sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
83,893 Commits
631 Branches
1167 Tags
8.6 GiB
Commit Graph

138 Commits (jtr/fix-public-exceptions-http-codes)

Author SHA1 Message Date
Stanimir Bozhilov f0dbe1148a Add support for application/scim+json content type 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-20 16:18:52 +07:00
Simon Leiner 09362eaeaa
Support specifying IPv6 proxies in CIDR notation 
Previously, it was not possible to use CIDR notation for IPv6 proxies
in the trusted_proxies parameter of config.php [1]. This patch adds
support for that.

[1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies

Signed-off-by: Simon Leiner <simon@leiner.me>
 2022-08-02 17:36:47 +07:00
luz paz 368f83095d Fix typos in lib/private subdirectory 
Found via `codespell -q 3 -S l10n -L jus ./lib/private`

Signed-off-by: luz paz <luzpaz@github.com>
 2022-07-27 08:52:17 +07:00
Côme Chilliet de5b7f260f
Trying without the use 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-04-26 11:10:00 +07:00
Côme Chilliet 9132ed8ef1
Use sabre function directly rather than duplicating it 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-04-26 11:10:00 +07:00
Joas Schilling 0acd4b5f82
Merge pull request #31235 from nextcloud/techdebt/noid/extract-request-id 
Extract request id handling to dedicated class so it can be injected without DB dependency
 2022-03-22 12:08:45 +07:00
Julius Härtl 0f33453610
Diagnostics event logging to Nextcloud log 
Signed-off-by: Julius Härtl <jus@bitgrid.net>

Add config samples

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-02-28 11:24:40 +07:00
Joas Schilling 07a9f34385
Extract request id handling to dedicated class so it can be injected manually 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +07:00
Carl Schwan 6312c0df69
Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +07:00
Côme Chilliet 113756db30
Fix ArrayAccess and JsonSerializable return types 
First round of modifications for PHP 8.1

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:28:56 +07:00
Carl Schwan e1c4b648d1
Improve syntax error reporting 
In some cases the error information is not enough to debug it.

Before:

syntax error, unexpected '<<' (T_SL)
/var/www/html/lib/private/AppFramework/Http/Dispatcher.php
158

After:

syntax error, unexpected '<<' (T_SL) in file '/var/www/html/apps/groupfolders/lib/Mount/GroupFolderStorage.php' line 88
/var/www/html/lib/private/AppFramework/Http/Dispatcher.php
158

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-09-21 10:28:26 +07:00
J0WI 3b656446af Introduce ISecureRandom::CHAR_ALPHANUMERIC 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2021-07-08 15:11:31 +07:00
John Molakvoæ (skjnldsv) 215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +07:00
Lukas Reschke a521ed874c Remove unused constants 
No calls in all of GitHub as per https://sourcegraph.com/search?q=USER_AGENT_OWNCLOUD_&patternType=literal

Deprecation has also been years ago.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-05-25 19:01:48 +07:00
dependabot-preview[bot] eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-18 13:31:24 +07:00
Morris Jobke 24d436cb60
Remove unneeded casts that were found by Psalm 
In preparation of the update of Psalm from 4.2.1 to 4.3.1+ (see https://github.com/nextcloud/server/pull/24521)

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2021-01-11 13:14:41 +07:00
Christoph Wurst 8b64e92b92
Bump doctrine/dbal from 2.12.0 to 3.0.0 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-01-08 11:45:19 +07:00
Christoph Wurst 9ce3ea3368
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-30 14:07:05 +07:00
Roeland Jago Douma adc4f1a811
Merge pull request #22916 from J0WI/unifiy-links-to-php.net 
Unify links to php.net
 2020-12-22 09:53:31 +07:00
Julius Härtl fbbb48fcc2
Merge pull request #24730 from J0WI/fix-trusted-ipv6 
Fix IPv6 localhost regex
 2020-12-21 09:59:31 +07:00
Christoph Wurst d89a75be0b
Update all license headers for Nextcloud 21 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 18:48:22 +07:00
J0WI 331f30f085 Fix IPv6 localhost regex 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2020-12-16 14:37:56 +07:00
Daniel Kesselberg 8ebd31d686
Make $vars and $secureRandom required. 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-12-10 17:06:32 +07:00
Christoph Wurst 7e2c3a820e
Remove the cookie paths for php<7.3 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-11-06 15:57:17 +07:00
Christoph Wurst d9015a8c94
Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +07:00
Joas Schilling 95a301ea57
Fix tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-10-02 10:37:18 +07:00
Joas Schilling 3212c074b9
Log the number of queries built and executed 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-25 14:55:53 +07:00
J0WI 68ce17e59b Unify links to php.net 
Update all links to https://www.php.net/

Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2020-09-17 17:40:04 +07:00
Christoph Wurst 2a054e6c04
Update the license headers for Nextcloud 20 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-08-24 14:54:25 +07:00
Georg Ehrke 3bdfb380fc
Fix PHPDoc of IRequest::getHeader 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2020-07-14 14:20:43 +07:00
Joas Schilling 74a9cadc50
Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-07-02 11:13:13 +07:00
Roeland Jago Douma fbf9772a3e
Allow to specify the cookie type for appframework responses 
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.

Helps with #21474

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-06-22 08:38:44 +07:00
Roeland Jago Douma 12fa748c49
Move the notmodified check to middleware where it belongs 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-13 08:11:24 +07:00
Christoph Wurst cb057829f7
Update license headers for 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-29 11:57:22 +07:00
Christoph Wurst 734c62bee0
Format code according to PSR2 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:56:50 +07:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:54:27 +07:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +07:00
Christoph Wurst 14c996d982
Use elseif instead of else if 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 10:35:09 +07:00
Christoph Wurst 3a415e4139
Remove space between switch case and colon 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 16:17:53 +07:00
Christoph Wurst 85e369cddb
Fix multiline comments 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-08 22:24:54 +07:00
Daniel Kesselberg 8331d8296b
Make getServerHost more robust to faulty user input 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-01-16 11:26:29 +07:00
Daniel Kesselberg d393b1612b
Modify regex to match some other chromium browsers 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-12-27 17:24:52 +07:00
Christoph Wurst 5bf3d1bb38
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +07:00
Julius Härtl a055d8ddf9
Always return overwritehost if configured 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-11-28 15:02:33 +07:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +07:00
Daniel Kesselberg fdf4e1ebb2
Remove duplicate code 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-10-08 00:46:50 +07:00
Julius Härtl 299759b836
Handle throwables in the http dispatcher 
Co-authored-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-08-29 17:19:14 +07:00
b108@volgograd bf167ad3ac Remove duplicate functionality 
This functionality implemented in the next line:

$requestUri = preg_replace('%/{2,}%', '/', $requestUri);
 2019-01-20 13:29:58 +07:00
Roeland Jago Douma 514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-12-17 15:54:45 +07:00
Morris Jobke dccfe4bf84
Merge pull request #12036 from olivermg/master 
Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
 2018-10-30 10:49:08 +07:00
Oliver Wegner 401ca28f07 Adding handling of CIDR notation to trusted_proxies for IPv4 
Signed-off-by: Oliver Wegner <void1976@gmail.com>
 2018-10-30 09:15:42 +07:00
Daniel Kesselberg 986f4df2a5
Add REMOTE_ADDR to getHeader 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2018-10-25 22:26:49 +07:00
Robin Appelman c0a283fefb
ensure we always return an array from `Request::getParams` 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-08-28 18:11:42 +07:00
Roeland Jago Douma 043a824e6a
Fix comments 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +07:00
Roeland Jago Douma 0ee45d3d20
Fix proper types 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +07:00
Roeland Jago Douma a229095af1
Make Request strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +07:00
Roeland Jago Douma ca9f364fd4
Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-21 10:55:52 +07:00
Roeland Jago Douma bb0c7b2943
Make AppFramework/Http/Dispatcher strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-21 08:51:46 +07:00
Morris Jobke 4ef302c0be
Request->getHeader() should always return a string 
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.

Found while enabling the strict_typing for lib/private for the PHP7+ migration.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-17 09:51:31 +07:00
Roeland Jago Douma ca70694502
Also check for empty content lenth 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-12-14 21:48:59 +07:00
Morris Jobke 31c5c2a592
Change @georgehrke's email 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 20:38:59 +07:00
Morris Jobke 0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +07:00
Roeland Jago Douma c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-24 21:07:16 +07:00
Roeland Jago Douma 9717cdfb9e
If there is no content don't error 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-09 15:51:13 +07:00
Roeland Jago Douma ede15f0988
Fix L10N::t 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-01 08:20:17 +07:00
coderkun bdc7bb1f26 Add IPv6 to “localhost” regex (#440) 
Signed-off-by: Oliver Hanraths <olli@coderkun.de>
 2017-05-14 21:29:03 +07:00
Joas Schilling 695696a4a6
Use constants 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-13 12:04:32 +07:00
Juan Pablo Villafáñez 38e5135cb9
Reorder the entries of the log for easier reading 2017-04-12 13:03:19 +07:00
Roeland Jago Douma 2a9192334e
Don't try to parse empty body if there is no body 
Fixes #3890

If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.

See RFC 2616 Section 4.3

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-04 08:22:33 +07:00
Roeland Jago Douma 8626ccab1c
dont require strict same site cookies for ocs requests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-09 16:48:48 +07:00
Joas Schilling 33fb86f68b
Fix detection of the new iOS app 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-02-10 10:10:21 +07:00
Christoph Wurst 5e728d0eda oc_token should be nc_token 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-02-02 21:56:44 +07:00
Lukas Reschke a05b8b7953
Harden cookies more appropriate 
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.

See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.

Fixes https://github.com/nextcloud/server/issues/1412

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-23 12:53:44 +07:00
Robin Appelman 4235b18a88
allow passing a stream to StreamResponse 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-16 15:30:36 +07:00
Joas Schilling c20ab0049f
Identify Chromium as Chrome 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-26 12:07:10 +07:00
Joas Schilling f9cea0b582 Merge pull request #797 from nextcloud/only-match-for-auth-cookie 
Match only for actual session cookie
 2016-08-31 15:59:16 +07:00
Lukas Reschke d50e7ee36c
Remove reading PATH_INFO from server variable 
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
 2016-08-19 14:48:13 +07:00
Roeland Jago Douma 8f3dc0ba43
Remove IE_8 user agent string 2016-08-16 21:01:32 +07:00
Lukas Reschke b53ea18ea5
Match only for actual session cookie 
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
 2016-08-09 19:23:08 +07:00
Morris Jobke 8c7d7d7746 Merge pull request #507 from nextcloud/run-le-script 
Update emails and license headers with latest changes
 2016-07-21 23:27:15 +07:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +07:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +07:00
Roeland Jago Douma e42f2f2650
AppFramework do not get default response 
The OCSResponse differs from other responses in that it defaults to
XML. However we fell back to json by default.

This makes sure that if nothing is set we don't pass anything.
Which defaults then to the controllers default (which is often 'json')
but in the case of the OCSResponse 'xml'.
 2016-07-20 22:05:43 +07:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master 
Fixes https://github.com/nextcloud/server/issues/50
 2016-07-20 18:37:57 +07:00
Joas Schilling b1d652e8b0
Copy the regexes to the public interface 2016-07-18 15:11:44 +07:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +07:00
Roeland Jago Douma eb11ed1851
Make ownCloud work again in php 7.0.6 
See https://bugs.php.net/bug.php?id=72117
 2016-04-28 12:23:17 +07:00
Roeland Jago Douma 1d33a5ef13
Move \OC\AppFramework to PSR-4 
* Also moved the autoloader setup a bit up since we need it in initpaths
 2016-04-22 15:28:09 +07:00