wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
25209 commits 157 branches 562 tags 714 MiB
Commit graph

3677 commits

Author SHA1 Message Date
Thomas Müller
ad88a7d53d exception class will be logged as well - helps especially in cases where the message contained is empty - e.g. "message":"OCP\\Files\\NotFoundException: at \/home\/deepdiver\/Development\/ownCloud\/core-autotest\/apps\/provisioning_api\/lib\/users.php#354", 2015-05-19 12:35:22 +02:00
Thomas Müller
a52afb040a Merge pull request #15965 from owncloud/conditional-logging 
Conditional logging
 2015-05-19 12:00:19 +02:00
Thomas Müller
d90b83725f Merge pull request #16085 from owncloud/encryption-module-rename 
rename to 'Default encryption module'
 2015-05-19 11:13:33 +02:00
Morris Jobke
064f5204cc Persist the state of the maintenance after an upgrade 
* if maintenance mode was enabled before an upgrade
  it will be enabled afterwards too
* fixes #16429
 2015-05-19 10:56:04 +02:00
Morris Jobke
aae9274210 Merge pull request #16293 from owncloud/xcache 
Mute XCache error when trying to clear the opcode cache
 2015-05-19 09:32:17 +02:00
Björn Schießle
1c411baf17 Merge pull request #16412 from owncloud/jknockaert-patch-1 
fix #16356
 2015-05-18 19:26:40 +02:00
Clark Tomlinson
f9b6ee86cd Merge pull request #16399 from owncloud/enc_rmdir_fix 
[encryption] only try to delete file keys if it is a valid path
 2015-05-18 11:09:36 -04:00
Joas Schilling
8efc8c0a96 Reduce the complexity of the search queries in the backends to a minimum 2015-05-18 16:39:21 +02:00
Thomas Müller
c28cd03770 Merge pull request #16403 from owncloud/fix-command-loading 
Only load commands of enabled apps
 2015-05-18 16:16:04 +02:00
jknockaert
2834971a77 fix #16356 2015-05-18 15:06:55 +02:00
Björn Schießle
a1e60e7882 Merge pull request #15980 from owncloud/jknockaert-patch-1 
fix bug #15973
 2015-05-18 15:01:16 +02:00
Morris Jobke
ad3a32edf6 Only load commands of enabled apps 2015-05-18 12:33:56 +02:00
Robin Appelman
077d41a9ce wait with copying the skeleton untill login and setupfs are done 2015-05-18 12:11:31 +02:00
Bjoern Schiessle
efa674f10d only try to delete file keys if it is a valid path 2015-05-18 11:54:51 +02:00
Vincent Petry
7e271012b2 Merge pull request #16243 from owncloud/error_if_download_failed 
redirect to error page if download failed
 2015-05-18 11:42:55 +02:00
Morris Jobke
7ee3f99a4a Merge pull request #16364 from owncloud/add-warning-webdav 
Add notice that WebDAV interface is not intended for browsers
 2015-05-18 11:28:47 +02:00
Bjoern Schiessle
887be709f5 a new approach to display the error message 2015-05-18 10:15:17 +02:00
Vincent Petry
246000f799 Merge pull request #16176 from owncloud/fix-provisioning-api-set-quota 
Validate the quota value to be a correct value
 2015-05-15 18:07:13 +02:00
Joas Schilling
0991c0cc02 Merge pull request #16292 from owncloud/webdav-storage-fireprehooks 
Fire prehooks when uploading directly to storage
 2015-05-15 15:08:27 +02:00
Thomas Müller
937306b416 Merge pull request #16323 from owncloud/enc_webdav_fixes 
some encryption fixes
 2015-05-15 10:38:22 +02:00
Lukas Reschke
13778893d9 Add notice that WebDAV interface is not intended for browsers 
Fixes https://github.com/owncloud/core/issues/16359
 2015-05-15 09:07:39 +02:00
Victor Dubiniuk
af814ba270 Allow change update channel via public API 2015-05-13 20:29:33 +03:00
Bjoern Schiessle
ccbefb6e75 delete all file keys doesn't need the encryption module as parameter; implement rmdir; getFileKeyDir should also work for part files and complete directories 2015-05-13 19:06:23 +02:00
Vincent Petry
3cae0135ad Fire prehooks when uploading directly to storage 2015-05-13 17:47:04 +02:00
Robin Appelman
4789e87a53 Merge pull request #16276 from owncloud/dav-quota-root 
fix webdav quota check for the root of the dav endpoint
 2015-05-13 14:43:02 +02:00
Arthur Schiwon
e5a91fc185 remove file cache remainings from server container 2015-05-13 12:26:36 +02:00
Lukas Reschke
cbfdbf96d2 Mute XCache error when trying to clear the opcode cache 
From https://github.com/owncloud/core/issues/16287:

> This is caused by XCache at 8e59d4c64b/lib/private/util.php (L1276) where we are trying to reset the opcode cache with `XC_TYPE_PHP`.
> I suspect that while XCache is installed its opcode component is not used. Unfortunately, the XCache API is not really properly documented and thus I don't know what API we would have to call to check whether the `XC_TYPE_PHP` cache is populated. In fact, there is an [open XCache bug](http://xcache.lighttpd.net/ticket/176) since 7 years that discusses this problem and is likely to never get fixed since XCache is abandonware.

Fixes https://github.com/owncloud/core/issues/16287
 2015-05-12 19:22:39 +02:00
Morris Jobke
dc362823e0 Merge pull request #16269 from owncloud/master-fix-16179 
Check if cURL supports the desired features
 2015-05-12 18:27:57 +02:00
Arthur Schiwon
d6becb8d82 add repair steps to get rid of old background jobs 2015-05-12 18:19:44 +02:00
Arthur Schiwon
e016ed55ff also free joblist and base from file cache code 2015-05-12 17:44:31 +02:00
Robin Appelman
11e1acd8ec fix webdav quota check for the root of the dav endpoint 2015-05-12 14:02:27 +02:00
Björn Schießle
fbe4b77c49 Merge pull request #16228 from owncloud/enc_fix_restore 
use hooks to update encryption keys
 2015-05-12 13:10:16 +02:00
Lukas Reschke
4613456a8a Check if cURL supports the desired features 
Older versions of cURL that are unfortunately still bundled by distributors don't support these features which will result in errors and other possibly unpredictable behaviour.

Fixes https://github.com/owncloud/core/issues/16179 for master – stable8 requires another patch.
 2015-05-12 12:00:56 +02:00
Morris Jobke
b11c0c533e Merge pull request #16233 from owncloud/enc_fix_check_if_file_is_excluded 
fix check if a file is excluded from encryption
 2015-05-12 09:12:38 +02:00
Morris Jobke
afcec88c6f Merge pull request #16234 from owncloud/issue-16206-fix-app-config-parallel-insert 
Issue 16206 fix app config parallel insert
 2015-05-11 16:05:30 +02:00
Bjoern Schiessle
9dd517071e fix check if file is excluded from encryption 2015-05-11 12:38:59 +02:00
Joas Schilling
dfed287dc0 Use insertIfNotExists to avoid problems with parallel calls 2015-05-11 12:38:33 +02:00
Bjoern Schiessle
0d5c7a11e2 use hooks to update encryption keys instead of the storage wrapper if a file gets renamed/restored, as long as we 
are in the storage wrapper the file cache isn't up-to-date
 2015-05-11 12:06:57 +02:00
Thomas Müller
9c57ae89d9 Some locales need to be converted to be compliant with CLDR 2015-05-08 23:45:07 +02:00
Morris Jobke
e79c255cab Conditional logging 
* Log condition for log level increase based on conditions. Once one of these
   conditions is met, the required log level is set to debug. This allows to
   debug specific requests, users or apps

 * Supported conditions (setting `log_condition` in `config.php`):
    - `shared_secret`: if a request parameter with the name `log_secret` is set to
                this value the condition is met
    - `users`:  if the current request is done by one of the specified users,
                this condition is met
    - `apps`:   if the log message is invoked by one of the specified apps,
                this condition is met
 * fix unit test and add app log condition test
 2015-05-08 15:58:33 +02:00
Morris Jobke
892b5ceeeb Move log level check to logger parent class 
* remove duplicate code from child classes
 2015-05-08 15:14:45 +02:00
Arthur Schiwon
3de7f58321 remove file cache classes and its tests 2015-05-08 14:05:54 +02:00
Lukas Reschke
c9921ec127 Merge pull request #16124 from owncloud/issue-16109-fix-share-email-with-shared-folder 
Fix the share mail notification when the item is in a folder
 2015-05-08 13:03:28 +02:00
Lukas Reschke
16a0de6314 Merge pull request #16146 from owncloud/issue-16103-hide-module-already-exists-on-enable-app 
Avoid the log entry with the ModuleAlreadyExists exception when enabl…
 2015-05-08 11:55:02 +02:00
Thomas Müller
4659927d7a Pure numbers are returned as bytes right away 2015-05-08 10:54:54 +02:00
Thomas Müller
15d134124b Validate the quota value to be a correct value 2015-05-07 17:56:13 +02:00
Robin Appelman
06a65fab13 use cross storage move when renaming the part file during webdav put 2015-05-07 14:28:31 +02:00
Joas Schilling
49f94b17f7 Avoid the log entry with the ModuleAlreadyExists exception when enabling the app 2015-05-07 11:00:55 +02:00
Thomas Müller
55eaa165f8 Merge pull request #16119 from owncloud/fix-16056 
[HHVM] Throw RunTimeException from OC\AppFramework\App::buildAppNamespace()
 2015-05-07 00:20:57 +02:00
Andreas Fischer
e418ced656 Check return value of OC_App::getAppPath() and verify info.xml exists. 2015-05-06 17:15:28 +02:00
Joas Schilling
b4471c2591 Fix the share mail notification when the item is in a folder 2015-05-06 15:44:19 +02:00
Jan-Christoph Borchardt
35292eb66c rename to 'Default encryption module' 2015-05-06 15:31:05 +02:00
Joas Schilling
aea734aaf1 Fix missing types on doc block and deduplicate the method name 2015-05-06 14:31:10 +02:00
Bjoern Schiessle
e4829a2358 update 'encrypted'-flag in file cache according to the storage settings 2015-05-06 14:20:05 +02:00
Bjoern Schiessle
dc39bda870 move/copy from storage 2015-05-06 14:20:02 +02:00
Bjoern Schiessle
83ed4ee5b6 unit tests 2015-05-06 12:28:15 +02:00
Bjoern Schiessle
e7a3911c83 check if encryption is enbaled before we start moving keys 2015-05-06 11:35:45 +02:00
Lukas Reschke
9a159372cb Merge pull request #16067 from owncloud/verbosity-in-app-code-check 
Add verbosity option to app:check-code
 2015-05-06 11:21:23 +02:00
Thomas Müller
35a2fd3f89 Only return cached files if existing 2015-05-06 11:16:44 +02:00
Morris Jobke
874d35b27a Merge pull request #16070 from owncloud/enc_update_file_cache_on_copy 
make sure that we keep the correct encrypted-flag and the (unencrypted)size
 2015-05-06 10:28:10 +02:00
Morris Jobke
f1903f61a1 Merge pull request #16072 from owncloud/phpdoc-cache 
improve phpdoc of cache classes
 2015-05-06 09:38:56 +02:00
Morris Jobke
c3fb021acf Merge pull request #16017 from owncloud/proper-update-notification 
Use OC.Notification for update notifications
 2015-05-06 09:28:42 +02:00
Jörn Friedrich Dreyer
4c0d1b0460 Merge pull request #16050 from owncloud/add-workaround-for-populate-raw-post-data 
Don't display errors and log them
 2015-05-06 08:55:46 +02:00
Thomas Müller
a96c2b8354 Only use cached files in case encryption is enabled - in any other case let the underlying storage handle this accordingly - refs #16061 #16062 and others 2015-05-05 16:19:24 +02:00
Bjoern Schiessle
7089af96f2 make sure that we keep the correct encrypted-flag and the (unencrypted)size if a file gets copied 2015-05-05 16:17:14 +02:00
Robin Appelman
e0d151505f improve phpdoc of cache classes 2015-05-05 16:06:28 +02:00
Morris Jobke
56b1c93a79 Add verbosity option to app:check-code 
* by default only lists files with errors
* option -v lists all files even if there are no errors
 2015-05-05 13:57:23 +02:00
Thomas Müller
aae098c24a Check usage of != and == - refs #16054 2015-05-05 12:59:33 +02:00
Lukas Reschke
11310355ed Don't depend on always_populate_raw_post_data 2015-05-05 12:36:15 +02:00
Lukas Reschke
7c5558327d Check mbstring.func_overload only if the mb module is installed. 
Fixes https://github.com/owncloud/core/issues/14670
 2015-05-04 17:13:25 +02:00
Lukas Reschke
64393b4c03 Remove PHP 5.4 warning in checkSetup 
This is catched in index.php as older PHP versions will never execute the code path until there due to 5.4 syntax changes.
 2015-05-04 17:11:17 +02:00
Thomas Müller
08b98a8ede Merge pull request #16042 from owncloud/fix-output-buffering 
Remove hard-dependency on disabled output_buffering
 2015-05-04 16:43:32 +02:00
Lukas Reschke
5c7d15b941 Merge pull request #16043 from owncloud/activity-288-log-entry-when-no-favorite 
Fix undefined variable $tagId
 2015-05-04 16:22:21 +02:00
Joas Schilling
50f6386c63 Fix undefined variable $tagId 2015-05-04 16:19:26 +02:00
Joas Schilling
59c657da53 Merge pull request #15772 from owncloud/issue-15771-dont-restrict-permissions-for-share-owner 
Do not restrict permissions for the original owner
 2015-05-04 15:07:37 +02:00
Lukas Reschke
4b9e034968 Remove hard-dependency on disabled output_buffering 
This removes the hard-dependency on output buffering as requested at https://github.com/owncloud/core/issues/16013 since a lot of distributions such as Debian and Ubuntu decided to use `4096` instead of the PHP recommended and documented default value of `off`.

However, we still should encourage disabling this setting for improved performance and reliability thus the setting switches in `.user.ini` and `.htaccess` are remaining there. It is very likely that we in other cases also should disable the output buffering but aren't doing it everywhere and thus causing memory problems.

Fixes https://github.com/owncloud/core/issues/16013
 2015-05-04 14:15:15 +02:00
Thomas Müller
4de45b5e61 Merge pull request #15958 from owncloud/usage-of-public-log-interface 
Use internally \OCP\ILogger instead of \OC\Log
 2015-05-04 09:13:26 +02:00
Morris Jobke
cd516eedcd Use OC.Notification for update notifications 
* instead of a static rendering inside PHP use the
  JS OC.Notification.showTemporary to hide the
  notification after 7 seconds automatically
* fixes #14811
 2015-05-03 17:26:03 +02:00
Lukas Reschke
6738c17cb5 Add proper versioning for doc URL 
As per 8.1 we have docs for minor versions as well so we need to link to `8.1` here instead to `8.0`.

Fixes https://github.com/owncloud/core/issues/16002
 2015-05-02 21:05:11 +02:00
Thomas Müller
6b691e3840 Merge pull request #15937 from owncloud/file-locking 
Add memcache based shared/exclusive locking
 2015-05-01 17:47:23 +02:00
jknockaert
f5415653fd fix #15973 
Rework of stream_seek handling; there where basically two bugs: 1. seeking to the end of the current file would fail (with SEEK_SET); and 2. if seeking to an undefined position (outside 0,unencryptedSize) then newPosition was not defined. I used the opportunity to simplify the code.
 2015-04-30 17:10:18 +02:00
Robin Appelman
ba7d221cff allow getting the path from the lockedexception 2015-04-30 14:48:42 +02:00
Robin Appelman
a40a237441 use trait for cas polyfill for xcache 2015-04-30 14:48:39 +02:00
Robin Appelman
96f9573a4b add memcache based shared/exclusive locking 2015-04-30 14:48:39 +02:00
Robin Appelman
acf30ede95 add compare and swap to memcache 2015-04-30 14:48:39 +02:00
Robin Appelman
29213b6136 extends memcache with add, inc and dec 2015-04-30 14:48:36 +02:00
Bernhard Posselt
360d0e3e5e fix #15962 2015-04-30 12:44:45 +02:00
Morris Jobke
fbba7a61cb Use internally \OCP\ILogger instead of \OC\Log 
* this is the preparation for some upcoming logger related changes
* also fixes an issue in the public interface where we request
  an internal class as parameter
 2015-04-30 11:52:30 +02:00
Thomas Müller
d308ec4f0e Merge pull request #15949 from owncloud/l10n-string-json 
Implement json serialize for l10n string
 2015-04-30 11:11:16 +02:00
Bernhard Posselt
1e58538f0e add aliases to pascal case constructor paramters to make it possible to auto assemble controllers 2015-04-29 22:29:45 +02:00
Bernhard Posselt
5b857a6eab implement json serialize for l10n string 2015-04-29 21:22:42 +02:00
Joas Schilling
f524ae261a Ignore "parent" shares when the sharee is the owner of the reshare-source 2015-04-29 14:18:46 +02:00
Joas Schilling
3c37cbdfe7 Correctly select file cache values also when checking group shares 2015-04-29 14:12:12 +02:00
Morris Jobke
8c7db2536d Merge pull request #15596 from owncloud/issue/15589 
Correctly generate the feedback URL for remote share
 2015-04-29 10:52:43 +02:00
Morris Jobke
7df7a3b360 Merge pull request #15906 from rullzer/fix_15777 
Password set via OCS API should not be double escaped
 2015-04-29 10:44:25 +02:00
Lukas Reschke
34d0e610cc Filter potential dangerous filenames for avatars 
We don't want to have users misusing this API resulting in a potential file disclosure of "avatar.(jpg|png)" files.
 2015-04-28 16:57:23 +02:00
Joas Schilling
2eecfcbb80 Fix scrutinizer complains and return type doc 2015-04-28 11:28:55 +02:00
Joas Schilling
9fb7d0bca9 Correctly remove the protocol before prepeding it 2015-04-28 11:28:54 +02:00
Joas Schilling
8f7c64253e Correctly generate the feedback URL for remote share 
The trailing slash was added in c78e3c4a7f
to correctly generate the encryption keys
 2015-04-28 11:28:54 +02:00
Morris Jobke
de8c15e1a4 Merge pull request #14764 from owncloud/shared-etag-propagate 
Propagate etags across shared storages
 2015-04-28 10:58:50 +02:00
Morris Jobke
b4a15db046 Merge pull request #15901 from owncloud/fix-share-docs 
fix several issues with doc blocks on share.php
 2015-04-28 10:41:04 +02:00
Roeland Jago Douma
73bb3a22f6 Password set via OCS API should not be double escaped 2015-04-28 10:33:19 +02:00
Joas Schilling
7c65448377 Fix return type of the getRootFolder() method 2015-04-28 09:36:29 +02:00
Joas Schilling
46083006e1 fix several issues with doc blocks on share.php 2015-04-28 08:40:47 +02:00
Thomas Müller
eb0e9e5646 Merge pull request #15890 from owncloud/fix-helper-docs 
Fix several type(hint) errors in private/helper.php
 2015-04-27 15:28:50 +02:00
Thomas Müller
7d0eba7a41 Merge pull request #15886 from owncloud/fix-15848-master 
Adjust isLocal() on encryption wrapper
 2015-04-27 15:06:26 +02:00
Joas Schilling
db6395ae20 Fix several type(hint) errors in private/helper.php 2015-04-27 14:45:05 +02:00
Thomas Müller
678b7d7e4d Merge pull request #15860 from owncloud/enc_fallback_old_encryption 
[encryption] handle encrypted files correctly which where encrypted with a old version of ownCloud (<=oc6)
 2015-04-27 14:32:19 +02:00
Thomas Müller
936d564058 fixes #15848 2015-04-27 14:26:05 +02:00
Morris Jobke
93c25a1f4a Merge pull request #15882 from owncloud/fix-type-annotation 
Fix type annotation
 2015-04-27 14:17:59 +02:00
Robin Appelman
2e897f05b1 triger propagation for webdav uploads 
use post hooks for share etag propagator
 2015-04-27 14:07:16 +02:00
Robin Appelman
45784f213f fix propagation when renaming a directly reshared folder 2015-04-27 14:07:16 +02:00
Robin Appelman
30ad56813a propagate etags for all user of a share 2015-04-27 14:07:15 +02:00
Robin Appelman
518d5aadf5 Allow getting *all* share entries owned by a user 2015-04-27 14:07:15 +02:00
Robin Appelman
849e5521de Make the change propagator an emitter 2015-04-27 14:07:15 +02:00
Thomas Müller
cc331609bf Merge pull request #15411 from mmattel/fix_for_15375_better_message_text 
Improve error messge text for app upgrade try (#15375)
 2015-04-27 13:38:16 +02:00
Lukas Reschke
d0363fe396 Fix type annotation 
Obviously should be an int
 2015-04-27 13:31:18 +02:00
Bjoern Schiessle
27683f9442 fall back to the ownCloud default encryption module and aes128 if we read a encrypted file without a header 2015-04-27 13:01:18 +02:00
Joas Schilling
d600955a51 Make getDefaultModuleId public and get module protected 2015-04-27 11:03:51 +02:00
Joas Schilling
a09df6d453 Verify that the encryption module exists before setting it 2015-04-27 11:03:50 +02:00
Lukas Reschke
4dfdaf741c Merge pull request #15834 from owncloud/make-temporary-file-really-unique 
Fix collision on temporary files + adjust permissions
 2015-04-25 23:18:26 +02:00
Lukas Reschke
b9df932e3c Merge pull request #15683 from owncloud/block-legacy-clients 
Block old legacy clients
 2015-04-24 18:21:10 +02:00
Bjoern Schiessle
9a5783b284 fix unit tests 2015-04-24 16:47:27 +02:00
jknockaert
49df8ef525 Update encryption.php 2015-04-24 16:44:00 +02:00
jknockaert
238302ee7d fixed name 2015-04-24 16:44:00 +02:00
jknockaert
1756562501 Update encryption.php 2015-04-24 16:44:00 +02:00
jknockaert
735f6cc037 fix encryption header error 
When moving back the pointer to position 0 (using stream_seek), the pointer on the encrypted stream will be moved to the position immediately after the header. Reading the header again (invoked by stream_read) will cause an error, writing the header again (invoked by stream_write) will corrupt the file. Reading/writing the header should therefore happen when opening the file rather than upon read or write. Note that a side-effect of this PR is that empty files will still get an encryption header; I think that is OK, but it is different from how it was originally implemented.
 2015-04-24 16:43:16 +02:00
Joas Schilling
4334e77035 Merge pull request #15839 from owncloud/enc_fix_moving_shared_files 
[encryption] fix moving files to a shared folder
 2015-04-24 15:07:36 +02:00
Joas Schilling
1592be117a Use public interfaces for type hinting 2015-04-24 13:06:03 +02:00
Bjoern Schiessle
24128d1384 only update share keys if the file was encrypted 2015-04-24 10:19:09 +02:00
Bjoern Schiessle
2646bccb83 update share keys if file gets copied 2015-04-23 17:18:48 +02:00
Bjoern Schiessle
2990b0e07e update share keys if a file is moved to a shared folder 2015-04-23 17:18:48 +02:00
Thomas Müller
b1bb6a3d36 Ignore test folders when checking the code for compliance 2015-04-23 16:59:26 +02:00
Lukas Reschke
ab9ea97d3a Catch not existing User-Agent header 
In case of an not sent UA header consider the client as valid
 2015-04-23 16:33:51 +02:00
Lukas Reschke
155ae44bc6 Fix collision on temporary files + adjust permissions 
This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug.

**[CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html)**
The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems:
The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user".

Effectively this leaves us with:

1. A timestamp based on seconds (no entropy at all)
2. `rand()` which returns usually a number between 0 and 2,147,483,647

Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed.

This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome.

**[CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)**

Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600.

**[CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html)**

Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes.
 2015-04-23 15:07:54 +02:00
Martin
676e86b314 Improve error messge text for app upgrade try (#15375) 2015-04-22 13:24:11 +02:00
Morris Jobke
3e8f6cdba9 Merge pull request #15635 from owncloud/issue/15634-empty-txt-previews 
Scale up the font on larger previews
 2015-04-20 15:55:32 +02:00
Morris Jobke
ce2c8533d9 Merge pull request #15735 from owncloud/fix-visibility 
Fix visibility of interfaces in \OCP
 2015-04-20 14:39:15 +02:00
Lukas Reschke
3959f8ac4e Merge pull request #15637 from owncloud/migrate-certificate-stuff 
Migrate personal certificate handling to AppFramework controllers
 2015-04-20 13:56:35 +02:00
Lukas Reschke
e9d6807c5c Merge pull request #15733 from owncloud/remove-oc_backgroundjob 
Removed OC_BackgroundJob - reduce class overhead
 2015-04-20 13:17:58 +02:00
Lukas Reschke
1cc2aefa46 Proper return types 2015-04-20 13:00:02 +02:00
Lukas Reschke
9f61cf60d4 Verify if returned object is an array 
The error has to be thrown at this point as otherwise errors and notices are thrown since the time cannot be parsed in L60 and L61
 2015-04-20 12:58:57 +02:00
Lukas Reschke
ed0b465cf9 Use 403 instead a 50x response 2015-04-20 12:53:40 +02:00
Joas Schilling
6da9e1a742 Fix visibility of public API methods 2015-04-20 12:52:40 +02:00
Lukas Reschke
4ea205e262 Block old legacy clients 
This Pull Request introduces a SabreDAV plugin that will block all older clients than 1.6.1 to connect and sync with the ownCloud instance.

This has multiple reasons:

1. Old ownCloud client versions before 1.6.0 are not properly working with sticky cookies for load balancers and thus generating sessions en masse
2. Old ownCloud client versions tend to be horrible buggy

In some cases we had in 80minutes about 10'000 sessions created by a single user. While this change set does not really "fix" the problem as 3rdparty legacy clients are affected as well, it is a good work-around and hopefully should force users to update their client
 2015-04-20 11:12:17 +02:00
Lukas Reschke
a98b819366 Add version to deprecation notice 
As requested by @MorrisJobke
 2015-04-20 10:30:16 +02:00
Lukas Reschke
f672e120fc Deprecate unused \OCP\Response::sendFile 
This function is unused in our own code and can be better achieved using the AppFramework. Also very easy to do grave mistaked using this function.
 2015-04-20 10:02:34 +02:00
Morris Jobke
9cb260d310 Merge pull request #15717 from owncloud/issue/15716-fixing-ocp-api-namespace-usage 
Fixing OCS API namespace usage
 2015-04-20 09:43:19 +02:00
Morris Jobke
d4ac7ac723 Merge pull request #15739 from DavidPrevot/symfony-2.7 
Replace `_method` requirement by {g,s}etMethods()
 2015-04-19 23:46:21 +02:00
Georg Ehrke
8f51efc49e get rid of OC_Geo 2015-04-19 20:16:56 +02:00