Commit graph

35256 commits

Author SHA1 Message Date
Joas Schilling
b130267e58
Import the used classes
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-24 14:33:54 +02:00
Thomas Müller
0c637c8d73
[9.2] Add missing unit tests (#25936)
* Adjust unit test execution after folder rename

* Adjust login controller tests to match current behavior

* Fix broken unit tests
2016-10-24 14:25:52 +02:00
Roeland Jago Douma
729c06548f Merge pull request #1873 from nextcloud/files_sharing_singular
Move files_sharing Controllers => Controller
2016-10-24 14:16:02 +02:00
Lukas Reschke
bd8b3f52f0 Merge pull request #1830 from nextcloud/downstream-26250
Improved exception messages
2016-10-24 13:58:29 +02:00
Robin Appelman
0aec8647c2
use smaller cropper on small screens
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-24 13:56:21 +02:00
Robin Appelman
ad902d6bea
center cropper vertically
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-24 13:54:56 +02:00
Morris Jobke
24786d5c51 Merge pull request #1872 from nextcloud/ds-26447-misleading-ssl-config
Fix misleading SSL/TLS SMTP email configuration
2016-10-24 13:30:54 +02:00
Roeland Jago Douma
b4ebf03bef
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 13:25:59 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Roeland Jago Douma
f589f1a1d6
Move files_sharing Controllers => Controller
lib/Controller is the default location for controllers. So lets put them
all in there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 11:46:25 +02:00
Morris Jobke
169faf8c32
Remove sensible information from exception message
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-24 11:42:04 +02:00
Joas Schilling
d0d7767366
Fix misleading SSL/TLS SMTP email configuration
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-24 11:34:30 +02:00
Olivier Mehani
19ad058d06
Add message to NotSquareException thrown from Avatar
This prevents cryptic messages such as the following, from `user_ldap`:

     Could not set avatar for uid=user,ou=People,dc=example,dc=net, because:

Signed-off-by: Olivier Mehani <shtrom@ssji.net>

Add message to NotPermittedException thrown from Files\Nodes\Folder

Ditto.

Don't use translation macros here as this seems to be pretty low-level
errors that generally get caught and prettified, and I don't want to
unduly clog down the lower layers.

Signed-off-by: Olivier Mehani <shtrom@ssji.net>

fixup! Add message to NotPermittedException thrown from Files\Nodes\Folder
2016-10-24 11:27:27 +02:00
Morris Jobke
f054adb429 Merge pull request #1866 from xcellardoor/master
Modified the SQLite warning of server/settings/templates/admin/tiptri…
2016-10-24 11:21:56 +02:00
Morris Jobke
57a5551c3d Merge pull request #1853 from nextcloud/fix_di_share_api
Moved Share20OCS to proper Controller location
2016-10-24 10:57:47 +02:00
Roeland Jago Douma
ab91fa2660 Merge pull request #1820 from nextcloud/4byte-filenames
Allow 4byte unicode filenames on supported platforms
2016-10-24 10:38:25 +02:00
Sam Cater
f19d4ec29b
Modified the SQLite warning of server/settings/templates/admin/tiptricks.php to be more understandable and legible
Signed-off-by: Sam Cater <sam@samcater.com>

Added sign off of commit
2016-10-24 09:02:56 +01:00
Roeland Jago Douma
6604e76e94
Fix middleware tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 09:52:34 +02:00
Roeland Jago Douma
ea07bbc562
Move Share20OCS to ShareAPIController
It was already a controller just still residing in its old location.

* Moved ShareAPIController to user plain userID instead of user object
* Moved Share20OCS to ShareAPIController
* Removed initisation of class from Application.php and leave it to the
AppFramework
* Fixed tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 09:52:34 +02:00
Roeland Jago Douma
7998689bc9
Added method to DB and fix test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 09:45:04 +02:00
Joas Schilling
2aca56f207
Fix missing semicolon
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-24 09:26:30 +02:00
Lukas Reschke
598c145430 Merge pull request #1849 from nextcloud/oc_26368
Adding capability about new chunking - refs #25682 (#26368)
2016-10-22 15:11:49 +02:00
Lukas Reschke
1be6213ba4 Merge pull request #1832 from nextcloud/select2-into-core
Select2 into core
2016-10-22 14:35:07 +02:00
Lukas Reschke
169e889890
Add unit test
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-22 14:05:53 +02:00
Lukas Reschke
038d02a27d Merge pull request #1852 from nextcloud/downstream-25579
Adding Open Graph Support for public shares
2016-10-22 14:01:19 +02:00
Lukas Reschke
2b22a5fafd Merge pull request #1841 from nextcloud/oc_26359
Bumo zxcvbn && Fix zxcvbn path in setup page (26359)
2016-10-22 13:54:19 +02:00
Arthur Schiwon
ab3954745c
avoid that all avatars are copied to the author row when editing comments
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-21 22:57:06 +02:00
Roeland Jago Douma
7792902808
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 21:43:15 +02:00
Morris Jobke
57d54c9b72
Use proper image
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-21 21:42:40 +02:00
Thomas Müller
e0d919bbfc
Adding Open Graph Support for public shares http://ogp.me/
In case no preview is available we display the ownCloud logo

Fix unit test
2016-10-21 21:42:40 +02:00
Roeland Jago Douma
e8adf53f77 Merge pull request #1848 from nextcloud/php7.1-RC4
Bump to php7.1 RC4
2016-10-21 21:28:49 +02:00
Roeland Jago Douma
1184ed6f6d Merge pull request #1851 from nextcloud/oc_26352
cleanup occ help (#26352)
2016-10-21 21:20:41 +02:00
John Molakvoæ
3e5e07aa64
Template css order
Select2 systemtags removal
Settings again
Fix Script

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2016-10-21 16:56:31 +02:00
Vincent Petry
ae1000e045
Remove removed --dry-run command from occ help (#26352)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 16:38:37 +02:00
Robin Appelman
7427fb170f
show empty folder message in filepicker
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-21 16:35:55 +02:00
Thomas Müller
bf85139f53
Adding capability about new chunking - refs #25682 (#26368)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 16:33:37 +02:00
Robin Appelman
55c445ff39
set initial cropper to max size
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-21 15:08:36 +02:00
Roeland Jago Douma
eaf152efeb
Fix DateTime comparisson
Datetime now returns microseconds. But if the database doesn't store
those comparing them for equality most likely fails.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 13:43:39 +02:00
Roeland Jago Douma
13168ffbba
Bump to php7.1 RC4
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 11:37:25 +02:00
Joas Schilling
9965a95e3b Merge pull request #1842 from nextcloud/oc_26372
console.php now returns 1 instead of 0 on all errors (#26372)
2016-10-21 10:48:59 +02:00
Morris Jobke
9aeecfb3f2
fix .gitignore and include zxcvbn.js
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-21 10:19:18 +02:00
Morris Jobke
8dcef4fb59
remove unneeded steps
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-21 10:03:48 +02:00
Joas Schilling
0d878f94e6
Add unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:59:34 +02:00
Roeland Jago Douma
3cbaec416a
Fix personal page
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 09:51:36 +02:00
Philipp Eichhorn
8936320990
Fix zxcvbn path in setup page (#26359)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 09:51:33 +02:00
Roeland Jago Douma
6136af4973
Bump bower dep to proper v4.4.0
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 09:51:29 +02:00
Patrick Paysant
81d0c47244
console.log now returns 1 instead of 0 on all errors
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 09:49:08 +02:00
Morris Jobke
2b76d14330 Merge pull request #1834 from nextcloud/downstream-26186
Add more files plugins to new DAV endpoint
2016-10-21 09:44:15 +02:00
Joas Schilling
103bf6dd28
Switch to public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:26 +02:00
Joas Schilling
0b1fb180a5
Make AppConfig part of the public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00