aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #18730 from owncloud/appframework_proper_304Vincent Petry2015-09-011-1/+1
|\ | | | | Properly return 304 in AppFramework
| * Properly return 304Roeland Jago Douma2015-09-011-1/+1
| | | | | | | | | | | | | | | | The ETag set in the IF_NONE_MODIFIED header is wraped in quotes ("). However the ETag that is set in response is not (yet). Also we need to cast the ETag to a string. * Added unit test
* | Merge pull request #18635 from ↵Vincent Petry2015-08-311-1/+13
|\ \ | |/ |/| | | | | owncloud/stickify-files-and-sharing-notification-types Sticky the notification types of files and sharing
| * Sticky the notification types of files and sharingJoas Schilling2015-08-281-1/+13
| |
* | Merge pull request #17899 from owncloud/enc_make_key_storage_root_configurableVincent Petry2015-08-316-30/+133
|\ \ | | | | | | Make root of key storage configurable
| * | don't read certificates if ownCloud is not installedBjoern Schiessle2015-08-303-3/+17
| | |
| * | make system root of key storage configurableBjoern Schiessle2015-08-304-29/+118
| | |
* | | Merge pull request #18691 from owncloud/request-no-readMorris Jobke2015-08-311-34/+49
|\ \ \ | | | | | | | | Decode request content only on getContent
| * | | Decode request content only on getContentRobin McCorkell2015-08-311-34/+49
| | |/ | |/|
* | | Merge pull request #10149 from owncloud/storage-wrapper-checkMorris Jobke2015-08-301-0/+3
|\ \ \ | |_|/ |/| | Check result of storage wrappers
| * | Check result of storage wrappersRobin Appelman2015-08-301-0/+3
| | |
* | | Merge pull request #18651 from owncloud/ocs_share_create_with_expireVincent Petry2015-08-301-0/+15
|\ \ \ | |/ / |/| | Allow to directly set the expireDate on a new (link)share
| * | Actually validate the expire date on shareRoeland Jago Douma2015-08-301-0/+15
| |/ | | | | | | * Added more intergration tests
* | Merge pull request #18620 from owncloud/add-public-interface-for-factoryVincent Petry2015-08-293-16/+26
|\ \ | | | | | | Add a public interface for the language factory so apps can use it
| * | Deprecate OC_L10N::get()Joas Schilling2015-08-281-6/+3
| | |
| * | Add a public interface for the language factory so apps can use itJoas Schilling2015-08-272-10/+23
| | |
* | | Merge pull request #18511 from owncloud/downgrad-sharing-error-logs-to-debugJoas Schilling2015-08-281-22/+22
|\ \ \ | | | | | | | | Change log level of debugging logs to debug
| * | | Change log level of debugging logs to debugJoas Schilling2015-08-241-22/+22
| | | |
* | | | Merge pull request #18423 from owncloud/occ_encrypt_allBjörn Schießle2015-08-281-29/+15
|\ \ \ \ | |_|_|/ |/| | | occ command line tool to encrypt all files
| * | | copy always file by file to encrypt/decrypt it if neededBjoern Schiessle2015-08-261-29/+15
| | | |
* | | | Remove last occurence of `forcessl`Lukas Reschke2015-08-261-2/+2
| |_|/ |/| | | | | | | | This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
* | | Merge pull request #18553 from owncloud/write-l10n-on-loginThomas Müller2015-08-261-4/+12
|\ \ \ | | | | | | | | Save detected l10n of browser on login
| * | | Save detected l10n of browser on loginMorris Jobke2015-08-251-4/+12
| | | | | | | | | | | | | | | | * fixes owncloud/activity#373
* | | | Merge pull request #17662 from owncloud/locking-dbThomas Müller2015-08-266-43/+292
|\ \ \ \ | | | | | | | | | | Database backend for locking
| * | | | Adding path to log messageThomas Müller2015-08-251-1/+1
| | | | |
| * | | | log a warning while trying to acquire a db lock from within a transactionRobin Appelman2015-08-102-5/+17
| | | | |
| * | | | add method to check if we're inside a transactionRobin Appelman2015-08-102-0/+19
| | | | |
| * | | | cleanup empty locksRobin Appelman2015-08-101-0/+14
| | | | |
| * | | | more phpdocRobin Appelman2015-08-031-1/+1
| | | | |
| * | | | more phpdocRobin Appelman2015-08-031-1/+9
| | | | |
| * | | | rename path field to keyRobin Appelman2015-08-031-8/+13
| | | | |
| * | | | initialize unused (for now) ttl field to 0Robin Appelman2015-08-031-1/+1
| | | | |
| * | | | Fix db schemaRobin Appelman2015-08-032-10/+8
| | | | |
| * | | | use the database backend for locking if no memcache is configured for itRobin Appelman2015-08-031-4/+2
| | | | |
| * | | | Add database backend for high level lockingRobin Appelman2015-08-031-0/+131
| | | | |
| * | | | split off keeping track of acquire locksRobin Appelman2015-08-032-36/+100
| | | | |
* | | | | Explicitly specify status code 200 as response codeLukas Reschke2015-08-251-0/+1
| |/ / / |/| | | | | | | | | | | Potentially fixes https://github.com/owncloud/core/issues/17586
* | | | Merge pull request #18523 from owncloud/crazy-scannerThomas Müller2015-08-251-4/+14
|\ \ \ \ | | | | | | | | | | Prevent bkg scanner going crazy with unavailable storages (ajax/scan.php)
| * | | | Prevent scanner going crazy with unavailable storagesVincent Petry2015-08-241-4/+14
| | | | |
* | | | | Remove DEBUG constant and use config valueMorris Jobke2015-08-243-10/+4
|/ / / / | | | | | | | | | | | | | | | | * introduces config.php option 'debug' that defaults to false * migrate DEBUG constant to config value
* | | | Fix master againLukas Reschke2015-08-241-0/+1
| | | | | | | | | | | | | | | | Caused due to merge of two PRs
* | | | Merge pull request #18482 from owncloud/encrypt-session-dataMorris Jobke2015-08-243-1/+283
|\ \ \ \ | |_|_|/ |/| | | Add a session wrapper to encrypt the data before storing it on disk
| * | | Handle failures gracefully, remove switchLukas Reschke2015-08-213-22/+97
| | | |
| * | | Add a session wrapper to encrypt the data before storing it on diskJoas Schilling2015-08-213-28/+235
| | | |
* | | | Merge pull request #18486 from owncloud/use-client-service-to-work-behind-proxyVincent Petry2015-08-241-0/+5
|\ \ \ \ | | | | | | | | | | Use client service to work behind proxy for checks for remote ownCloud instances
| * | | | Use IClientService to check for remote ownCloud instancesLukas Reschke2015-08-221-0/+5
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | 1. Allows to set a timeout (though still not perfect but way better than before) 2. Allows to have unit tests 3. I also added unit tests for the existing controller code 4. Corrected PHPDoc on IClient
* | | | Merge pull request #17501 from tbartenstein/patch-1Vincent Petry2015-08-241-1/+1
|\ \ \ \ | | | | | | | | | | Update fileinfo.php
| * | | | Update fileinfo.phptbartenstein2015-07-081-1/+1
| | | | | | | | | | | | | | | Edits isMounted() to remove the check for 'local' prefix, so that folder icons are displayed correctly (see issue #10712)
* | | | | Merge pull request #18254 from owncloud/mitigate-breachMorris Jobke2015-08-243-3/+28
|\ \ \ \ \ | |_|/ / / |/| | | | Add mitigation against BREACH
| * | | | Add mitigation against BREACHLukas Reschke2015-08-143-3/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While BREACH requires the following three factors to be effectively exploitable we should add another mitigation: 1. Application must support HTTP compression 2. Response most reflect user-controlled input 3. Response should contain sensitive data Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed. To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 09:48:47 +0000