Fixes#2180
And prevents #31473, #23970, #18610, #15708
Avoids a 500 error and also gives a useful error message on the web interface if this module isn't installed, gets overlooked during a PHP upgrade, etc.
While we check for it later, it's too late for session.
Inspired by #17163
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
Changing gc_maxlifetime cannot have any effect because this configuration option does not exist. There is a configuration option named session.gc_maxlifetime.
I removed the ini_set call because autoconfiguring is error-prone, and the current code could never have worked as intended.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
If an incompatible app is enabled manually, it is added to the "app_install_overwrite" array in config.php. Nextcloud upgrades won't disable any app in this array, but they were still shown on the upgrade page and logs as being disabled.
This commit assures that only apps which are really disabled, i.e. which are not in the "app_install_overwrite" array, are shown and logged as disabled during upgrades.
Signed-off-by: MichaIng <micha@dietpi.com>
apcu lead to side effects especially with app management and (soft)
inter-dependencies, and lead also to 500 server errors. While we could
add management to clear apcu cache in many cases (may stil leave edge
cases) the performance benefit is marginally as also class maps are
already cached in opcache. Hence, the simple and effective way to go is
to not use apcu for autoloading.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- in most cases it would read again in \OC_Util::loadVersion anyway
- remove some unused use statements
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
fixes collissions when more than one instance is running on the same
system
For the memcaches we use a more complex prefix, where version and
instance ID are incorporated. We do not have this data at hand at this
point of time. But we can get the mtime of the version.php file
relatively cheap.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Temporary disabled the short cut again to solve issues with CalDAV/CardDAV
clients like DAVx5 that use cookies and need a session. See
https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147
and the other comments for further information.
Signed-off-by: Joas Schilling <coding@schilljs.com>
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
If basic auth is used on WebDAV endpoints, we will not setup a session
by default but instead set a test cookie. Clients which handle session
cookies properly will send back the cookie then on the second request
and a session will be initialized which can be resued for
authentication.
Signed-off-by: Julius Härtl <jus@bitgrid.net>
- the events are not emitted anymore
- OC_Filesystem::isBlacklisted() is not called from anywhere else
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This removes ambiguity with a 503 returned by app code, web server or
similar. Front-end and clients can then handle this state accordingly.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
If front-end or an application requests JSON/XML, there is no point in
redirecting to the default page if that response doesn't exist. In the
worst case that would just cause another request, therefore server load,
traffic and a response that is meaningless to the requester.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
current the `request` and `runtime` events overlap with the `init` event which makes it hard to create usefull visualizations.
this reorders things a bit to remove an overlap
Signed-off-by: Robin Appelman <robin@icewind.nl>
In the admin guide:
* https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html
it is mentioned that you can tweek:
* max_input_time
* max_execution_time
in order to enable larger file uploads. However, the current codebase
will hard code these values to one hour, no matter what the user sets in
php.ini.
This patch will allow the user to set these settings in php.ini and they
will be respected, if and only if, they are set to something bigger than
3600 seconds.
Signed-off-by: Micke Nordin <kano@sunet.se>
It sends a 400 to the client, so I could even argue that it should be an error.
But currently as an admin, I'm quiet surprised that I get a 400 in the UI, and nothing in the log with the default level.
I saw this commit that explains the reason why info. But I disagree.
Feel free to close the PR if you don't agree with it.
Signed-off-by: Pierre Ozoux <pierre@ozoux.net>
Don't try to login when a client is trying to get a OAuth token.
OAuth needs to support basic auth too, so the login is not valid
inside Nextcloud and the Login exception would ruin it.
Signed-off-by: Joas Schilling <coding@schilljs.com>
Reduces calls to DI container by reusing already fetched dependencies.
For status.php it went from 355 to 344.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Josh Richards
Christoph Wurst
Côme Chilliet
Andy Scherzinger
Daniel Kesselberg
MichaIng
John Molakvoæ
Joas Schilling
Arthur Schiwon
Alexander Piskun
Andrey Borysenko
Simon L
Côme Chilliet
Maxence Lange
Julius Härtl
Joas Schilling
Anna Larch
Julien Veyssier
Andy Xheli
Christoph Wurst
Carl Schwan
Robin Appelman
Louis
Micke Nordin
Git'Fellow
Mikael Nordin
Pierre Ozoux
Louis Chemineau
John Molakvoæ (skjnldsv)
Valdnet
Daniel Rudolf
Gary Kim
J0WI
Roeland Jago Douma
Morris Jobke