036f871d01
Merge pull request #31492 from nextcloud/fix/check-secret-configured
2022-04-26 17:28:51 +07:00
e50d78e11a
use and cache root storage info if a share can't be resolved
...
as is a broken share will never be cached
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-04-22 15:29:27 +07:00
9a76f06eca
Merge pull request #31751 from nextcloud/theming-providers
2022-04-22 12:32:14 +07:00
bdfef2dbd1
cache storage info in memcache for 5m
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-04-21 16:48:01 +07:00
b3cf312edc
Start theming providers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-04-21 09:29:33 +07:00
018ca43c09
Merge pull request #31876 from nextcloud/bugfix/noid/fix-getCurrentApp-from-cli
...
Fix \OC_App::getCurrentApp() when being called from CLI or phpunit
2022-04-07 17:09:51 +07:00
fb7f65a687
Merge pull request #25747 from nextcloud/XAccelBuffering
...
Add X-Accel-Buffering header to downloads
2022-04-07 15:08:21 +07:00
d96633916c
Log exception
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-04-07 14:45:58 +07:00
a06ba88502
Fix \OC_App::getCurrentApp() when being called from CLI or phpunit
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-04-07 14:08:37 +07:00
b8b4d247b4
Merge pull request #31194 from nextcloud/feat/allow-to-exclude-groups-from-password-enforcement
...
Allow to disable password policy enforcement for selected groups
2022-04-06 10:13:23 +07:00
a29251e02d
Allow to disable password policy enforcement for selected groups
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Co-authored-by: Vincent Petry <vincent@nextcloud.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
2022-04-05 17:04:17 +07:00
5ae6cefd57
dont re-query fileinfo when getting dav quota
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-03-28 15:57:28 +07:00
ea0e45d81e
Remove legacy Internet Explorer headers
...
X-UA-Compatible and X-Download-Options headers are interpreted or relevant for Internet Explorer only. With the deprecation of Internet Explorer support in Nextcloud 20 and planned support removal already in Nextcloud 22, these became obsolete and are hereby removed, including their removal from setup checks.
Signed-off-by: MichaIng <micha@dietpi.com>
2022-03-19 18:17:46 +07:00
0e58c113a5
Only check if secret is set if the nextcloud is installed
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-03-09 14:39:59 +07:00
e6161af662
Also check for instanceid and passwordhash
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-03-09 13:36:06 +07:00
7496bf3461
Require the secret config to be configured
...
If it's not configured the instance will look like it is working but
various features will silently break (end to end encryption, setting
alternate email and probably more).
One issue is that changing the secret from empty to something will
break various other stuff (app token). I don't think there is a good way
to solve this issue other than breaking early instead of having to
handle a painful migration later on.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-03-08 23:11:08 +07:00
5c0fe93498
move teardown logic to SetupManager
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-03-04 16:29:50 +07:00
15ff65c12f
start moving filesystem setup logic to it's own place
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-03-04 16:29:47 +07:00
8b22a463e9
Merge pull request #31266 from nextcloud/root-setup-mountprovider
...
move root mount setup to mountproviders
2022-03-04 13:44:05 +07:00
eede608c0e
Add event logging to app loading
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-02-28 11:24:41 +07:00
8b7c8447a0
move root mount setup to mountproviders
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-02-24 17:21:42 +07:00
de260001f1
handle setupFS with null user
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-02-09 16:01:36 +07:00
b799fd40e9
dont mark fs as setup when no user is active
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-02-09 16:01:31 +07:00
1ab58eff0f
pass user object during fs init
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-02-09 16:01:24 +07:00
0217949715
only setup part of the filesystem for appdata requests
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-02-09 16:01:21 +07:00
a355410b88
Use the unjailed-path in OC_Helper::getStorageInfo() for files located in SharedStorage.
...
The current implementation already switches the storage-backend to
$storage->getSourceStorage(). However, it then calls
$rootInfo->getInternalPath() which returns the internal path relative to
the storage where the share is mounted. This is wrong, we need also to
unjail the path. Compare, e.g., with
OCA\Files_Sharing\SharedStorage::file_get/put_contents() for the
"logic".
Signed-off-by: Claus-Justus Heine <himself@claus-justus-heine.de>
2022-02-03 10:05:49 +07:00
73e3d06781
Merge pull request #30855 from nextcloud/psalm/theming
2022-01-27 20:04:02 +07:00
04c9de7312
Add deprecation notice to script & addScript func
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2022-01-27 11:04:30 +07:00
e3a12b3482
Fix psalm issues in theming app
...
After this change, we are down to only one psalm warning for this app
and related to the Application.php. This also make composer
psam:update-baseline not silently ignore new errors.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-01-26 14:26:58 +07:00
854890a734
Add X-Accel-Buffering header to downloads
...
Signed-off-by: Unpublished <unpublished@gmx.net>
2022-01-17 08:17:12 +07:00
89d109a4d9
Merge pull request #30508 from nextcloud/fix/psaml-bin
...
Fix psalm not running
2022-01-13 09:51:04 +07:00
6312c0df69
Check style update
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-01-13 00:19:07 +07:00
c47406ad3c
Merge pull request #30291 from nextcloud/image-memory-limit
...
Prevent loading images that would require too much memory.
2022-01-11 13:35:56 +07:00
d3d65e5c88
Prevent loading images that would require too much memory.
...
For most image formats, the header specifies the width/height.
PHP allocates an image object from that size, even if the actual
image data is much smaller. This image object size is not limited
by the limit configured in PHP.
The memory limit can be configured through "config.php" setting
"preview_max_memory" and defaults to 128 MBytes which should be
enough for most images without filling up all memory.
Signed-off-by: Joachim Bauch <bauch@struktur.de>
2022-01-11 11:44:38 +07:00
d3661c7d38
Deprecate script function
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2022-01-08 10:15:48 +07:00
806a176a57
Move backgroundjob script after main core scripts
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2022-01-08 10:14:53 +07:00
87d0904b6f
Split common vendor chunk
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2022-01-08 10:14:50 +07:00
b664aad7ab
Move bundles to /dist
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2022-01-08 10:11:58 +07:00
5cb51916de
l10n: Add a text string to translation
...
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-12-20 08:52:12 +07:00
bd1264ef7f
l10n: Add <code>
...
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-12-15 17:50:18 +07:00
4f99385311
l10n: Add <code>
...
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-12-15 17:47:41 +07:00
ebc3169105
l10n: Separate words and add dots
...
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-12-15 17:37:00 +07:00
8504f0a59e
Avoid assignment in if clause
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2021-12-06 14:26:27 +07:00
ab3a1d5706
Fix typing problems in OC_Image
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2021-12-06 14:26:26 +07:00
d537226368
Avoid calling image* methods on boolean
...
This avoids fatal errors on PHP>=8, and warnings on older versions.
Log should also be clearer.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2021-12-06 14:26:09 +07:00
e296417ca2
Merge pull request #29527 from nextcloud/rakekniven-patch-1
2021-12-04 12:08:16 +07:00
71a3528510
Allow scripts prioritization based on other apps
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-12-02 20:00:46 +07:00
aaad09220d
Remove files_iedavclient
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
2021-11-30 14:47:45 +07:00
c624c7eb5d
Merge pull request #29966 from nextcloud/feat/remove-isIE
2021-11-30 14:04:05 +07:00
a325141545
Remove isIE and associated legacy scripts
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-11-30 13:03:08 +07:00
0d749b7e9a
Remove iconv from dependencies and tests
...
which is not used anymore since: https://github.com/nextcloud/server/pull/29470
Signed-off-by: MichaIng <micha@dietpi.com>
2021-11-30 02:33:12 +07:00
1efdd6ccae
Merge pull request #29632 from nextcloud/fix/26118/imagecreatetruecolor-error
...
fix imagecreatetruecolor() error
2021-11-19 17:24:50 +07:00
6fc8694324
OC_Util::isNonUTF8Locale: fix lint error
...
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
2021-11-16 21:05:43 +07:00
c42c972ab0
OC_Util::isSetLocaleWorking: fix typo
...
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
2021-11-16 00:46:21 +07:00
e9b414fbe3
OC_Util: Add fallbacks to check if current locale is UTF8
...
Using escapeshellcmd to get current locale causes error
if the function is disabled.
Add fallbacks to prevent the error.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
2021-11-16 00:40:52 +07:00
d2eb5aaa6d
Check whether setlocale works only after setlocale
...
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
2021-11-14 09:18:59 +07:00
455bff5c17
Fix missing setlocale with php 8
...
When php version = 8, basename('§') does not bug even if LC_ALL is non-UTF-8 locale.
This cause OC_Util::isSetLocaleWorking() to skip setlocale("C.UTF-8").
Fix it by using escapeshellcmd instead of basename.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
2021-11-14 09:18:59 +07:00
3ac316b77f
fix imagecreatetruecolor() error
...
Signed-off-by: szaimen <szaimen@e.mail.de>
2021-11-10 15:50:15 +07:00
b7d0babcb8
Added dot at end of sentence.
...
The full message in the UI is composed by a few strings. Therefore the single parts needs an dot at the end.
Signed-off-by: rakekniven <2069590+rakekniven@users.noreply.github.com>
2021-11-02 22:11:31 +07:00
3631789651
Fix resource usages in OC_Image
...
This makes sure using resource or GdImage (PHP>=8) behaves the same.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2021-10-28 17:48:43 +07:00
06611e4780
Revert "Fix "never catch" catches in OC_App"
2021-10-25 08:41:56 +07:00
9cb0b8c713
Fix "never catch" catches in OC_App
...
Need to check another legacy. Need to explicitly add to use or do not forget add slash `\`
2021-10-22 09:29:03 +07:00
581862b51b
Merge pull request #29187 from nextcloud/fix/noid/passwordless-app-password-generation
2021-10-13 16:11:22 +07:00
0d2c2ab629
allow null password in UserLoggedInEvent
...
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
2021-10-13 12:37:34 +07:00
de5fea4a00
fix login_credentials->password in session when loging in with apache
...
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
2021-10-13 12:24:32 +07:00
4cae2cc06c
Merge pull request #29004 from nextcloud/bugfix/noid/fix-translated-app-details
...
Fix translated app details
2021-10-13 11:37:22 +07:00
664bd5802f
add 'supported'-label to all supported apps, also if they are not downloaded yet
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2021-10-06 22:17:50 +07:00
d68f028251
Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl
2021-10-05 13:06:59 +07:00
857c769d75
Merge pull request #28939 from nextcloud/bugfix/noid/dont-setup-disabled-users
...
Don't further setup disabled users when logging in with apache
2021-10-04 12:59:35 +07:00
37f40cdd46
Fix translated app details
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-09-30 09:08:17 +07:00
6958d8005a
Add admin privilege delegation for admin settings
...
This makes it possible for selected groups to access some settings
pages.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2021-09-29 21:43:31 +07:00
57a816a1a6
Don't further setup disabled users when logging in with apache
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-09-23 11:19:02 +07:00
006aac9a0c
Merge pull request #28473 from nextcloud/fix-file-get-contents
...
Fix path of `file_get_contents`
2021-08-25 09:28:52 +07:00
60a7f5c53e
Remove unused method
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2021-08-18 22:10:40 +07:00
280dd851b3
Avoid usage of Nextcloud API, use PHP function
2021-08-18 15:21:05 +07:00
58f55975e0
Fix #20913 : Check image resource before attempting to preserve alpha
...
Signed-off-by: Simon Spannagel <simonspa@kth.se>
2021-08-18 07:36:11 +07:00
a3c69b8310
Fix path of `file_get_contents`
...
Try to fix #28370 and #27441
Avoid pre-pends the `$path` to the user's own storage.
2021-08-17 13:03:45 +07:00
aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl
2021-08-04 18:52:55 +07:00
3860dad9ea
Merge pull request #26481 from ghost/fdroid
2021-07-13 08:49:59 +07:00
0ba0189260
Add F-Droid
...
Signed-off-by: HouraisanNEET <HouraisanNEET@users.noreply.github.com>
2021-07-04 21:44:55 +07:00
e16bf707aa
Fix UtilTest::testDefaultApps()
...
Oh wow... This definitly was no best practice... 😒
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2021-07-01 16:00:29 +07:00
2c7186a15f
Remove \OC::$server->getURLGenerator() usage
...
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2021-07-01 15:12:15 +07:00
b78f3a57d1
Migrate HintException to OCP
...
Signed-off-by: Gary Kim <gary@garykim.dev>
2021-06-30 15:28:02 +07:00
0df68f0697
Remove unused imports
...
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2021-06-30 16:48:22 +07:00
12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl()
...
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2021-06-30 16:20:57 +07:00
095418493e
Use proper methods for display name retrieval
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2021-06-17 10:19:07 +07:00
f6108acea4
Fix default product name for old themes
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2021-06-16 15:52:49 +07:00
215aef3cbd
Update php licenses
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-06-04 22:02:41 +07:00
949102c031
Merge pull request #27088 from nextcloud/fix/27074/removing-apps
...
Allow removing apps with app store disabled
2021-06-02 21:10:05 +07:00
9c6b01abeb
l10n: Spelling unification
...
Spelling unification in Transifex.
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-06-02 17:49:32 +07:00
6ac4eafcf9
emit UserLoggedInEvent on apache auth
...
- post_login OC_Hook is barely used or listened to
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-06-01 13:59:40 +07:00
6ed728d76c
Merge pull request #27043 from nextcloud/storage-info-include-external
...
fix return value of getStorageInfo when 'quota_include_external_storage' is enabled
2021-05-25 21:57:23 +07:00
92555b6014
Allow removing apps with app store disabled
...
Signed-off-by: Gary Kim <gary@garykim.dev>
2021-05-24 10:35:51 +07:00
f1dbabd910
Merge pull request #26727 from nextcloud/group-exclude-link-share
...
Add option to exclude groups from creating link shares
2021-05-21 15:35:39 +07:00
7e22487278
fix return value of getStorageInfo when 'quota_include_external_storage' is enabled
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-05-20 13:55:49 +07:00
2137480a06
l10n: Unify spelling
...
Spelling unification in Nextcloud applications.
2021-05-20 09:22:07 +07:00
b1dca57a1c
load share settings from the share manager in more places
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-05-12 16:11:28 +07:00
784b059a01
Don't break OCC if an app is breaking in it's Application class
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-05-05 10:41:18 +07:00
df47445c01
Fix unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 14:34:32 +07:00
ab48d5e8cb
Cleanup unneeded code around database.xml
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2021-03-24 22:15:44 +07:00
bb0c50717c
Bye bye database.xml
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-24 20:04:12 +07:00
9e3775618b
log full expection during repair step
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-18 08:45:17 +07:00
cc744740b7
Remove deprecated \OCP\API
...
Time to remove this forgood now.
Remaining constant moved over
The world is a tiny bit better
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-03-03 20:54:32 +07:00
eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
...
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard ) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases )
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-02-18 13:31:24 +07:00
25f9203a70
Fix remaining #25359
...
As a wise man once said:
"I like PRs that pass tests before merging"
C. Wurst, Feb 9th 2021
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-02-10 15:41:25 +07:00
aabd73912e
Type the service registration
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-02-10 09:44:24 +07:00
4f90766ba3
Skip template picker if none available
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-01-28 12:00:20 +07:00
7e6d69d166
Add templatedirectory config value to let admins have their custom templates by default
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-01-28 12:00:20 +07:00
4974404774
files: Create files from template API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-01-28 11:59:46 +07:00
6d4afca7ac
Add support for webp
...
Including handling in OC_Image
But also a preview provider
Of course only works if your php actually supports webp
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-01-19 20:17:10 +07:00
8b64e92b92
Bump doctrine/dbal from 2.12.0 to 3.0.0
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-01-08 11:45:19 +07:00
287c26bda3
Replace patchwork/utf8 with symfony-polyfill-*
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-01-07 21:22:41 +07:00
9ce3ea3368
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-30 14:07:05 +07:00
adc4f1a811
Merge pull request #22916 from J0WI/unifiy-links-to-php.net
...
Unify links to php.net
2020-12-22 09:53:31 +07:00
d89a75be0b
Update all license headers for Nextcloud 21
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-16 18:48:22 +07:00
a4b5312729
Do not include non-required scripts on the upgrade page
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-15 21:14:07 +07:00
8a8aa4f7dc
Add sanitizers for JSON output
...
Those functions set proper content-types that prevent rendering of
data. Therefore it's safe to mark them as sanitizers.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-12-11 21:23:11 +07:00
c8e0f3015f
Merge pull request #24398 from nextcloud/fix/do-not-update-incompatible-app
...
Do not update incompatible apps
2020-12-09 09:28:25 +07:00
7f61535a1a
GD images
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-07 15:44:04 +07:00
cbb34af53f
Do not update incompatible apps
...
Previously there was no (platform) dependency check for an app that was
installed before. So Nextcloud happily upgraded an app that now requires
a php version newer than the current one. Which means in the lucky case
you see a failing upgrade due to the language incompatibility, or in the
unlucky case you see unexpected errors later in production.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-04 17:05:22 +07:00
c9cd633665
Fix the download of multiple files from the webUI
...
needed a setupFS call
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-03 13:20:01 +07:00
fd649afb1f
Remove the deprecated update.php
...
* It was documented as deprecated.
* The app code checker warned about it
* It's been three years
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-27 13:02:59 +07:00
f4c1512bb7
Fix typo in @deprecated PHPDoc tag
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-24 00:13:09 +07:00
032de4f333
Merge pull request #24269 from nextcloud/taint-specialize
...
Mark getAppPath as specialized taint
2020-11-22 13:39:46 +07:00
d25ca1976b
Mark getAppPath as specialized taint
...
Should remove some false positives.
https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 01:15:15 +07:00
98ddfdd1e8
Mark cleanAppId as sanitizer for include
...
Should remove a bunch of false positive code scanning results.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 00:57:25 +07:00
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +07:00
d0f738fd59
Merge pull request #24112 from nextcloud/bugfix/24099/setup-fs-before-query-storage-in-settings
...
Set up FS before querying storage info in settings
2020-11-16 11:46:22 +07:00
91a3e439cb
Don't throw on SHOW VERSION query
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-16 08:43:48 +07:00
2143f2bb82
Set up FS before querying storage info in settings
...
The personal info section of the personal settings is querying the
storage quota information. For this it requires the FS to be setup which
is not always guaranteed.
This fixes an issue where refreshing the settings page would cause it to
fail after Redis caches are full. It is likely that when Redis cache is
populated, some code path is initializing the FS, so it works so far.
But when the cache is populated, that code path is skipped so the FS is
not guaranteed to be setup...
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2020-11-13 17:06:37 +07:00
f23c2162ad
Merge pull request #23993 from nextcloud/bugfix/noid/close-cursors
...
Don't leave cursors open
2020-11-10 15:15:03 +07:00
979b291a36
Show the full trace of an exception
...
Because often we catch the exception at some point and then the trace is
misleading. What's really interesting is the trace of the *previous*
exception.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-10 10:35:08 +07:00
8027dcbc6f
Don't leave cursors open when tests fail
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-09 12:28:17 +07:00
d8637c62e0
Reduce the getAppPath and autoloader calls
...
The getAppPath will always return the same data for the same appId. It
is actually already cached. However we do some cleanup of the appId
(again). Same for the autoloading it is actually already checked.
This just removes the unneeded calls. Which can add up if you have a lot
of incomming shares.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-07 17:24:41 +07:00
9981ffd784
Merge pull request #23922 from nextcloud/bugfix/noid/fix-query-type-detection
...
Improve query type detection
2020-11-06 22:18:14 +07:00
b70cf435a7
Merge pull request #23940 from nextcloud/enh/skip_already_loaded_apps
...
Skip already loaded apps in loadApps
2020-11-06 21:58:44 +07:00
0dece78617
Skip already loaded apps in loadApps
...
Otherwise you might end up calling a lot of functions unneeded.
And while the individual calls are cheap if you multiply them by 20k
they still get somewhat expensive.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-06 14:56:06 +07:00
a847aea19c
Deprecate OC_DB::prepare and OC_DB::executeAudited as they leak cursors
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-06 10:37:37 +07:00
3d2f71cfa9
Improve query type detection
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-06 08:38:56 +07:00
fc403135d1
Use lib instead if core as l10n module in OC_Files
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-10-27 15:37:57 +07:00
c1834bac7d
Only use index of mount point when it is there
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-21 13:37:56 +07:00
d9015a8c94
Format code to a single space around binary operators
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +07:00
0dfdf3ee99
add mount point to quota warning message
...
makes it more clear to the user what the quota applies to
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-10-04 11:02:32 +07:00
68ce17e59b
Unify links to php.net
...
Update all links to https://www.php.net/
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2020-09-17 17:40:04 +07:00
46525f8639
Change 0 to null to properly encode image to BMP if the first pixel is black
...
Ref #22288
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-09-10 12:08:01 +07:00
c077c15875
show better quota warning for group folders and external storage
...
instead of showing the generic 'Your storage is full' message, better explain that it's the group folder/external storage that is full
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-08-25 16:05:16 +07:00
2a054e6c04
Update the license headers for Nextcloud 20
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-08-24 14:54:25 +07:00
b09620651c
Don't use deprecated getIniWrapper() anymore
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-20 16:35:38 +07:00
4c6eb96471
Merge pull request #22280 from nextcloud/bugfix/noid/429-on-brute-force-maximum
...
Send "429 Too Many Requests" in case of brute force protection
2020-08-19 18:21:01 +07:00
e93bf71369
Fix the return type of OC_Template->fetchPage() to be string only
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-19 16:48:06 +07:00
John Molakvoæ
Robin Appelman
Joas Schilling
Vincent Petry
blizzz
Carl Schwan
MichaIng
Julius Härtl
Claus-Justus Heine
Louis Chemineau
Unpublished
Joas Schilling
Joachim Bauch
John Molakvoæ (skjnldsv)
Valdnet
Côme Chilliet
Naoto Kobayashi
szaimen
rakekniven
zorn-v
Julien Veyssier
Bjoern Schiessle
Lukas Reschke
Christoph Wurst
Daniel Kesselberg
acsfer
Simon Spannagel
Daniel Rudolf
HouraisanNEET
Gary Kim
Morris Jobke
Roeland Jago Douma
dependabot-preview[bot]
Christoph Wurst
Roeland Jago Douma
J0WI