aboutsummaryrefslogtreecommitdiffstats
path: root/lib/base.php
Commit message (Collapse)AuthorAgeFilesLines
* Add warning log entry when user accesses untrusted domainLukas Reschke2015-11-101-0/+9
|
* [autoloader] Make sure to load construct full pathsRoeland Jago Douma2015-11-061-6/+0
| | | | | This reduces a lot of the autoloader magic and makes sure that we generate full paths in the autoloader.
* Use IRequest's `getScriptName` functionality instead of $_SERVER['SCRIPT_NAME']Lukas Reschke2015-10-211-1/+13
|
* Delete cookie instead of emptying valueLukas Reschke2015-10-191-1/+2
| | | | | | | | PHP will handle session cookies with an empty values as an E_WARNING error. ([php/#68063](https://bugs.php.net/bug.php?id=68063)) ownCloud sets the cookie to an empty value in case the session expires, it however after this starts a new session. Due to potential race conditions this can in unlikely cases lead to the fact that the session never gets restarted and the user is left with an empty cookie. PHP tries then to use the empty cookie which makes the instance not usable. To work around any race condition we now tell PHP to explicitly delete the value which can be done by using `null` as value, PHP will then send a cookie with the value "deleted". Also theepiration has been set to -1.
* Make sure that remote shares use the correct uid casingJoas Schilling2015-10-061-0/+8
|
* update licence headers via scriptMorris Jobke2015-10-051-1/+3
|
* cache result of \OCP\Util::needUpgrade()Individual IT Services2015-09-291-6/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reduce calls of \OCP\Util::needUpgrade() where \OCP\Util::needUpgrade() is called we can call as well self::checkUpgrade and use the cached result In line 877 the call way unnecessary anyway because of the first part of the if statement move caching to \OCP\Util::needUpgrade renaming variable fixing testNeedUpgradeCore() cache result of checkUpgrade() in self::$needUpgrade reduce calls of \OCP\Util::needUpgrade() where \OCP\Util::needUpgrade() is called we can call as well self::checkUpgrade and use the cached result In line 877 the call way unnecessary anyway because of the first part of the if statement move caching to \OCP\Util::needUpgrade renaming variable fixing testNeedUpgradeCore() fix typo in variable name deleting tabs
* Merge pull request #19293 from owncloud/individual-it-move_initTemplateThomas Müller2015-09-251-65/+1
|\ | | | | [jenkins] do not load unnecessary code in case of webdav
| * do not load unnecessary code in case of webdavIndividual IT Services2015-09-231-65/+1
| | | | | | | | | | | | | | | | | | | | | | | | changing from "protected static" to "protected" as suggested by @nickvergessen https://github.com/owncloud/core/pull/19114#discussion_r39719851 moving initTemplate() into template constr. reduce to move initTemplate only cleanup spaces
* | Merge pull request #15098 from owncloud/fix_preview_versions_revert_issueThomas Müller2015-09-241-1/+2
|\ \ | |/ |/| fix issue with version rollback and thumbnails
| * delete cached preview when rolling back file's versionGeorg Ehrke2015-09-201-1/+2
| | | | | | | | | | | | | | | | add random number using OC.parseQueryString and _.extend() version rollback: add missing prefix to OC\Preview::post_delete add test to assure that the rollback hook is called
* | Minor text typosPhil Davis2015-09-211-3/+3
|/ | | | that I noticed while looking at some code.
* Merge pull request #19024 from owncloud/remove-get_temp_dirThomas Müller2015-09-151-8/+0
|\ | | | | Remove get_temp_dir()
| * Remove get_temp_dir()Robin McCorkell2015-09-151-8/+0
| |
* | Allow /tests folder in autoloader by defaultLukas Reschke2015-09-151-1/+2
|/ | | | | | Given the fact that "/tests" is not shipped by default and this has broken some applications and frustrated quite some people we should add "/tests" to the default allowed autoloading set. I do consider the security impact marginally since the /tests folder is not shipped within the release as well as usually has a hard requirement on being called by phpunit.
* Merge pull request #18658 from owncloud/configurable-tempFrank Karlitschek2015-09-121-14/+3
|\ | | | | Configurable temporary directory
| * moved code to /lib/private/tempmanager.phproot2015-08-291-14/+3
| | | | | | | | | | | | fix for unit test some fixes
* | Only add valid root for enabled appsRobin McCorkell2015-09-051-4/+0
| |
* | Merge pull request #18794 from individual-it/reuse_systemConfigIndividual IT Services2015-09-041-1/+1
|\ \ | | | | | | reuse existing $systemConfig variable
| * | reuse existing $systemConfig variableIndividual IT Services2015-09-031-1/+1
| | |
* | | Proper details about git submodule updateMorris Jobke2015-09-031-1/+1
|/ / | | | | | | * fixes #18801
* / verify the path in the autoloaderRobin Appelman2015-09-011-4/+15
|/
* Remove DEBUG constant and use config valueMorris Jobke2015-08-241-4/+5
| | | | | * introduces config.php option 'debug' that defaults to false * migrate DEBUG constant to config value
* Merge pull request #18482 from owncloud/encrypt-session-dataMorris Jobke2015-08-241-5/+7
|\ | | | | Add a session wrapper to encrypt the data before storing it on disk
| * Add a session wrapper to encrypt the data before storing it on diskJoas Schilling2015-08-211-5/+7
| |
* | Merge pull request #18254 from owncloud/mitigate-breachMorris Jobke2015-08-241-12/+1
|\ \ | |/ |/| Add mitigation against BREACH
| * Add mitigation against BREACHLukas Reschke2015-08-141-12/+1
| | | | | | | | | | | | | | | | | | | | | | | | While BREACH requires the following three factors to be effectively exploitable we should add another mitigation: 1. Application must support HTTP compression 2. Response most reflect user-controlled input 3. Response should contain sensitive data Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed. To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
* | Merge pull request #17434 from owncloud/update-showappnameonappupdateMorris Jobke2015-08-201-21/+36
|\ \ | |/ |/| Display app names in update page for app updates
| * Additions to update pageVincent Petry2015-08-201-4/+5
| | | | | | | | | | | | | | Apps to update and to disable will always be shown. Main title changes only when apps need updated, not core. Added bullet style. Exclude incompatible apps from updated apps list.
| * Display app names in update page for app updatesVincent Petry2015-08-191-21/+35
| | | | | | | | | | Whenever the update page is displayed for apps, show app names instead of the core update text.
* | load backbone universallyArthur Schiwon2015-08-061-0/+2
| |
* | - more injectionThomas Müller2015-07-301-1/+3
| | | | | | | | | | | | - less static calls - use params on sql queries - handle sql exception on database and user creation gracefully
* | Remove commented codeMorris Jobke2015-07-241-2/+0
| |
* | Merge pull request #17075 from owncloud/bootstrap-tooltipBernhard Posselt2015-07-231-2/+2
|\ \ | | | | | | Replace jQuery tipsy with bootstrap tooltip
| * | moved tooltip.js to vendor scriptsHendrik Leppelsack2015-06-221-1/+1
| | |
| * | replaced tipsy with bootstrap tooltipHendrik Leppelsack2015-06-221-2/+2
| | |
* | | Merge pull request #17381 from owncloud/fix_sharing_add_to_groupMorris Jobke2015-07-211-0/+1
|\ \ \ | |_|/ |/| | [sharing] fix addToGroup hook
| * | intproduce pre_addToGroup hook. we need to calculate the possible uniqueBjoern Schiessle2015-07-061-0/+1
| | | | | | | | | | | | | | | targets before the user was added to the group otherwise we will always detect a name collision
* | | Javascript mimetype icon resolverRoeland Jago Douma2015-07-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes it possible to retrieve the icon for mimetypes in javascript. It makes no additional queries to the server to retrieve the mimetype. * config/mimetypealiases.json added * mimetype.js: this is where the logic resides to convert from mimetype to icon url * mimetypelist.js: generated file with a list of mimetype mapping (aliases) and the list of icon files * ./occ maintenance:mimetypesjs : new command for occ to gernerate mimetypes.js * unit tests updated and still work * javascript tests added * theming support * folder of the theme is now present in javascript (OC.theme.folder)
* | | Remove OC_LogThomas Müller2015-07-031-4/+5
|/ /
* | Catch cache garbage collection exception on postLoginVincent Petry2015-06-301-2/+8
| | | | | | | | Just log the exception instead of preventing access to OC.
* | update license headers and authorsMorris Jobke2015-06-251-1/+1
|/
* Fix login handler for file cache - fixes #16795Thomas Müller2015-06-081-1/+4
|
* Bring back OC\Cache\File - fixes #16760Thomas Müller2015-06-051-0/+14
|
* Merge pull request #16200 from owncloud/kill-globalfilecacheMorris Jobke2015-06-021-14/+0
|\ | | | | Drop file caching
| * also free joblist and base from file cache codeArthur Schiwon2015-05-121-14/+0
| |
* | release all locks on shutdownRobin Appelman2015-06-011-0/+2
| |
* | fix preview hooks, enable_previews default is trueGeorg Ehrke2015-05-131-1/+1
| |
* | use hooks to update encryption keys instead of the storage wrapper if a file ↵Bjoern Schiessle2015-05-111-0/+2
|/ | | | | | gets renamed/restored, as long as we are in the storage wrapper the file cache isn't up-to-date
* Do not trigger preview hooks if enable_previews is falseHugo Gonzalez Labrador2015-05-061-10/+10
|