upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-14 13:38:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12
Cloud personnel
26806 commits 886 branches 1195 tags 7.1 GiB
PHP 54.7%
JavaScript 36.8%
Vue 3.6%
TypeScript 3.1%
Gherkin 1.2%
Other 0.6%
Find a file
Lukas Reschke 3adbfbfd69 Use / instead of an empty string as cookie path 
When an empty string is used as cookie path PHP will assign the current directory as cookie path.

This means when an user had installed an ownCloud under "/", which is mapped to an empty string in \OC::$WEBROOT, and accessed it the cookie was set to values such as "/index.php/apps/files" since the web browser assumed this to be a directory. This means that multiple encryption cookies were set for the same domain resulting in potential havoc.

With this patch the path will be set to "/" in case an empty web root is installed which makes the cookie accessible to the whole domain.

To test this setup multiple ownCloud instances on the same domain under different ports and have both installed under "/", then try to login in both of it and previously this can in some cases lead to a lockout of the user.

Note that this affects the cookies that the browsers do sent and thus to test this you need to clear all cookies from your browser previously. I consider this an acceptable behaviour for now since this code is only in master.

Fixes https://github.com/owncloud/core/issues/18919
2015-09-14 11:22:34 +02:00
.idea Add newline that was removed by 15be763d46 2014-12-10 09:38:32 +01:00
3rdparty@b94f7d38f6 [provisioning api] Test for correct displayname 2015-08-11 13:01:37 +02:00
apps [tx-robot] updated from transifex 2015-09-14 01:55:35 -04:00
build Implement OCP Since Check for classes and interfaces 2015-07-27 10:49:45 +02:00
config Merge pull request #18658 from owncloud/configurable-temp 2015-09-12 22:04:41 +02:00
core [tx-robot] updated from transifex 2015-09-14 01:55:35 -04:00
l10n Adding simple script to remove language files from core 2015-08-26 12:19:58 +02:00
lib Use / instead of an empty string as cookie path 2015-09-14 11:22:34 +02:00
ocs Check if files_sharing is actually enabled before using it 2015-09-09 14:56:49 +01:00
ocs-provider Add endpoint with list of OCS providers 2015-06-27 18:23:49 +02:00
settings [tx-robot] updated from transifex 2015-09-14 01:55:35 -04:00
tests Merge pull request #18658 from owncloud/configurable-temp 2015-09-12 22:04:41 +02:00
themes [example theme] make it easier for non PHP people to understand what to change 2015-09-10 11:03:00 +02:00
.bowerrc ability to add bower resources 2014-11-03 20:54:40 +01:00
.gitignore add example theme 2015-05-22 02:17:46 +02:00
.gitmodules use https as submodule url 2014-03-21 19:38:22 +01:00
.htaccess properly indent .htaccess 2015-08-16 15:40:03 +02:00
.jshintrc enable laxbreak option in jshintrc to comply with our coding guide lines 2014-11-04 12:51:54 +01:00
.mailmap add additional email address for Georg 2015-06-25 14:14:14 +02:00
.scrutinizer.yml Update comment 2015-06-28 17:06:49 +02:00
.tag Add .tag file to make tar balls tracable 2014-06-14 17:40:32 +02:00
.user.ini Use "off" and "off" instead of true booleans 2015-02-23 09:40:15 +01:00
AUTHORS Add myself as author 2014-09-19 17:24:12 +02:00
autotest-external.sh Allow easy XDEBUG debugging with autotest 2015-08-31 14:22:02 +01:00
autotest-hhvm.sh Combine autotest-hhvm.sh with autotest.sh 2015-05-04 16:37:23 +02:00
autotest-js.sh remove 'set -e' - causes issues during ci execution 2014-09-12 15:42:50 +02:00
autotest.cmd Restore the development config after running the tests 2014-12-02 12:41:33 +01:00
autotest.sh Allow easy XDEBUG debugging with autotest 2015-08-31 14:22:02 +01:00
bower.json add backbone.js 2015-08-06 00:00:40 +02:00
buildjsdocs.sh Added script to build the JS documentation 2014-10-31 13:27:36 +01:00
console.php Fix the config.php owner check for console.php 2015-07-09 23:19:52 +02:00
CONTRIBUTING.md Add information how to report security bugs 2015-05-29 19:28:45 +02:00
COPYING-AGPL Really add AGPL file 2011-02-09 15:12:09 +00:00
COPYING-README correct icon license, we use Elementary icons, not Silk anymore 2014-07-15 11:35:49 +02:00
cron.php Add a session wrapper to encrypt the data before storing it on disk 2015-08-21 17:59:23 +02:00
db_structure.xml Merge pull request #17662 from owncloud/locking-db 2015-08-26 03:56:37 +02:00
index.html Try to prefer index.php over index.html in the same directory 2013-04-24 15:11:53 +02:00
index.php Update license headers 2015-03-26 11:44:36 +01:00
indie.json add indie.json for Indie App Store listing 2014-06-29 22:03:24 +02:00
issue_template.md Add example command to the issue_template.md 2015-07-07 11:18:25 +02:00
occ Use a more universal shebang 2014-11-19 17:34:03 +01:00
public.php update license headers and authors 2015-06-25 14:13:49 +02:00
README.md Update version to 8.2 in README and bower 2015-07-07 10:21:20 +02:00
remote.php Avoid logging normal exceptions in remote.php 2015-08-18 14:02:30 +01:00
robots.txt Add robot.txt 2013-01-28 16:39:53 -06:00
status.php Add CORS header to status.php so that we can migrate to a JS based check in the future 2015-08-22 14:44:02 +02:00
version.php Restrict upgrades to explicit allowed version 2015-08-30 18:04:18 +02:00

README.md

ownCloud

ownCloud gives you freedom and control over your own data. A personal cloud which runs on your own server.

Build Status on Jenkins CI

Git master: Build Status

Quality:

  • Scrutinizer: Scrutinizer Quality Score
  • CodeClimate: Code Climate

Depencencies:

Dependency Status

Dependency Status

Installation instructions

https://doc.owncloud.org/server/8.2/developer_manual/app/index.html

Contribution Guidelines

https://owncloud.org/contribute/

Get in touch

Important notice on translations

Please submit translations via Transifex: https://www.transifex.com/projects/p/owncloud/

Transifex

For more detailed information about translations: http://doc.owncloud.org/server/8.2/developer_manual/core/translation.html