Robin Appelman
c9c919da57 Move streamwrappers to seperate files and put them in a namespace 2013-01-28 15:34:15 +01:00
Thomas Mueller
1d44a99ebb Merge branch 'master' into updater-CSP
Conflicts:
	core/templates/update.php
2013-01-28 09:57:24 +01:00
Robin Appelman
930b9b9cd0 merge master into filesystem 2013-01-26 18:49:45 +01:00
Thomas Mueller
2cc77759aa lookup for OCA classes in all apps folders 2013-01-26 12:45:50 +01:00
Lukas Reschke
dbc13cf6ee Move update inline JS 2013-01-25 19:18:16 +01:00
Lukas Reschke
7f49d35930 Move checkMaintenance and checkUpgrade
This is needed to ensure that the routing and linkTo() function for CSP
are available.
2013-01-25 19:15:02 +01:00
Lukas Reschke
0d2a58bc5d Initialize router also if ownCloud isn't installed 2013-01-25 14:57:52 +01:00
Thomas Mueller
b4c3dd84b4 update to jquery-ui 1.10.0 2013-01-23 11:37:52 +01:00
Lukas Reschke
8ca78fcf3f Move requesttoken to oc-requesttoken.js 2013-01-21 20:24:18 +01:00
Robin Appelman
83d6221322 merge master into filesytem 2013-01-20 03:11:04 +01:00
Bernhard Posselt
f1939866f3 Merge pull request #1214 from Raydiation/master
Load Classpaths of apps before appinfo/routes.php
2013-01-19 09:44:48 -08:00
davidgumberg
487e401361 Typo fix (comment) /lib/base.php 2013-01-18 10:52:29 -08:00
Thomas Müller
5df57e4ada Merge pull request #1181 from owncloud/return-503-in-maintenance
in case of maintenance the error page returns http status 503.
2013-01-18 04:02:03 -08:00
Bernhard Posselt
2b95ae1e6d spaces to tabs 2013-01-17 21:44:40 +01:00
Bernhard Posselt
a8094abac7 load classpaths of apps before routes 2013-01-17 21:42:46 +01:00
Robin Appelman
5445b94416 merge master into filesystem 2013-01-16 19:04:50 +01:00
Bart Visscher
a8f963d9cf Spaces to tabs 2013-01-16 18:09:16 +01:00
Thomas Mueller
31ce320c52 in case of maintenance the error page returns http status 503.
This is necessary to enable the desktop sync client to react properly.
Currently the SabreDAV plugin OC_Connector_Sabre_MaintenancePlugin is not executed because this error page is returned before the SabreDAV code is executed
2013-01-14 21:39:55 +01:00
Robin Appelman
0ca5047da5 Autoload namespaced test classes 2013-01-07 00:36:01 +01:00
Michael Gapczynski
a94405b4e4 Only show the version updating to instead of worrying about converting internal to a formatted version 2013-01-04 20:13:00 -05:00
Michael Gapczynski
f2e6df807d Add back check if installed around background jobs 2013-01-04 14:16:59 -05:00
Michael Gapczynski
7505837079 Basic update progress of database update only 2013-01-03 21:32:33 -05:00
Michael Gapczynski
a52aa69ffe Rearrange code to prepare for updater feedback 2013-01-03 14:11:00 -05:00
Michael Gapczynski
ce443818d4 Check if oc_token cookie exists before trying to use it 2013-01-02 19:59:04 -05:00
Thomas Müller
7d811e57e6 setting the timezone is now part of the login process and true part of the core. 2012-12-20 11:10:45 +01:00
Frank Karlitschek
196f1c3786 add a check and a warning if setlocale is working 2012-12-19 15:10:33 +01:00
Thomas Mueller
b8b64d6ffc set the session name to the instance id - which is unique
Conflicts:
	lib/base.php
2012-12-12 16:07:51 +01:00
Thomas Tanghus
af12b0f5da Autoload classes with 'OC' namespace prefix. 2012-12-11 16:00:48 +01:00
Bart Visscher
1e062ea895 Merge pull request #182 from owncloud/fix-redirect
Make the redirect_url working again
2012-12-07 03:09:19 -08:00
Thomas Müller
76625e9ba5 Merge pull request #647 from owncloud/fix_app_settings_navigation
Move loading of all the apps to setting the active navigation entry.
2012-12-05 01:48:20 -08:00
Thomas Mueller
e65abb8054 minified version no longer available 2012-12-04 14:49:19 +01:00
Bart Visscher
8ce3aca331 Move loading of all the apps to setting the active navigation entry.
We can't do the loading before matching the route, because some routes
need to do the loading after matching of the route. For example the
navigation detection of the app settings page.
2012-11-30 12:47:44 +01:00
Jörn Friedrich Dreyer
eaa625c9bc Merge pull request #401 from owncloud/share_hooks
Create functions to install standard hooks
2012-11-28 04:35:52 -08:00
Bart Visscher
8bed38c78d Rename install hook functions to register hook 2012-11-15 18:13:54 +01:00
Bernhard Posselt
e642d18e26 When using routing in apps, no apps are loaded in the left navigation tree. To fix this: load apps for matching a request 2012-11-15 14:48:18 +01:00
Bart Visscher
530f3f8be9 Create functions to install standard hooks
Also use these in tests that needs them
Fix #151
2012-11-13 23:45:17 +01:00
Bart Visscher
7b53c9d3f0 Merge pull request #157 from owncloud/setup
Make lib/setup.php usable outside of install setup
2012-11-12 13:23:31 -08:00
Thomas Tanghus
7f0c69eb0e Added CRUDS permissions to the OCP namespace. Implements issue #345 2012-11-11 23:09:54 +01:00
Stefan Seidel
8f669880bc Fix WebDAV (and Android Client) not being able to authorize on Debian Squeeze + mod_fcgid installs. 2012-11-09 13:30:07 +01:00
Felix Moeller
a4b2ea586d Style: Remove all the dangling white spaces 2012-11-04 22:16:04 +01:00
Felix Moeller
27ab0357ae Checkstyle: Fix last six NewlineBeforeOpenBrace 2012-11-04 18:36:16 +01:00
Thomas Müller
8ac3849a95 Merge pull request #238 from fmms/checkstyle04
Checkstyle fixes
2012-11-04 08:59:45 -08:00
Lukas Reschke
8c4c74b23f Merge pull request #178 from owncloud/JustOneCSRFTokenPerSession
Just one CSRF token per session
2012-11-04 05:54:02 -08:00
Felix Moeller
30d7993e01 Checkstyle fixes: NoSpaceAfterComma 2012-11-04 11:10:46 +01:00
Lukas Reschke
d2e842fcc9 Remove uneeded new line 2012-11-01 22:38:21 +01:00
Lukas Reschke
822e4d5f6c Check for redirect_url for logged in users
This checks if there is a redirect_url for logged in users
2012-11-01 22:37:37 +01:00
Lukas Reschke
81f019b6c5 Make the redirect_url working again
Fixes #160
2012-10-31 22:03:55 +01:00
Lukas Reschke
7a7f12a0c1 Create only one CSRF token per session
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)

With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
2012-10-31 18:37:59 +01:00
Bart Visscher
6d09752940 DRY for creating htaccess to protect data-directory 2012-10-30 20:57:19 +01:00
Bart Visscher
246d7ea2ea Separate control code from class definition 2012-10-30 20:56:31 +01:00
Lukas Reschke
f6b6780072 Don't use OC_Setup as it will show up the installer 2012-10-29 22:44:49 +01:00
Lukas Reschke
6903475841 Generate .htaccess when upgrading from old versions
When upgrading from old ownCloud versions like 2.x the .htaccess is not
generated - which exposes the data to the internet. This fix will
generate a .htaccess when upgrading. (And no one exists)
Fixes #127
2012-10-29 22:03:18 +01:00
Bart Visscher
fecfeac55d Fix introduced style errors 2012-10-27 17:45:15 +02:00
Bart Visscher
894d44e796 Merge remote-tracking branch 'git://github.com/susinths/SabreDAV_1.7.1.git'
Conflicts:
	lib/base.php
2012-10-27 16:33:10 +02:00
Bart Visscher
0120f3fd62 Merge branch 'routing'
Conflicts:
	core/lostpassword/index.php
	core/lostpassword/resetpassword.php
2012-10-27 11:58:02 +02:00
Bart Visscher
43e8293d9c Change Symfony/Component/Routing from submodule to composer fetching 2012-10-27 11:32:16 +02:00
Felix Moeller
6a00a6b9ed Make Jenkins more happy.
This is NoSpaceAfterComma
2012-10-23 00:28:12 +02:00
Bart Visscher
6081bfa2bc Merge branch 'master' into routing
Conflicts:
	lib/search/provider/file.php
	settings/ajax/changepassword.php
	settings/settings.php
2012-10-17 16:38:11 +02:00
Susinthiran Sithamparanathan
b2b84f3a6f Update Sabre to version 1.7.1 2012-10-17 16:17:36 +02:00
Lukas Reschke
de7b46c66a Use get_magic_quotes_gpc() to determine if magic_quotes is enabled
set_magic_quotes_runtime gives a PHP warning
2012-10-16 19:42:17 +02:00
Lukas Reschke
59404b5675 Merge pull request #31 from visit1985/persistentcookies
reresubmit: improved persistent cookies :)
2012-10-16 04:46:22 -07:00
Victor Dubiniuk
ddcd738357 Merge branch 'extended_log'
PHP errors logging into the owncloud log
2012-10-16 01:30:45 +03:00
Michael Göhler
8be9c04a3a 128byte is not 128bit - now we realy use 256bit (same as PHPSESSID) 2012-10-15 20:04:22 +02:00
Michael Göhler
ae1f33db54 implement fixed php session timeout and session id regeneration 2012-10-14 22:36:26 +02:00
Michael Göhler
b92fd984aa removed username and password from token generation 2012-10-14 22:36:26 +02:00
Michael Göhler
a6c4046f48 fixed typo and redundant method call 2012-10-14 22:36:25 +02:00
Michael Göhler
d8fe6fbb40 added a warning message to the log when a cookie is rejected 2012-10-14 22:36:25 +02:00
Michael Göhler
382f8d060c fixed wrong variable usage 2012-10-14 22:36:25 +02:00
Michael Göhler
38b9bffaea call unsetMagicInCookie if token is invalid 2012-10-14 22:36:25 +02:00
Michael Göhler
eb79ccafe3 forgot a class name 2012-10-14 22:36:25 +02:00
Michael Göhler
2ea06f67bd delete all tokens on password change 2012-10-14 22:36:25 +02:00
Michael Göhler
45f1c3f120 further improvements on multiple login token support
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
2012-10-14 22:36:25 +02:00
Michael Göhler
ee5d0f328f improve token security
switched from time() to internal method OC_Util::generate_random_bytes()
2012-10-14 22:36:25 +02:00
Bart Visscher
4b799a6982 Make the lifetime of the remember login cookie 2012-10-14 22:36:25 +02:00
Bart Visscher
7f3e0b5566 Cleanup login tokens on login success 2012-10-14 22:36:25 +02:00
Bart Visscher
1012d317e3 Add support for multiple login cookie tokens 2012-10-14 22:36:25 +02:00
Michael Göhler
7095b3a083 extend logon page to display multiple error messages 2012-10-14 19:57:24 +02:00
Bart Visscher
9a35bd76fb Use resolved path for require_once in autoloader 2012-10-12 15:47:41 +02:00
Bart Visscher
2c3674ea87 Add logging when stripping apps from autoload include path 2012-10-10 21:06:15 +02:00
Bart Visscher
fe40277ec2 Use __DIR__ instead of __FILE__ to get SERVERROOT 2012-10-10 21:06:15 +02:00
Lukas Reschke
cda2135966 Send a HSTS HTTP header to enforce SSL 2012-10-10 18:56:14 +02:00
Arthur Schiwon
3affeb5bd7 destroy invalid sessions 2012-10-08 13:36:11 +02:00
Bart Visscher
f3a211c03c Implement routing on javascript side 2012-10-05 09:42:36 +02:00
Robin Appelman
f8eebcbb01 reload the current url when login in instead of always redirecting to the default app (oc-1873) 2012-09-30 03:47:37 +02:00
Lukas Reschke
578aa4e425 Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:18:38 +02:00
Bart Visscher
c9317b5a68 Merge branch 'master' into routing 2012-09-28 21:41:21 +02:00
Bart Visscher
bf1057143c Merge branch 'master' into routing
Conflicts:
	apps/files/js/filelist.js
	core/js/js.js
	lib/ocs.php
2012-09-28 15:38:49 +02:00
Christian Reiner
743826bbf3 Reimplementation of CSRF protection including autorefresh 2012-09-28 13:30:44 +02:00
VicDeo
2b6869bcea Uncaught exception logging 2012-09-26 14:38:06 +03:00
Lukas Reschke
c4fc291fa7 Passwords containing a ":" don't work with this explode
Thanks to mETz
2012-09-25 19:57:40 +02:00
Victor Dubiniuk
bbf8bb0bb3 Log PHP errors to the OC log 2012-09-12 22:30:04 +03:00
Michael Gapczynski
c5f9b887ff Don't call clearCache() for OC_Minimizer statically, create OC_Minimizer objects for both CSS and JS to clear cache after upgrade 2012-09-12 01:18:07 -04:00