summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add ContentSecurityPolicyNonceManagerLukas Reschke2016-10-249-4/+130
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add support for CSP noncesLukas Reschke2016-10-2414-12/+176
| | | | | | | | | | | | | | | | | CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce. At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.) IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO. Implementing this offers the following advantages: 1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist 2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file. If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/ Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #1820 from nextcloud/4byte-filenamesRoeland Jago Douma2016-10-245-5/+43
|\ | | | | Allow 4byte unicode filenames on supported platforms
| * Added method to DB and fix testRoeland Jago Douma2016-10-242-2/+19
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| * Allow 4byte unicode filenames on supported platformsRobin Appelman2016-10-203-3/+24
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Merge pull request #1849 from nextcloud/oc_26368Lukas Reschke2016-10-223-0/+82
|\ \ | | | | | | Adding capability about new chunking - refs #25682 (#26368)
| * | Add unit testLukas Reschke2016-10-221-0/+40
| | | | | | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * | Adding capability about new chunking - refs #25682 (#26368)Thomas Müller2016-10-212-0/+42
| | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | Merge pull request #1832 from nextcloud/select2-into-coreLukas Reschke2016-10-225-16/+6
|\ \ \ | | | | | | | | Select2 into core
| * | | Template css orderJohn Molakvoæ2016-10-215-16/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Select2 systemtags removal Settings again Fix Script Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | | | Merge pull request #1852 from nextcloud/downstream-25579Lukas Reschke2016-10-225-6/+41
|\ \ \ \ | | | | | | | | | | Adding Open Graph Support for public shares
| * | | | Fix testsRoeland Jago Douma2016-10-211-1/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| * | | | Use proper imageMorris Jobke2016-10-211-0/+0
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
| * | | | Adding Open Graph Support for public shares http://ogp.me/Thomas Müller2016-10-215-6/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In case no preview is available we display the ownCloud logo Fix unit test
* | | | | Merge pull request #1841 from nextcloud/oc_26359Lukas Reschke2016-10-227-56/+74
|\ \ \ \ \ | |/ / / / |/| | | | Bumo zxcvbn && Fix zxcvbn path in setup page (26359)
| * | | | fix .gitignore and include zxcvbn.jsMorris Jobke2016-10-213-3/+34
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
| * | | | Fix personal pageRoeland Jago Douma2016-10-211-1/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| * | | | Fix zxcvbn path in setup page (#26359)Philipp Eichhorn2016-10-211-1/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| * | | | Bump bower dep to proper v4.4.0Roeland Jago Douma2016-10-213-51/+38
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | | Merge pull request #1848 from nextcloud/php7.1-RC4Roeland Jago Douma2016-10-213-7/+7
|\ \ \ \ \ | | | | | | | | | | | | Bump to php7.1 RC4
| * | | | | Fix DateTime comparissonRoeland Jago Douma2016-10-212-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Datetime now returns microseconds. But if the database doesn't store those comparing them for equality most likely fails. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| * | | | | Bump to php7.1 RC4Roeland Jago Douma2016-10-211-2/+2
| | |_|/ / | |/| | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | | Merge pull request #1851 from nextcloud/oc_26352Roeland Jago Douma2016-10-211-6/+0
|\ \ \ \ \ | |/ / / / |/| | | | cleanup occ help (#26352)
| * | | | Remove removed --dry-run command from occ help (#26352)Vincent Petry2016-10-211-6/+0
|/ / / / | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | Merge pull request #1842 from nextcloud/oc_26372Joas Schilling2016-10-211-3/+3
|\ \ \ \ | |/ / / |/| | | console.php now returns 1 instead of 0 on all errors (#26372)
| * | | console.log now returns 1 instead of 0 on all errorsPatrick Paysant2016-10-211-3/+3
|/ / / | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | Merge pull request #1834 from nextcloud/downstream-26186Morris Jobke2016-10-214-18/+94
|\ \ \ | | | | | | | | Add more files plugins to new DAV endpoint
| * | | Add more files plugins to new DAV endpoint (#26186)Vincent Petry2016-10-204-18/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add more files plugins to new DAV endpoint Also fix report plugin to properly retrieve the path from the prolongated URL * In case the report is not for this plugin -> simply return to allow other plugins to get executed * Adjust onReport tests to match new behavior
* | | | Merge pull request #1806 from nextcloud/karakayasemi_1767Roeland Jago Douma2016-10-211-4/+4
|\ \ \ \ | | | | | | | | | | Update file.php put function posthook calls
| * | | | Update file.php put function posthook callsSemih Serhat Karakaya2016-10-201-4/+4
| |/ / / | | | | | | | | | | | | | | | | | | | | Logicaly, postHooks should emit after touch. For chunking file it is already emitting after touch. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | Merge pull request #1835 from nextcloud/downstream-24948Morris Jobke2016-10-2023-34/+39
|\ \ \ \ | | | | | | | | | | Move OC\Files\Storage\Shared to the right namespace
| * | | | Fix shared storage namespace in DecryptAll classVincent Petry2016-10-202-2/+2
| | | | |
| * | | | Move OC\Files\Storage\Shared to the right namespaceJoas Schilling2016-10-2021-32/+37
| | | | |
* | | | | Merge pull request #1827 from nextcloud/downstream-26381Morris Jobke2016-10-205-193/+0
|\ \ \ \ \ | |_|/ / / |/| | | | Get rid of very old oc:// stream wrapper (#26381)
| * | | | Get rid of very old oc:// stream wrapper (#26381)Vincent Petry2016-10-205-193/+0
|/ / / /
* | | | Merge pull request #1826 from nextcloud/downstream-26391Morris Jobke2016-10-202-2/+24
|\ \ \ \ | | | | | | | | | | Fix post_unshareFromSelf hook parameter format
| * | | | Fix post_unshareFromSelf hook parameter formatVincent Petry2016-10-202-2/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When unsharing from self in a group share situation, the share items passed to the post_unshareFromSelf hook were using the wrong format in which the attribute names (ex: "share_type") have non camel-case format. This fix makes sure that in group sharing case we use the correct format. It looks like the code was already producing it but in array_merge it was not using it and adding the unprocessed one.
* | | | | Merge pull request #1824 from nextcloud/downstream-26423Morris Jobke2016-10-202-7/+11
|\ \ \ \ \ | |_|/ / / |/| | | | Ensure $commands being an array
| * | | | Ensure $commands being an array - fixes #26073Thomas Müller2016-10-202-0/+4
| | | | |
| * | | | use short array syntaxMorris Jobke2016-10-201-7/+7
| |/ / / | | | | | | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | | | Merge pull request #1821 from nextcloud/downstream-26366Morris Jobke2016-10-202-22/+25
|\ \ \ \ | | | | | | | | | | Code style changes from downstream
| * | | | Sanitize length headers when validating quotaThomas Müller2016-10-202-22/+25
| |/ / /
* | | | Merge pull request #1817 from nextcloud/oc_nusLukas Reschke2016-10-201-0/+1
|\ \ \ \ | | | | | | | | | | Expose the needupgrade status (#26209)
| * | | | Expose the needupgrade status (#26209)Kristof Provost2016-10-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During upgrades, before the DB migration is complete, the system is not usable, but there's no way for monitoring systems to detect this. Add the 'needupgrade' field to the status json so monitoring systems can detect this. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | | Merge pull request #1822 from ↵Roeland Jago Douma2016-10-205-51/+46
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | nextcloud/restore-overwritten-services-after-errors Restore overwritten services after errors
| * | | | | Restore all services when a tests failed/finished for better testcase isolationJoas Schilling2016-10-201-3/+26
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * | | | | Make sure all tests use the TestCase method to overwrite servicesJoas Schilling2016-10-204-48/+20
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | | | | Merge pull request #1812 from ↵Jakob Sack2016-10-201-0/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | nextcloud/allow-to-dismiss-the-code-integrity-warning Allow to dismiss the code integrity warning
| * | | | | Allow to dismiss the code integrity warningJoas Schilling2016-10-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | | | | | Merge pull request #1796 from nextcloud/oc_fav-reportLukas Reschke2016-10-2013-280/+124
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Make it possible to filter by tags with REPORT method
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-04 16:27:51 +0000