summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Use insertIfNotExists to avoid problems with parallel callsJoas Schilling2015-05-111-4/+6
|
* Add a test for parallel insertJoas Schilling2015-05-111-12/+29
|
* Always test the object and the legacy classJoas Schilling2015-05-111-59/+127
|
* \OC\Connector\Sabre\CopyEtagHeaderPlugin constructor does not take arguments.Andreas Fischer2015-05-071-1/+1
|
* Merge pull request #16035 from ↵Thomas Müller2015-05-072-15/+37
|\ | | | | | | | | owncloud/issue-15975-occ-encryption-enable-warning-no-module Display a message when there is a problem with the default module
| * Display a message when there is a problem with the default moduleJoas Schilling2015-05-042-15/+37
| |
* | Fix missing types on doc block and deduplicate the method nameJoas Schilling2015-05-061-1/+1
| |
* | move/copy from storageBjoern Schiessle2015-05-061-9/+10
| |
* | unit testsBjoern Schiessle2015-05-061-41/+68
| |
* | Merge pull request #16070 from owncloud/enc_update_file_cache_on_copyMorris Jobke2015-05-061-11/+41
|\ \ | | | | | | make sure that we keep the correct encrypted-flag and the (unencrypted)size
| * | make sure that we keep the correct encrypted-flag and the (unencrypted)size ↵Bjoern Schiessle2015-05-051-11/+41
| | | | | | | | | | | | if a file gets copied
* | | Merge pull request #16064 from owncloud/fix-empty-mail-addressJan-Christoph Borchardt2015-05-051-0/+70
|\ \ \ | | | | | | | | Allow user to set an empty email address
| * | | Add test for setEmailAddressJoas Schilling2015-05-051-0/+70
| |/ /
* | | add positive tests for operator in code checkerMorris Jobke2015-05-052-0/+30
| | |
* | | Check usage of != and == - refs #16054Thomas Müller2015-05-053-2/+28
|/ /
* | Merge pull request #15772 from ↵Joas Schilling2015-05-041-0/+33
|\ \ | |/ |/| | | | | owncloud/issue-15771-dont-restrict-permissions-for-share-owner Do not restrict permissions for the original owner
| * Add a test to share a subfolder of a folder shared with the owner by groupJoas Schilling2015-04-291-0/+33
| |
* | Merge pull request #15584 from owncloud/enc_fix_upload_shared_folderThomas Müller2015-05-041-0/+4
|\ \ | | | | | | skip user if we don't have a public key
| * | Allow setting protected propertiesJoas Schilling2015-04-301-0/+4
| | |
* | | allow getting the path from the lockedexceptionRobin Appelman2015-04-301-0/+19
| | |
* | | add tests for castraitRobin Appelman2015-04-301-0/+73
| | |
* | | add memcache based shared/exclusive lockingRobin Appelman2015-04-302-0/+163
| | |
* | | add compare and swap to memcacheRobin Appelman2015-04-301-0/+12
| | |
* | | extends memcache with add, inc and decRobin Appelman2015-04-301-0/+36
|/ /
* | Merge pull request #15596 from owncloud/issue/15589Morris Jobke2015-04-291-2/+56
|\ \ | | | | | | Correctly generate the feedback URL for remote share
| * | Add tests for the correct share id on the call aswellJoas Schilling2015-04-281-5/+8
| | |
| * | make scrutinizer happyJoas Schilling2015-04-281-1/+1
| | |
| * | Add tests for the remote sharing urlJoas Schilling2015-04-281-2/+53
| | |
* | | Merge pull request #15906 from rullzer/fix_15777Morris Jobke2015-04-291-0/+46
|\ \ \ | |_|/ |/| | Password set via OCS API should not be double escaped
| * | Added unit testRoeland Jago Douma2015-04-281-0/+46
| | |
* | | Filter potential dangerous filenames for avatarsLukas Reschke2015-04-281-0/+23
| |/ |/| | | | | We don't want to have users misusing this API resulting in a potential file disclosure of "avatar.(jpg|png)" files.
* | Merge pull request #14764 from owncloud/shared-etag-propagateMorris Jobke2015-04-282-2/+3
|\ \ | |/ |/| Propagate etags across shared storages
| * fix testRobin Appelman2015-04-271-1/+0
| |
| * dont use our now non existing hookRobin Appelman2015-04-271-1/+3
| |
* | Merge pull request #15886 from owncloud/fix-15848-masterThomas Müller2015-04-271-0/+3
|\ \ | | | | | | Adjust isLocal() on encryption wrapper
| * | fixes #15848Thomas Müller2015-04-271-0/+3
| |/
* | Merge pull request #15860 from owncloud/enc_fallback_old_encryptionThomas Müller2015-04-271-1/+1
|\ \ | |/ |/| [encryption] handle encrypted files correctly which where encrypted with a old version of ownCloud (<=oc6)
| * fall back to the ownCloud default encryption module and aes128 if we read a ↵Bjoern Schiessle2015-04-271-1/+1
| | | | | | | | encrypted file without a header
* | Fix new testsJoas Schilling2015-04-272-5/+2
| |
* | Add unit tests for the commandsJoas Schilling2015-04-273-0/+274
| |
* | Make getDefaultModuleId public and get module protectedJoas Schilling2015-04-271-4/+6
| |
* | Deduplicate module mockJoas Schilling2015-04-271-41/+34
| |
* | Add test for setDefaultEncryptionModuleJoas Schilling2015-04-271-0/+31
| |
* | Add a test that the default module is returned before we fall backJoas Schilling2015-04-271-1/+35
|/
* Merge pull request #15834 from owncloud/make-temporary-file-really-uniqueLukas Reschke2015-04-251-4/+25
|\ | | | | Fix collision on temporary files + adjust permissions
| * Fix collision on temporary files + adjust permissionsLukas Reschke2015-04-231-4/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug. **[CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html)** The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems: The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user". Effectively this leaves us with: 1. A timestamp based on seconds (no entropy at all) 2. `rand()` which returns usually a number between 0 and 2,147,483,647 Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed. This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome. **[CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)** Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600. **[CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html)** Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes.
* | Merge pull request #15683 from owncloud/block-legacy-clientsLukas Reschke2015-04-241-0/+129
|\ \ | | | | | | Block old legacy clients
| * | Catch not existing User-Agent headerLukas Reschke2015-04-231-1/+12
| | | | | | | | | | | | In case of an not sent UA header consider the client as valid
| * | Use 403 instead a 50x responseLukas Reschke2015-04-201-1/+2
| | |
| * | Block old legacy clientsLukas Reschke2015-04-201-0/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This Pull Request introduces a SabreDAV plugin that will block all older clients than 1.6.1 to connect and sync with the ownCloud instance. This has multiple reasons: 1. Old ownCloud client versions before 1.6.0 are not properly working with sticky cookies for load balancers and thus generating sessions en masse 2. Old ownCloud client versions tend to be horrible buggy In some cases we had in 80minutes about 10'000 sessions created by a single user. While this change set does not really "fix" the problem as 3rdparty legacy clients are affected as well, it is a good work-around and hopefully should force users to update their client
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-16 17:26:17 +0000