nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Lukas Reschke	52add798d4	Do not automatically try to enable index.php-less URLs (#24539 ) The current logic for mod_rewrite relies on the fact that people have properly configured ownCloud, basically it reads from the `overwrite.cli.ur l` entry and then derives the `RewriteBase` from it. This usually works. However, since the ownCloud packages seem to install themselves at `/owncloud` (because subfolders are cool or so…) _a lot_ of people have just created a new Virtual Host for it or have simply symlinked the path etc. This means that `overwrite.cli.url` is wrong, which fails hard if it is used as RewriteBase since Apache does not know where it should serve files from. In the end the ownCloud instance will not be accessible anymore and users will be frustrated. Also some shared hosters like 1&1 (because using shared hosters is so awesome… ;-)) have somewhat dubious Apache configurations or use versions of mod_rewrite from the mediveal age. (because updating is money or so…) Anyhow. This makes this explicitly an opt-in configuration flag. If `htaccess.RewriteBase` is set then it will configure index.php-less URLs, if admins set that after installation and don't want to wait until the next ownCloud version they can run `occ maintenance:update:htaccess`. For ownCloud 9.0 we also have to add a repair step to make sure that instances that already have a RewriteBase configured continue to use it by copying it into the config file. That way all existing URLs stay valid. That one is not in this PR since this is unneccessary in master. Effectively this reduces another risk of breakage when updating from ownCloud 8 to ownCloud 9. Fixes https://github.com/owncloud/core/issues/24525, https://github.com/owncloud/core/issues/24426 and probably some more.	9 years ago
Lukas Reschke	24abe1e1e1	Use raw PATH_INFO PATH_INFO will be empty at this point and thus the logic in base.php did not catch this. Changing this to "getRawPathInfo" will ensure that the path info is properly read. Fixes https://github.com/owncloud/core/issues/23199	9 years ago
Lukas Reschke	ee84017192	always_populate_raw_post_data has been removed with PHP 7.0	9 years ago
Lukas Reschke	2cfde7cd0b	Duplicate block for PHP 7	9 years ago
Stephan Köninger	73a7c45dd4	Allow jpg files to be statically served When using an background image in themes of type JPG, the current setting of owncloud's htaccess file does not allow to deliver these kinds of images as static content. Adding the file extensions as done in this commit, it works flawlessly.	9 years ago
Lukas Reschke	bc4a043a76	Add base rewrite rule only when RewriteBase is defined In case Apache is configured with an `Alias` such as with the ownCloud packages the rewrite rules will fail when no valid RewriteBase is configured.	9 years ago
Lukas Reschke	0a624c0f1e	Exclude ocs-provider from rewrite rule Otherwise `localhost/ocs-provider/` cannot be accessed if mod_rewrite is install ed. Only affects master.	9 years ago
Victor Dubiniuk	4ced903427	Do not rewrite updater requests	9 years ago
Lukas Reschke	4d0dcd3c53	Add X-Download-Options and X-Permitted-Cross-Domain-Policies Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---	9 years ago
Lukas Reschke	28165876fc	Remove CSP stuff from .htaccess 😢 Seems like Apache is inconsistent fun between versions. Let's remove it thus for now.	9 years ago
Jörn Friedrich Dreyer	047008e9e3	always check if the csp is empty	9 years ago
Lukas Reschke	1ae30d1d9c	Use setifempty to please incompatible httpd versions Some httpd versions have problem with the old logic leading to resourced served with multiple headers.	9 years ago
Morris Jobke	2f53866668	Allow ico files to be served statically	9 years ago
mbi	1aff941be6	Do not rewrite letsencrypt .well-known URI	9 years ago
Lukas Reschke	235094ab54	Remove version check out of .htaccess This can now be achieved using the new code signing.	9 years ago
Lukas Reschke	3bce1b20fe	Add DirectorySlash to dynamic .htaccess write When `DirectorySlash off` is set then Apache will not lookup folders anymore. This is required for example when we use the rewrite directives on an existing path such as `/core/search`. By default Apache would load `/core/search/` instead `/core/search` so the redirect would fail here. This leads however to the problem that URLs such as `localhost/owncloud` would not load anymore while `localhost/owncloud/` would. This has caused problems such as https://github.com/owncloud/core/pull/21015 With this change we add the `DirectorySlash off` directive only when the `.htaccess` is writable to the dynamic part of it. This would also make `localhost/owncloud` work again as it would trigger the 404 directive which triggers the redirect in base.php.	9 years ago
Lukas Reschke	37efc1d1e1	Allow .ico files Makes `/core/img/favicon.ico` accessible again via web.	9 years ago
Lukas Reschke	7b9bc721e9	Add CSP header to static resources Fixes https://github.com/owncloud/core/issues/16164	9 years ago
mbi	27f420e0a7	Allow .well-known URI for letsencrypt See https://letsencrypt.readthedocs.org/en/latest/using.html#webroot	9 years ago
Morris Jobke	65b4d97a2a	fix indentation	9 years ago
Lukas Reschke	a936107c5c	Append PATH_INFO to ensure that file can be loaded on update	9 years ago
Lukas Reschke	f87dca95f1	Disable MultiView + DirectorySlash Required for routes that might otherwise collide with existing folders on the system	9 years ago
Lukas Reschke	002e719789	Set "SetEnv" within base `.htaccess` file mod_rewrite as used by the front controller may require a `RewriteBase` in case the installation is done using an alias. Since we cannot enforce a writable `.htaccess` file this will move the `front_controller_active` environment variable into the main .htaccess file. If administrators decide to have this one not writable they can still enable this feature by setting the `front_controller_active` environment variable within the Apache config.	9 years ago
Lukas Reschke	2515cb17be	Support pretty URLs This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore. Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons. Examples: http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/ Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)	9 years ago
Thomas Müller	7451e5bebc	Update .well-known redirects to the new dav endpoint This reverts commit `68321efd29`.	9 years ago
Thomas Müller	68321efd29	Revert "Update .well-known redirects to the new dav endpoint" This reverts commit `d831c255ea`.	9 years ago
Thomas Müller	d831c255ea	Update .well-known redirects to the new dav endpoint	9 years ago
RealRancor	e30e6710dc	Add mod_proxy_fcgi and mod_fastcgi to .htaccess	9 years ago
RealRancor	64cb226bfb	Remove legacy non-working rewrites in .htaccess	9 years ago
Joas Schilling	6ca58cd856	Master is now 9.0.0 development	9 years ago
RealRancor	c3dfa3ccad	Fix .htaccess: php_value should be integer	9 years ago
Morris Jobke	df81019a1e	properly indent .htaccess	9 years ago
Frank Karlitschek	2eb9936d77	This will be 8.2 in the future	10 years ago
Lukas Reschke	9d1ce53cb1	Add some generic default headers as well via PHP	10 years ago
Wolfgang Karall	6cc50ecfab	use permanent redirect for .well-known/(cal\|card)dav, add 'L' flag	10 years ago
Lukas Reschke	bbd5f28415	Let users configure security headers in their Webserver Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.	10 years ago
Lukas Reschke	d201f1c47e	Fix version rev	10 years ago
Frank Karlitschek	270d404ee2	This is 8.0.1 now	10 years ago
Lukas Reschke	43641d917b	Use "off" and "off" instead of true booleans Apparently a boolean in php.ini is according to the documentation "on" or "off"… Fixes itself.	10 years ago
Lukas Reschke	9b46e3b3d5	Add expected values to default config as well	10 years ago
Fernando Rodriguez Sela	66b584ae7e	Setting default charset to UTF-8 in .htaccess and .user.ini	10 years ago
Lukas Reschke	20199dd168	Reference module with `.c` Fixes https://github.com/owncloud/core/issues/13657	10 years ago
Lukas Reschke	bb80cf4eca	Add check for `HTTP_RAW_POST_DATA` setting for >= 5.6 PHP 5.6 otherwise throws notices for perfectly valid code which results in broken endpoints. Fixes https://github.com/owncloud/core/issues/13592	10 years ago
Lukas Reschke	7fbb7f4dc4	Add version to .htaccess Currently if a user does not replace the .htaccess file with the new update this can lead to serious problems in case Apache is used as webserver. This commit adds the version to the .htaccess file and the update routine fails in case not the newest version is specified in there. This obviously means that every release has to update the version specified in .htaccess as well. But I see no better solution for it. Conflicts: lib/private/updater.php	10 years ago
Morris Jobke	e97219cf75	escape . in htaccess regex for CSS and JS HTTP headers	10 years ago
Robert Jäckel	1a6928f447	blocked 3rdparty instead of l10n	10 years ago
Robert Jäckel	8c3bf139ff	restrict access to public files only use mod_rewrite to pretend theese files are not existend for security purposes	10 years ago
Thomas Müller	4b5c7d3d9d	adding cache control headers for css and js - fixes #11496	10 years ago
Lukas Reschke	bd4f3849a3	That file was accidentally commited. Partially revert `f2fc214ce0`	11 years ago
Lukas Reschke	f2fc214ce0	Add deprecation notice to load* functions This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way. Port of https://github.com/owncloud/core/pull/9033	11 years ago

1 2 3

142 Commits (6772f41e086eba2d2e97b0bc201b06b3981aa2ad)