nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

	Commit message (Collapse)	Author	Age	Files	Lines
*	Merge pull request #14856 from rullzer/remote_avatars	Morris Jobke	2015-08-29	1	-12/+17
\|\ \| \| \| \|	Allow Remote avatars
\| *	Allow remote avatars	Roeland Jago Douma	2015-08-29	1	-12/+17
\| \|
* \|	Merge pull request #18620 from owncloud/add-public-interface-for-factory	Vincent Petry	2015-08-29	1	-0/+1
\|\ \ \| \|/ \|/\|	Add a public interface for the language factory so apps can use it
\| *	Add a test for the interface	Joas Schilling	2015-08-28	1	-0/+1
\| \|
* \|	Merge pull request #18423 from owncloud/occ_encrypt_all	Björn Schießle	2015-08-28	3	-55/+141
\|\ \ \| \| \| \| \| \|	occ command line tool to encrypt all files
\| * \|	copy always file by file to encrypt/decrypt it if needed	Bjoern Schiessle	2015-08-26	1	-53/+8
\| \| \|
\| * \|	occ tool to encrypt all files	Bjoern Schiessle	2015-08-26	3	-2/+133
\| \| \|
* \| \|	Use certificates that expire in 10 years	Lukas Reschke	2015-08-27	3	-33/+48
\| \|/ \|/\| \| \| \| \|	:speak_no_evil: :speak_no_evil: :speak_no_evil:
* \|	Merge pull request #17662 from owncloud/locking-db	Thomas Müller	2015-08-26	2	-0/+73
\|\ \ \| \| \| \| \| \|	Database backend for locking
\| * \|	log a warning while trying to acquire a db lock from within a transaction	Robin Appelman	2015-08-10	1	-1/+1
\| \| \|
\| * \|	Fix db schema	Robin Appelman	2015-08-03	1	-1/+1
\| \| \|
\| * \|	Add database backend for high level locking	Robin Appelman	2015-08-03	1	-0/+43
\| \| \|
\| * \|	split off keeping track of acquire locks	Robin Appelman	2015-08-03	1	-0/+30
\| \| \|
* \| \|	Explicitly specify status code 200 as response code	Lukas Reschke	2015-08-25	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \|	Potentially fixes https://github.com/owncloud/core/issues/17586
* \| \|	Merge pull request #18491 from owncloud/expire-token-after-12h-or-login	Lukas Reschke	2015-08-24	1	-7/+116
\|\ \ \ \| \| \| \| \| \| \| \|	Expire token after 12h and if user logged-in again
\| * \| \|	Expire token after 12h and if user logged-in again	Lukas Reschke	2015-08-22	1	-7/+116
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.
* \| \| \|	Merge pull request #18482 from owncloud/encrypt-session-data	Morris Jobke	2015-08-24	3	-0/+136
\|\ \ \ \ \| \| \| \| \| \| \| \| \| \|	Add a session wrapper to encrypt the data before storing it on disk
\| * \| \| \|	Handle failures gracefully, remove switch	Lukas Reschke	2015-08-21	1	-3/+4
\| \| \| \| \|
\| * \| \| \|	Add a session wrapper to encrypt the data before storing it on disk	Joas Schilling	2015-08-21	3	-0/+135
\| \|/ / /
* \| \| \|	Merge pull request #18254 from owncloud/mitigate-breach	Morris Jobke	2015-08-24	12	-16/+130
\|\ \ \ \ \| \|/ / / \|/\| \| \|	Add mitigation against BREACH
\| * \| \|	Add mitigation against BREACH	Lukas Reschke	2015-08-14	12	-16/+130
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	While BREACH requires the following three factors to be effectively exploitable we should add another mitigation: 1. Application must support HTTP compression 2. Response most reflect user-controlled input 3. Response should contain sensitive data Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed. To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
* \| \| \|	Merge pull request #18426 from owncloud/joblist-next-non-existing	Morris Jobke	2015-08-21	1	-0/+26
\|\ \ \ \ \| \| \| \| \| \| \| \| \| \|	handle non existing job classes in $jobList->getNext
\| * \| \| \|	handle non existing job classes in $jobList->getNext	Robin Appelman	2015-08-19	1	-0/+26
\| \| \|_\|/ \| \|/\| \|
* \| \| \|	Merge pull request #18457 from owncloud/test-traits	Robin McCorkell	2015-08-20	4	-44/+127
\|\ \ \ \ \| \| \| \| \| \| \| \| \| \|	Move common test logic to re-usable traits
\| * \| \| \|	add test mountprovider logic to a trait	Robin Appelman	2015-08-20	2	-31/+60
\| \| \| \| \|
\| * \| \| \|	allow moving common test logic into traits	Robin Appelman	2015-08-20	3	-14/+68
\| \| \| \| \|
* \| \| \| \|	Merge pull request #18372 from ↵	Joas Schilling	2015-08-20	1	-1/+196
\|\ \ \ \ \ \| \|/ / / / \|/\| \| \| \| \| \| \| \| \| \| \| \| \| \|	owncloud/issue-18358-object-type-and-id-for-activities Issue 18358 object type and id for activities
\| * \| \| \|	Add test coverage for Activity Event and Manager	Joas Schilling	2015-08-20	1	-1/+196
\| \| \| \| \|
* \| \| \| \|	Merge pull request #18369 from owncloud/occ-log	Morris Jobke	2015-08-20	2	-0/+302
\|\ \ \ \ \ \| \| \| \| \| \| \| \| \| \| \| \|	occ commands to manage logging
\| * \| \| \| \|	Unit tests for occ log:* commands	Robin McCorkell	2015-08-19	2	-0/+302
\| \| \| \| \| \|
* \| \| \| \| \|	Merge pull request #17434 from owncloud/update-showappnameonappupdate	Morris Jobke	2015-08-20	1	-0/+70
\|\ \ \ \ \ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Display app names in update page for app updates
\| * \| \| \| \| \|	Additions to update page	Vincent Petry	2015-08-20	1	-3/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Apps to update and to disable will always be shown. Main title changes only when apps need updated, not core. Added bullet style. Exclude incompatible apps from updated apps list.
\| * \| \| \| \| \|	Display app names in update page for app updates	Vincent Petry	2015-08-19	1	-0/+67
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Whenever the update page is displayed for apps, show app names instead of the core update text.
* \| \| \| \| \| \|	Merge pull request #18432 from owncloud/ext-backends.simple	Morris Jobke	2015-08-19	1	-21/+0
\|\ \ \ \ \ \ \ \| \|_\|_\|/ / / / \|/\| \| \| \| \| \|	Migrate simple external storage backends to new registration API [part 1]
\| * \| \| \| \| \|	Revert "Fix mounting wrapped storages resulting in many-layered wrapping"	Robin McCorkell	2015-08-19	1	-21/+0
\| \| \|_\|/ / / \| \|/\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This reverts commit 75a5e6e12b18a9f5b7b113cd7e2c9c56c204084d.
* / \| \| \| \|	Filter the objectstore password from the config list as well	Joas Schilling	2015-08-19	1	-0/+17
\|/ / / / /
* \| \| \| \|	Move avatarcontroller towards Node Api	Roeland Jago Douma	2015-08-18	1	-11/+11
\| \| \| \| \|
* \| \| \| \|	Merge pull request #17182 from owncloud/user_ini_upload_size	Robin McCorkell	2015-08-17	3	-0/+202
\|\ \ \ \ \ \| \|_\|/ / / \|/\| \| \| \|	Update .user.ini when setting upload size limit
\| * \| \| \|	Unit test OC_Files::setUploadLimit()	Robin McCorkell	2015-07-20	3	-0/+202
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	There was also a bug with checking the upper limit on the passed upload size. PHP does funny things with integer vs float comparisons, so our check didn't work. Now the check is much simpler, and ensures the value is sane.
* \| \| \| \|	[test] more tests for UserController::setMailAddress	Morris Jobke	2015-08-17	1	-5/+13
\| \|_\|/ / \|/\| \| \| \| \| \| \| \| \| \| \|	* fixes #12885
* \| \| \|	Merge pull request #17982 from owncloud/appframework-sanitize-name	Thomas Müller	2015-08-12	1	-0/+19
\|\ \ \ \ \| \| \| \| \| \| \| \| \| \|	Sanitize class names before registerService/query
\| * \| \| \|	Sanitize class names before registerService/query	Robin McCorkell	2015-07-30	1	-0/+19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Leading backslashes are removed, so a `registerService('\\OC\\Foo')` can still be resolved with `query('OC\\Foo')`.
* \| \| \| \|	Merge pull request #18127 from owncloud/dav-request-tests	Thomas Müller	2015-08-12	5	-0/+405
\|\ \ \ \ \ \| \| \| \| \| \| \| \| \| \| \| \|	add test framework for doing full request webdav tests
\| * \| \| \| \|	fix setup/teardown	Robin Appelman	2015-08-11	1	-11/+18
\| \| \| \| \| \|
\| * \| \| \| \|	split out creating the sabre dav server to it's own factory	Robin Appelman	2015-08-11	1	-31/+13
\| \| \| \| \| \|
\| * \| \| \| \|	add test framework for doing full request webdav tests	Robin Appelman	2015-08-11	5	-0/+416
\| \| \| \| \| \|
* \| \| \| \| \|	Merge pull request #17852 from owncloud/register-alias-factory	Robin McCorkell	2015-08-11	2	-14/+47
\|\ \ \ \ \ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add test for factories
\| * \| \| \| \| \|	add test for factories	Bernhard Posselt	2015-07-25	2	-14/+47
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	use ref for factory test use a factory for registerAlias Ensure we construct SimpleContainer Use single instance of DIContainer in routing tests
* \| \| \| \| \| \|	Merge pull request #17868 from owncloud/x-forwarded-for	Thomas Müller	2015-08-11	1	-1/+48
\|\ \ \ \ \ \ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Set default 'forwarded for' headers for reverse proxy
\| * \| \| \| \| \| \|	Add setup check for reverse proxy header configuration	Robin McCorkell	2015-08-10	1	-1/+48
\| \| \| \| \| \| \| \|