This adds some security utilities to core including:
- A library for basic crypto operations (e.g. to encrypt passwords)
- A better library for cryptographic actions which allows you to specify the charset
- A library for secure string comparisions
Remove .htaccess
Remove .htaccess
Fix typo
Add public API
Use timing constant comparision
Remove CBC constant
Adjust code
Remove confusing $this
Now using a natural sort algorithm that is more consistent between JS
and PHP (although not perfect in some corner cases)
- added OC.Util.naturalSortComparator that uses the same algo that was
used for the user list
- changed user list and files list to use OC.Util.naturalSortComparator
- removed toLowerCase() and changed the comparator to use
String.localeCompare()
- added unit tests
- added OC_NaturalSort that is used by OCP\Util::naturalSortCompare()
- added PHP utility function to check for file name validity
- fixes issue where a user can create a file called ".." from the files UI
- added extra checks to make sure newfile.php and newfolder.php also
check for invalid characters
Whenever an exception occurs in the sabre connector code or code called
by it, it will be logged.
This plugin approach is needed because Sabre already catches exceptions
to return them to the client in the XML response, so they don't appear
logged in the web server log.
This will make it much easier to debug syncing issues.
In environments where there are rules for the email addresses, the "from
address" that owncloud uses has to be configurable.
This patch adds a new configuration variable 'mail_from_address'.
If it is configured, owncloud will use this as the sender of *all*
emails. (OwnCloud uses 'sharing-noreply' and 'password-noreply' by
default). By using the 'mail_from_address' configuration, only this
email address will be used.
In some specific situations, the L10N bundle isn't loadable yet (for
example when there is an issue with the app_config table). In such case,
we still want to be able to log the real exception.
This fixes errors that say "OC_L10N_String::__toString must not throw
exceptions"
The call of \OC_MAIL::send() overrides all optional parameters. This is not necessary. But if you want to have html mail templates (what I'm thinking about) it is a real problem
Add support for a reverse proxy that handles multiple domains via different
web roots (http[s]://proxy.tld/domain.tld/owncloud).
As the reverse proxy web root is transparent for the web server the
REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace
the direct use of this _SERVER variables with function calls and extend
this functions to overwrite the web root. Additionally it adds a Sabre
request backend that extends the Sabre_HTTP_Request to use the same
functions.