sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
83,893 Commits
630 Branches
1167 Tags
8.6 GiB
Commit Graph

39 Commits (jtr/fix-public-exceptions-http-codes)

Author SHA1 Message Date
Ferdinand Thiessen 5981b7eb51
chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +07:00
Joas Schilling 8952a4cb77
fix(logger): Fix closure detection when filtering sensitive parameters 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-11-08 12:59:14 +07:00
Ferdinand Thiessen f3aa004b1c
refactor(encryption): Migrate away from Hooks to typed events 
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Louis <louis@chmn.me>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-10-15 18:33:06 +07:00
Joas Schilling a90921e239
fix(logger): Remove more parameters of other methods 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-10-07 21:04:49 +07:00
Andy Scherzinger dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +07:00
Faraz Samapoor 9fa9975bc9 Refactors lib/private/Log. 
Mainly using PHP8's constructor property promotion.

Signed-off-by: Faraz Samapoor <fsa@adlas.at>
 2023-06-28 09:29:45 +07:00
Faraz Samapoor e7cc7653b8 Refactors "strpos" calls in lib/private to improve code readability. 
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
 2023-05-15 15:17:19 +07:00
Max 95a674e238
fix: treat text app session parameters as sensitive values 
* `PublicSessionController create` receives a share token.
* The others receive the parameters for a text session:
  `document_id`, `session_id`, `session_token`.
  Even though these are relatively short lived
  they could be used to retrieve content from the document when leaked.

Signed-off-by: Max <max@nextcloud.com>
 2023-03-01 13:03:47 +07:00
Julius Härtl 7daa20d309
fix(ExceptionSerializer): encode arguments before filtering the trace 
This will avoid running into a Nesting level too deep error as the
encodeArg calls will limit potential recursive calls on the arguments to
a nesting level of 5

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-01-16 09:47:31 +07:00
Arthur Schiwon 2a6f46e689
allow apps to specify methods carrying sensitive parameters 
… in order to remove them from logging.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-28 23:30:17 +07:00
Arthur Schiwon 8b2b5946e6
make placeholder a const for reuse 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-06-16 18:38:29 +07:00
Arthur Schiwon 891c10d09d
fix overwriting original vars when logging 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-06-16 18:36:58 +07:00
Julius Härtl b235a854d3
Always list the class of an object first 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-08-05 17:36:15 +07:00
Julius Härtl 950de74d1d
Set a maximum level of encoding nested arguments of exception traces 
This will make sure that nested objects or arrays do not cause exceeding
the maximum nesting level of functions when parsing arguments of an
exception trace

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-08-05 17:35:52 +07:00
Lukas Reschke b3ddc09895 Sanitize more functions from the encryption app 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-07-21 11:18:35 +07:00
Daniel Kesselberg 74fa8f3f84
Mask password for Redis and RedisCluster on connection failure 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2021-07-19 19:52:25 +07:00
Gary Kim b78f3a57d1
Migrate HintException to OCP 
Signed-off-by: Gary Kim <gary@garykim.dev>
 2021-06-30 15:28:02 +07:00
John Molakvoæ (skjnldsv) 215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +07:00
Joas Schilling 847aa08ebd
Don't log keys on checkSignature 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-01-18 16:09:06 +07:00
Roeland Jago Douma 179de95f81
Avoid huge exception argument logging 
In some cases it might happen that you have an argument that deep down
somewhere has an array with a lot of entries (think thousands). Now
before we would just happily print them all. Which would fill the log.

Now it will just print the first 5. And add a line that there are N
more.

If you are on debug level we will still print them all.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-29 10:50:53 +07:00
Christoph Wurst d89a75be0b
Update all license headers for Nextcloud 21 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 18:48:22 +07:00
Vincent Petry 9b3361ce87
Don't log params of imagecreatefromstring 
To prevent flooding the log with actual image data.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2020-12-04 09:30:20 +07:00
Morris Jobke 065ef14cb0
Move OC_Mount_Config to proper classname and remove OC::$CLASSPATH usage in files_external 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-07-10 00:02:59 +07:00
Joas Schilling a7f26cfe28
Don't log Keys 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-06-19 13:44:27 +07:00
Christoph Wurst cb057829f7
Update license headers for 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-29 11:57:22 +07:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:54:27 +07:00
Christoph Wurst 14c996d982
Use elseif instead of else if 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 10:35:09 +07:00
Christoph Wurst 1b46621cd3
Update license headers for 18 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-20 09:23:25 +07:00
Christoph Wurst 5bf3d1bb38
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +07:00
Roeland Jago Douma f2ef35dbf1
Fix logger test 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 13:34:42 +07:00
Roeland Jago Douma bfaca7fc78
Sensitive values handling 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 13:34:41 +07:00
Joas Schilling a79da346b6
fix class might be undefined 
Co-Authored-By: blizzz <blizzz@arthur-schiwon.de>

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2019-05-08 10:04:19 +07:00
Arthur Schiwon d6d1666600
remove args from logging of common-spelled methods dependent on class 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2019-05-07 00:19:48 +07:00
Arthur Schiwon 4ad8d0c0d8
remove setup args from logging 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2019-05-06 23:59:45 +07:00
Morris Jobke e8739e1392
Remove sensitive SMB arguments from exception log 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-03-12 15:51:38 +07:00
Joas Schilling d8e041a5a2
Don't log parameters on user creation in case of error/exception 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-01-10 10:46:58 +07:00
Robin Appelman 99c00972a0
make exception serializer a bit more robust 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-07-18 16:56:34 +07:00
Morris Jobke a11d198a06
Sanitize parameters in createSessionToken() while logging 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-07-11 14:26:57 +07:00
Robin Appelman f399e1591f
Log classnames of arguments in exception trace 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-04-17 13:46:36 +07:00