Commit graph

37721 commits

Author SHA1 Message Date
Roeland Jago Douma
7a3acff782 Merge pull request #3874 from nextcloud/harden-js-by-disabling-eval-execution
Harden JS by disabling jQuery eval
2017-03-17 08:31:12 +01:00
Roeland Jago Douma
88e68b5058 Merge pull request #3875 from nextcloud/use-new-short-urls
Use cleaner social media URLs
2017-03-17 08:30:07 +01:00
Jörn Friedrich Dreyer
5155a5288c
Add CleanupRemoteStorages command
cleanup files, address review

Fix CleanupRemoteStoragesTest tests

Fix test expectation.
Added files count to check filecache deletion.

Sort by numeric id for deterministic test results

Removed precise order test and added storage check

Remove inaccurate removal message check which has a different order on
Oracle.

Added more checks to confirm that existing storages still exist.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:09:52 -06:00
Philipp Schaffrath
2ccf544ad7
Fixed failing test which was ignoring a required (not null) column (#26303)
* Fixed failing test which was ignoring a required (not null) column

* restored test to original, catching DriverException which also catches ConstraintViolationException

* catch ConstraintViolationException again

* removed unnecessary field from this test

* clobfield should be nullable

* clobfield now is nullable

* removed autoincrement since whenever this strategy is enabled, oracle would not throw constraint violation exceptions (needed for setValues), which mysql still does

* this field does not auto increment anymore

* mark integerfield as primary, since it is not getting marked as such through auto increment anymore,
integerfield default always has been 0 instead of null

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:09:07 -06:00
Vincent Petry
6488ed3cff
Backbone Webdav Adapter MKCOL support
Usually Backbone collections cannot be created and just simply exists.
But in the Webdav world they need to be creatable.

This enhancement makes it possible to use a Backbone Model to represent
such collections and when creating it, it will use MKCOL instead of PUT.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:08:48 -06:00
Vincent Petry
aebb8c3639
Ignore exception when deleting keys of deleted user
Whenever a user was deleted for encryption where the keys are stored in
the home, we can ignore user existence exceptions because it means the
keys are already gone.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:07:23 -06:00
Vincent Petry
377fdf3860
Skip null groups in group manager (#26871) (#26956)
* Skip null groups in group manager (#26871)

* Skip null groups in group manager

* Also skip null groups in group manager's search function

* Add more group null checks in sharing code

* Add unit tests for null group safety in group manager

* Add unit tests for sharing code null group checks

* Added tests for null groups handling in sharing code

* Ignore moveShare optional repair in mount provider

In some cases, data is inconsistent in the oc_share table due to legacy
data. The mount provider might attempt to make it consistent but if the
target group does not exist any more it cannot work. In such case we
simply ignore the exception as it is not critical. Keeping the
exception would break user accounts as they would be unable to use
their filesystem.

* Adjust null group handing + tests

* Fix new group manager tests

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:07:03 -06:00
Vincent Petry
cbebfaaf2b
Skip FailedStorage in background scan
The background job that scans storages must skip failed storages to
avoid potential exceptions, especially when the failed storage comes
from a shared storage where the source is not accessible.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:06:48 -06:00
Markus Goetz
075a606514
Chunking NG: Assemble in natural sort order of files
For https://github.com/owncloud/client/pull/5476

Before this, the assembly could be bogusly in the order 0,1,10,11,2,3 etc.

As per the spec "The name of every chunk should be its chunk number."
https://github.com/cernbox/smashbox/blob/master/protocol/chunking.md

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:06:31 -06:00
Vincent Petry
3740f9bc26
Integration test check download without saving file locally
Use Guzzle stream mode to download the contents instead of using a
temporary local file.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:57:16 -06:00
Morris Jobke
5d29e84118
Add drone.yml config
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:54:13 -06:00
Vincent Petry
659006c234
Add integration test for trashbin
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:53:58 -06:00
Vincent Petry
7256940524
Redirect unlink to rmdir (#27101)
Many API callers will call unlink even for directories and it can mess
up with some wrappers like the encryption wrapper

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:45:03 -06:00
Morris Jobke
cc077e67d7 Merge pull request #2824 from nextcloud/ext-storage-expireversions
Properly expire ext storage versions (#26601)
2017-03-16 23:00:55 -06:00
Morris Jobke
ead9a10cc5 Merge pull request #3619 from nextcloud/fix-scss-for-apps
Fix SCSS usage in apps
2017-03-16 22:51:31 -06:00
Nextcloud bot
5683365a2c
[tx-robot] updated from transifex 2017-03-17 01:07:41 +00:00
Lukas Reschke
86cba3ee45
Use cleaner social media URLs
We now have nice cleaner URLs since a longer time, let's use them.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:45:49 +01:00
Lukas Reschke
39afcbd49f Merge pull request #3679 from nextcloud/socialsharing
Add social sharing
2017-03-16 23:08:47 +01:00
Lukas Reschke
148e7abb51
Harden JS by disabling jQuery eval
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.

This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 23:03:02 +01:00
Lukas Reschke
c4fe36cc02 Merge pull request #3862 from nextcloud/dont-set-the-status-twice
Don't set the HTTP status twice
2017-03-16 22:05:47 +01:00
Lukas Reschke
d134dea508
Don't call function in constructor
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 21:59:47 +01:00
Lukas Reschke
9e957d0ac9
Adjust integration test
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 20:51:40 +01:00
Morris Jobke
cd4ebe2777 Merge pull request #3008 from nextcloud/appmenu-experiment
Show apps in header
2017-03-16 13:03:41 -06:00
Lukas Reschke
5f8f29508f
Adjust tests to include base-uri
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 18:12:10 +01:00
Roeland Jago Douma
2a9d1a7147 Merge pull request #3863 from nextcloud/additional-hardening-of-t
Harden t() with DOMPurify
2017-03-16 15:54:04 +01:00
Lukas Reschke
adfd1e63f6
Add base-uri to CSP policy
As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 15:16:20 +01:00
Lukas Reschke
6c8d48b0f6
Harden t() with DOMPurify
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 14:17:42 +01:00
Lukas Reschke
793d7d1bd7 Merge pull request #3860 from nextcloud/fix_master_after_3802
Fix unit tests of master
2017-03-16 14:08:32 +01:00
Joas Schilling
3a53784f80
Don't set the HTTP status twice
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 13:35:41 +01:00
Roeland Jago Douma
bb2ec51bbb
Fix unit tests of master
Follow up to #3802

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-16 12:46:02 +01:00
Roeland Jago Douma
57c1be8633 Merge pull request #3802 from Ko-/master
Check that set_time_limit is not disabled before calling it
2017-03-16 12:27:26 +01:00
Joas Schilling
7ca2f5f137 Merge pull request #3857 from nextcloud/issue-3901-legacy-caldav-endpoint-email-invitations
Fix scheduling plugin on legacy caldav endpoint
2017-03-16 12:14:32 +01:00
Julius Haertl
b8ef616455
Fix html formating issues
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
780400302c
Rebuild menu to keep order of icons correct
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
25e18b840b
Reduce device width and hide app name when menu is open
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
1d6fba03f4
Make enabling/disabling apps work with the new menu
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
efc681dcfe
Fix positioning of popovermenu
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
f58f8f6f47
Fix popover positioning after window resize
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
267b89f5c7
Cleanup SCSS for app menu and fix mobile view
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl
7eae6690ad
Make app management icon act like a normal app icon
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl
61dc78e6dc
Fix menu issues
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl
a630e4629f
Generate seperate menu list for header bar
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl
e3e4cb3e67
Move active app to the first slot
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl
42feab59d5
Show app icons in the header
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Ko-
786ee72146 Add warning on admin screen when set_time_limit is unavailable 2017-03-16 11:48:28 +01:00
Joas Schilling
652ee8a605
Fix scheduling plugin on legacy caldav endpoint
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 09:55:15 +01:00
Roeland Jago Douma
4d207680f2 Merge pull request #3624 from marncz/master
Update.js: countdown feedback before redirect
2017-03-16 07:56:51 +01:00
Nextcloud bot
2fafdb39ac
[tx-robot] updated from transifex 2017-03-16 01:07:36 +00:00
Lukas Reschke
085891a15d
Escape like parameters in database user backend
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-15 22:46:40 +01:00
Roeland Jago Douma
93c9a06761 Merge pull request #3788 from nextcloud/fed-share-modify
Add api to change the remote of an incoming federated share
2017-03-15 17:32:35 +01:00