summaryrefslogtreecommitdiffstats
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Set RewriteBase to / if OC::WEBROOT is not setLukas Reschke2015-12-011-1/+2
|
* Set "SetEnv" within base `.htaccess` fileLukas Reschke2015-12-011-0/+3
| | | | mod_rewrite as used by the front controller may require a `RewriteBase` in case the installation is done using an alias. Since we cannot enforce a writable `.htaccess` file this will move the `front_controller_active` environment variable into the main .htaccess file. If administrators decide to have this one not writable they can still enable this feature by setting the `front_controller_active` environment variable within the Apache config.
* Support pretty URLsLukas Reschke2015-12-014-3/+20
| | | | | | | | | | | | This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore. Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons. Examples: http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/ Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
* Merge pull request #20285 from owncloud/add-integrity-checkerThomas Müller2015-12-0110-3/+802
|\ | | | | Add code integrity checker foundation
| * Add code integrity checkLukas Reschke2015-12-0110-3/+802
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
* | Fix the docs of the exceptions and remove hardcoded language from the messageJoas Schilling2015-12-012-4/+4
|/
* Allow DI the system tag stuff without Application classJoas Schilling2015-11-301-0/+8
|
* Merge pull request #20650 from owncloud/systemtags-coreThomas Müller2015-11-308-5/+644
|\ | | | | Implement systemtag managers and mapper
| * Do not count the entries when we only need to know if it is at least oneJoas Schilling2015-11-301-5/+14
| |
| * Fix use statementsJoas Schilling2015-11-303-21/+25
| |
| * Add backticks inside function to escape the columnJoas Schilling2015-11-301-1/+1
| |
| * Added system tags data structure and PHP side managersVincent Petry2015-11-278-5/+631
| | | | | | | | Added SystemTagManager and SystemTagObjectMapper
* | Merge pull request #20815 from owncloud/avatar-cache-sizeThomas Müller2015-11-301-2/+7
|\ \ | | | | | | cache resized avatars
| * | cache resized avatarsRobin Appelman2015-11-281-2/+7
| | |
* | | Merge pull request #20248 from ↵Thomas Müller2015-11-302-0/+2
|\ \ \ | | | | | | | | | | | | | | | | owncloud/use-phpunit-groups-to-run-database-code-in-isolation Use phpunit groups to run database code in isolation
| * | | Add DB group to some files_external testsThomas Müller2015-11-302-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding group Db to federation tests and ldap tests Add group DB to Test_UrlGenerator Adding group DB to trashbin and versions tests Adding group DB to Test_Util_CheckServer for pg
* | | | Merge pull request #20809 from owncloud/dont-trust-update-server-messageThomas Müller2015-11-301-1/+3
|\ \ \ \ | |/ / / |/| | | Don't trust update server
| * | | Don't trust update serverLukas Reschke2015-11-281-1/+3
| |/ / | | | | | | | | | | | | | | | In case the update server may deliver malicious content this would allow an adversary to inject arbitrary HTML into the response. So very bad stuff. While signing the response would be better and something we can also do in the future (considering the code signing work), this is already a good first start.
* | | Merge pull request #20788 from owncloud/catch-missing-routeThomas Müller2015-11-303-6/+27
|\ \ \ | | | | | | | | Dont die when we're missing a route
| * | | Dont die when we're missing a routeRobin Appelman2015-11-273-6/+27
| | | |
* | | | Revert "Dont bother with stream_resolve_include_path if the path is already ↵Vincent Petry2015-11-291-5/+1
| |/ / |/| | | | | | | | absolute"
* | | Merge pull request #20789 from owncloud/scanner-skip-not-availableRobin Appelman2015-11-271-2/+17
|\ \ \ | | | | | | | | Skip unavailable storages in scanner
| * | | also log exceptionRobin Appelman2015-11-271-0/+1
| | | |
| * | | Skip unavailable storages in scannerRobin Appelman2015-11-271-2/+16
| |/ /
* | | Merge pull request #20792 from owncloud/autoloader-absolute-pathsThomas Müller2015-11-271-1/+5
|\ \ \ | | | | | | | | Dont bother with stream_resolve_include_path if the path is already absolute
| * | | Dont bother with stream_resolve_include_path if the path is already absoluteRobin Appelman2015-11-271-1/+5
| |/ /
* | | Merge pull request #20782 from mitar/better-httpsThomas Müller2015-11-271-1/+2
|\ \ \ | | | | | | | | Also allow empty value for no-HTTPS
| * | | Also allow empty value for no-HTTPS.Mitar2015-11-271-1/+2
| |/ / | | | | | | | | | This makes it work better with old version of Nginx.
* / / Add full interface of server container as aliasMorris Jobke2015-11-261-0/+1
|/ /
* | Merge pull request #20602 from owncloud/fix-installed-appsThomas Müller2015-11-261-0/+6
|\ \ | | | | | | Always installed apps includes the hardcoded ones from shipped.json
| * | Always installed apps includes the hardcoded ones from shipped.jsonMorris Jobke2015-11-191-0/+6
| | | | | | | | | | | | * fixes #20568
* | | Merge pull request #20702 from owncloud/move-user-principal-into-subfolderThomas Müller2015-11-262-0/+18
|\ \ \ | | | | | | | | Users are available under it's own principal resource named 'principa…
| * | | Introduce \OCP\IUser::getEMailAddress()Thomas Müller2015-11-252-0/+18
| | | |
* | | | Merge pull request #20393 from owncloud/querybuilder-select-with-aliasThomas Müller2015-11-262-0/+42
|\ \ \ \ | | | | | | | | | | Add a method to select a field or value with alias
| * | | | Add a method to select a field or value with aliasJoas Schilling2015-11-232-0/+42
| | | | |
* | | | | Merge pull request #20746 from owncloud/untangle-linkToDocsThomas Müller2015-11-265-17/+16
|\ \ \ \ \ | | | | | | | | | | | | Untangle the linkToDocs method in OC_Helper
| * | | | | Untangle the linkToDocs method in OC_HelperMorris Jobke2015-11-265-17/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * now uses the proper URLGenerator interface * add comment about DI problems
* | | | | | Merge pull request #20562 from owncloud/comments-interfacesThomas Müller2015-11-264-0/+378
|\ \ \ \ \ \ | |/ / / / / |/| | | | | public interfaces for Comments
| * | | | | proper description for IllegalIDChangeExceptionArthur Schiwon2015-11-261-1/+1
| | | | | |
| * | | | | missing setters for setChildrenCount and setLatestChildDateTime (formerly ↵Arthur Schiwon2015-11-231-5/+23
| | | | | | | | | | | | | | | | | | | | | | | | …Timestamp)
| * | | | | give creation datetime setter and getter a more meaningful and less ↵Arthur Schiwon2015-11-231-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | misleading name
| * | | | | public interfaces for CommentsArthur Schiwon2015-11-234-0/+360
| | | | | |
* | | | | | Merge pull request #20744 from owncloud/oc_helper-getMimeType-cleanupThomas Müller2015-11-264-15/+3
|\ \ \ \ \ \ | | | | | | | | | | | | | | Remove last occurences of OC_Helper::getMimeType()
| * | | | | | remove unused methodMorris Jobke2015-11-261-12/+0
| | | | | | |
| * | | | | | Remove last occurences of OC_Helper::getMimeType()Morris Jobke2015-11-263-3/+3
| | |_|/ / / | |/| | | | | | | | | | | | | | | | * ref #4774
* | | | | | Merge pull request #20731 from owncloud/per-storage-updaterThomas Müller2015-11-265-114/+144
|\ \ \ \ \ \ | | | | | | | | | | | | | | Make Cache\Updater per storage
| * | | | | | Make Cache\Updater per storageRobin Appelman2015-11-255-114/+144
| | | | | | |
* | | | | | | Remove unused internal methodsMorris Jobke2015-11-262-33/+2
| |/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | * removes OC_Helper::mb_substr_replace and OC_Helper::mb_str_replace * keeps public interface wrapper working as expected
* | | | | | Merge pull request #20691 from owncloud/share2.0_di_fixesThomas Müller2015-11-255-85/+64
|\ \ \ \ \ \ | | | | | | | | | | | | | | [Sharing 2.0] di fixes
| * | | | | | [Sharing 2.0] Fix phpdoc etcRoeland Jago Douma2015-11-245-40/+47
| | | | | | |
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 17:44:15 +0000