Граф коммитов

138 Коммитов

Автор SHA1 Сообщение Дата
Thomas Müller e307406486 Merge pull request #20966 from knox/master
Do not rewrite letsencrypt .well-known URI
2016-01-07 17:16:51 +01:00
Morris Jobke 2f53866668 Allow ico files to be served statically 2016-01-06 13:45:11 +01:00
mbi 63974992f9 Merge branch 'master' into master 2015-12-30 10:34:42 +01:00
Thomas Müller f831d93f3f Merge pull request #20878 from owncloud/proper-htaccess-support-in-code-signing-checker
Also run .htaccess routine when installing on another system than Apache
2015-12-11 11:46:37 +01:00
mbi 1aff941be6 Do not rewrite letsencrypt .well-known URI 2015-12-08 21:11:38 +01:00
mbi 508c46a112 Merge branch 'master' into master 2015-12-08 21:02:52 +01:00
Lukas Reschke 235094ab54 Remove version check out of .htaccess
This can now be achieved using the new code signing.
2015-12-08 08:16:23 +01:00
Lukas Reschke 3bce1b20fe Add DirectorySlash to dynamic .htaccess write
When `DirectorySlash off` is set then Apache will not lookup folders anymore. This is required for example when we use the rewrite directives on an existing path such as  `/core/search`. By default Apache would load `/core/search/` instead `/core/search` so the redirect would fail here.

This leads however to the problem that URLs such as `localhost/owncloud` would not load anymore while `localhost/owncloud/` would. This has caused problems such as https://github.com/owncloud/core/pull/21015

With this change we add the `DirectorySlash off` directive only when the `.htaccess` is writable to the dynamic part of it. This would also make `localhost/owncloud` work again as it would trigger the 404 directive which triggers the redirect in base.php.
2015-12-08 08:10:55 +01:00
Lukas Reschke 37efc1d1e1 Allow .ico files
Makes `/core/img/favicon.ico` accessible again via web.
2015-12-07 17:15:04 +01:00
Lukas Reschke 7b9bc721e9 Add CSP header to static resources
Fixes https://github.com/owncloud/core/issues/16164
2015-12-07 15:50:09 +01:00
mbi 27f420e0a7 Allow .well-known URI for letsencrypt
See https://letsencrypt.readthedocs.org/en/latest/using.html#webroot
2015-12-05 23:22:26 +01:00
Morris Jobke 65b4d97a2a fix indentation 2015-12-02 10:51:52 +01:00
Lukas Reschke a936107c5c Append PATH_INFO to ensure that file can be loaded on update 2015-12-01 20:15:45 +01:00
Lukas Reschke f87dca95f1 Disable MultiView + DirectorySlash
Required for routes that might otherwise collide with existing folders on the system
2015-12-01 19:57:03 +01:00
Lukas Reschke 002e719789 Set "SetEnv" within base `.htaccess` file
mod_rewrite as used by the front controller may require a `RewriteBase` in case the installation is done using an alias. Since we cannot enforce a writable `.htaccess` file this will move the `front_controller_active` environment variable into the main .htaccess file. If administrators decide to have this one not writable they can still enable this feature by setting the `front_controller_active` environment variable within the Apache config.
2015-12-01 19:06:48 +01:00
Lukas Reschke 2515cb17be Support pretty URLs
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.

Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.

Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP
http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/

Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
2015-12-01 16:46:07 +01:00
Thomas Müller 7451e5bebc Update .well-known redirects to the new dav endpoint
This reverts commit 68321efd29.
2015-11-18 17:41:03 +01:00
Thomas Müller 68321efd29 Revert "Update .well-known redirects to the new dav endpoint"
This reverts commit d831c255ea.
2015-11-18 17:38:46 +01:00
Thomas Müller d831c255ea Update .well-known redirects to the new dav endpoint 2015-11-18 17:37:07 +01:00
RealRancor e30e6710dc Add mod_proxy_fcgi and mod_fastcgi to .htaccess 2015-11-17 22:01:36 +01:00
RealRancor 64cb226bfb Remove legacy non-working rewrites in .htaccess 2015-10-15 14:22:43 +02:00
Joas Schilling 6ca58cd856 Master is now 9.0.0 development 2015-10-14 07:40:06 +02:00
RealRancor c3dfa3ccad Fix .htaccess: php_value should be integer 2015-09-29 17:08:20 +02:00
Morris Jobke df81019a1e properly indent .htaccess 2015-08-16 15:40:03 +02:00
Frank Karlitschek 2eb9936d77 This will be 8.2 in the future 2015-07-01 10:06:26 -04:00
Lukas Reschke 5fdc1716d2 Merge pull request #15042 from wolfgangkarall/master
.htaccess RewriteRules: use permanent redirect for .well-known/(cal|card)dav, add 'L' flag
2015-03-30 16:22:36 +02:00
Lukas Reschke 9d1ce53cb1 Add some generic default headers as well via PHP 2015-03-26 22:32:57 +01:00
Wolfgang Karall 6cc50ecfab use permanent redirect for .well-known/(cal|card)dav, add 'L' flag 2015-03-19 21:31:50 +01:00
Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Lukas Reschke d201f1c47e Fix version rev 2015-02-28 00:47:43 +01:00
Frank Karlitschek 270d404ee2 This is 8.0.1 now 2015-02-28 00:39:41 +01:00
Lukas Reschke 43641d917b Use "off" and "off" instead of true booleans
Apparently a boolean in php.ini is according to the documentation "on" or "off"…

Fixes itself.
2015-02-23 09:40:15 +01:00
Lukas Reschke 9b46e3b3d5 Add expected values to default config as well 2015-02-21 12:17:59 +01:00
Fernando Rodriguez Sela 66b584ae7e Setting default charset to UTF-8 in .htaccess and .user.ini 2015-02-10 09:39:06 +01:00
Lukas Reschke 20199dd168 Reference module with `.c`
Fixes https://github.com/owncloud/core/issues/13657
2015-01-28 13:15:32 +01:00
Lukas Reschke bb80cf4eca Add check for `HTTP_RAW_POST_DATA` setting for >= 5.6
PHP 5.6 otherwise throws notices for perfectly valid code which results in broken endpoints.

Fixes https://github.com/owncloud/core/issues/13592
2015-01-22 13:50:38 +01:00
Lukas Reschke 7fbb7f4dc4 Add version to .htaccess
Currently if a user does not replace the .htaccess file with the new update this can lead to serious problems in case Apache is used as webserver.

This commit adds the version to the .htaccess file and the update routine fails in case not the newest version is specified in there. This obviously means that every release has to update the version specified in .htaccess as well. But I see no better solution for it.

Conflicts:
	lib/private/updater.php
2015-01-08 12:49:02 +01:00
Morris Jobke e97219cf75 escape . in htaccess regex for CSS and JS HTTP headers 2015-01-05 10:23:24 +01:00
Robert Jäckel 1a6928f447 blocked 3rdparty instead of l10n 2014-11-27 17:33:45 +01:00
Robert Jäckel 8c3bf139ff restrict access to public files only
use mod_rewrite to pretend theese files are not existend for security purposes
2014-11-27 17:14:27 +01:00
Thomas Müller 4b5c7d3d9d adding cache control headers for css and js - fixes #11496 2014-10-14 06:36:53 +02:00
Lukas Reschke bd4f3849a3 That file was accidentally commited. Partially revert f2fc214ce0 2014-06-16 20:38:21 +02:00
Lukas Reschke f2fc214ce0 Add deprecation notice to load* functions
This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way.

Port of https://github.com/owncloud/core/pull/9033
2014-06-16 20:33:04 +02:00
Lukas Reschke ac7fb1b23e Remove legacy routing code
The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application.

This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app.

Testplan:
[x] Installation works
[x] Login with DB works
[x] Logout works
[x] Login with alternate backend works (tested with user_webdavauth)
[x] Other apps are accessible
[x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled)
[x] Personal settings are accessible
[x] Admin settings are accessible
[x] Sharing files works
[x] DAV works
[x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications
2014-06-05 11:45:45 +02:00
Felix Eckhofer 61ca269292 Remove trailing tab 2014-04-28 09:06:26 +02:00
Felix Eckhofer 460d06c235 Escape literal dots in mod_rewrite regexes 2014-04-28 09:06:26 +02:00
Lukas Reschke 357fdb1a4d Remove .htaccess creation code
1. We're maintaining the same code twice which leads inevitably to problems as this one. The createHtaccess routine is only used to use the correct paths to the 404 and 403 document.
2. Updating the ownCloud instance as described in our documentation (`Delete everything from your ownCloud installation directory, except data and config.`) will break the links to the ErrorDocuments anyways and show the default error handlers if ownCloud is not installed in the root directory.
2014-02-28 11:59:30 +01:00
Thomas Müller 269f24cf96 remove css files from rewrite rule - there is no need to rewrite css any more 2014-01-23 21:28:19 +01:00
Thomas Müller 5eef107344 turn off mod_pagespeed 2014-01-08 07:56:08 +01:00
Thomas Tanghus 78559c0863 disable mbstring.func_overload 2013-05-10 02:13:59 +03:00
Daniel Molkentin a86fe7920b Try to prefer index.php over index.html in the same directory
Add JS redirect if that fails (HTTP-based redirects are disabled by
default in more recent Firefox versions).
2013-04-24 15:11:53 +02:00
Myles McNamara ef2e84026e remove php_value
php_value can only be used with mod_php, using it with FCGI will cause 500 Internal Server errors.  This needs to be set in php.ini manually or set using ini_set().
2013-03-07 23:30:56 -05:00
Brice Maron 6c26214955 Refix #1931 2013-02-27 17:51:28 +01:00
Thomas Müller f3a8bf9260 Merge pull request #1931 from owncloud/fastcgi
add cgi pathinfo when fcgi is enabled #1189
2013-02-26 12:40:12 -08:00
Bernhard Posselt 26d5992161 add cgi pathinfo when fcgi is enabled #1189 2013-02-26 18:00:07 +01:00
Bernhard Posselt 023f19e929 added defaultcharset to utf-8 in htaccess 2013-02-26 17:38:59 +01:00
Michiel de Jong e37dd7aa82 add /.well-known/host-meta.json to .htaccess 2012-11-10 20:00:28 -06:00
Stefan Seidel 8f669880bc Fix WebDAV (and Android Client) not being able to authorize on Debian Squeeze + mod_fcgid installs. 2012-11-09 13:30:07 +01:00
Robin Appelman 6bc156ba69 add svg mimetype to default htaccess 2012-10-28 16:03:52 +01:00
Robin Appelman f1b10fcc93 update translations 2012-06-06 00:29:44 +02:00
Georg Ehrke 9e83c3f823 add caldav and carddav files in their old place for backward compatibility - add rewriterule for caldav and carddav 2012-05-16 21:05:15 +02:00
Michiel de Jong 4c6d11e223 move auth.css and remoteStorage-big.png to assets folders From where they can be included 2012-05-14 17:05:35 +02:00
Georg Ehrke 3f86fd5193 remove redirects in htaccess to improve compatibility with desktop client 2012-05-14 15:42:16 +02:00
Michiel de Jong 02cee2c562 trying to fix /.well-known/host-meta 2012-05-11 10:47:42 +02:00
Georg Ehrke a69c53caef remove empty line in .htaccess 2012-05-10 18:14:59 +02:00
Georg Ehrke 9bdd00c0f2 update htaccess file and remove remote folder 2012-05-07 11:54:42 +02:00
Bart Visscher f69f764e8b Working remote.php with webdav and caldav 2012-05-06 00:12:51 +02:00
Bart Visscher b62a8ba0f8 Better regex for old apps rewrite rule 2012-05-03 17:33:57 +02:00
Bart Visscher ec98ecff05 Catch old app paths, change them to new form 2012-05-02 21:36:33 +02:00
Georg Ehrke da03d05700 create folder 'remote' for the remote services like caldav, carddav and webdav 2012-05-02 16:41:23 +02:00
Bart Visscher ea99e1184d Add well-known redirects to htaccess
Fixes:
http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-232
http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-445
2012-04-15 17:11:03 +02:00
Georg Ehrke ec40f69c9e add error 403 site 2012-03-25 14:16:39 +02:00
Stefan Göckeritz d9db6e73d8 bugfix for oc-236 2012-02-10 19:40:18 +01:00
Robin Appelman 4c8f17ad47 don't try to use mod_rewrite when it isn't enabled
having a broken web/card/caldav is much better as having no ownCloud at all :)
2012-01-03 04:55:57 +01:00
Bartek Przybylski 3c42867109 merged 2011-12-21 18:35:29 +01:00
Sean Leonard 70014c4fd0 Removed if !mod_php5.c around RewriteRule
Made things work on Dreamhost shared hosting
2011-11-04 17:16:01 -07:00
Bartek Przybylski 865be6064a adjusting to new db "api", merge with master 2011-10-27 21:16:04 +02:00
Georg Ehrke a01d10e57d Merge branch 'master' into calendar 2011-10-13 21:59:16 +02:00
Robin Appelman f1fd374a6f webdav workaround for apache+php-cgi 2011-10-13 16:33:39 +02:00
Bartek Przybylski c3d7ffc877 adding tmp icon for app, extending memory size for php in .htaccess 2011-10-02 17:52:11 +02:00
Bartek Przybylski 339d417420 removing add new album button, removing logs, and unused code 2011-10-01 22:36:01 +02:00
Tom Needham 1f74e76d83 Implemented ace-edtior as an app. Basic file editing and saving supported. 2011-09-28 15:15:04 +01:00
Robin Appelman d851bdac90 fix .htaccess file crashing apache+php-cgi 2011-08-22 17:18:54 +02:00
Robin Appelman 3747ba928f Set max upload size to something sane
we cant use a very high value since some apache configurations dont seem to handle it properly
2011-08-12 09:46:35 +02:00
Robin Appelman 0bcb4a6a8f set default max upload size in the .htaccess file to something rediculous
and don't show the max filesize message when the limit is over 10GB
2011-08-11 21:00:18 +02:00
Kamil Domanski 2073d3b08e fix 404 2011-06-23 23:47:46 +02:00
Kamil Domanski 5aa8f16bbf forbid indexes 2011-06-23 23:14:09 +02:00
Robin Appelman 1eb0faa264 make fileactions extendable by plugins 2011-06-04 20:16:44 +02:00