sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
84,611 Commits
620 Branches
1167 Tags
8.5 GiB
Commit Graph

132 Commits (master)

Author SHA1 Message Date
Ferdinand Thiessen d6d6747a73 refactor: apply rector rules for PHPUnit 10 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-10-27 21:56:04 +07:00
Carl Schwan 60c2875670 refactor: Cleanup some unit tests 
- use declare(strict_types=1)
- use strong typing
- Remove some weird things in ControllerTest

Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2025-10-01 10:11:27 +07:00
John Molakvoæ 4829ac57c1 fix: use `OCP\Server` 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2025-08-01 17:00:09 +07:00
Josh 14b4d0327e fix(AppFramework): Log malformed protocol values and unify fallback behavior 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2025-08-01 17:00:09 +07:00
Robin Appelman aa15f9d16d
chore: run rector 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-07-01 22:45:52 +07:00
Ferdinand Thiessen 5981b7eb51
chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +07:00
Robin Appelman 3561937816
chore: run rector on tests with new rule 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-06-12 18:38:29 +07:00
Robin Appelman 29e39c0a2e
chore: run rector on tests 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-06-12 18:31:58 +07:00
Daniel Kesselberg be587def0e fix: use correct format for expires, last-modified, and if-modified-since headers 
Before: Sat, 10 May 2025 18:17:41 +0000
After: Sat, 10 May 2025 18:17:41 GMT

RFC: https://httpwg.org/specs/rfc9110.html#http.date

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2025-06-10 13:15:31 +07:00
Joas Schilling 5f9117b939
test: Fix coding standards 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 08:48:13 +07:00
Joas Schilling 720ab52e07
test: Fix tests/lib/App* 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 08:21:24 +07:00
Joas Schilling 522be60ff0
fix(phpunit): Remove some more withConsecutive calls 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-03-31 09:43:22 +07:00
Johannes Endres ae2cc23658 fix: Change UserAgent to *cloud 
Co-authored-by: Daniel Kesselberg <mail@danielkesselberg.de>
Signed-off-by: Johannes Endres <je@johannes-endres.de>
 2025-02-19 18:51:08 +07:00
Joas Schilling 1909b981a4
fix(controller): Fix false booleans in multipart/form-data 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-11-28 12:18:30 +07:00
provokateurin 9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +07:00
Christoph Wurst 49dd79eabb
refactor: Add void return type to PHPUnit test methods 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-09-15 22:32:31 +07:00
Ferdinand Thiessen 4d2556d4cf
refactor(IMenuAction): Make public menu actions use the new Vue UI 
This removes custom rendering code an replaces it with the declarative menu actions.
Also adjust the template to allow the Vue UI to mount.
Custom entries still are possible.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-03 16:07:49 +07:00
Daniel Kesselberg af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +07:00
Ferdinand Thiessen 009761be58
test: Adjust tests for CSP nonce 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:06:32 +07:00
provokateurin 9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 17:31:49 +07:00
Andy Scherzinger 1f7e2ba599
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +07:00
Joas Schilling 9ed3ab7d87
test(request): Add tests to strip the port when forwarding requests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-02-13 16:51:13 +07:00
Arthur Schiwon 216b95f8b1 test(unit): fix RequestTest 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-01-27 15:11:26 +07:00
Joas Schilling f6b6776c93
fix(API): Use a distinct exception so apps can react to it and customize the return 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-28 06:11:57 +07:00
Arthur Schiwon 3fa43a529b
enh(dispatcher): enforce psalm ranges in the http dispatcher 
- allows devs to provide int ranges for API arguments

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2023-11-24 12:46:38 +07:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +07:00
Ferdinand Thiessen ecf9f0a872
fix(CSP): Only add `strict-dynamic` when using nonces 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 22:01:02 +07:00
Ferdinand Thiessen e231abd9bf
fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 14:42:36 +07:00
Ferdinand Thiessen 7df9eb3351 feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-elem` only 
This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`.
The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 11:12:57 +07:00
Joas Schilling 2fa78f6245
Reverse X-Forwarded-For list to read the correct proxy remote address 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-16 07:45:19 +07:00
Git'Fellow 066f6ef16c Stop sending deprecated Pragma header 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-08-28 15:11:22 +07:00
Daniel Calviño Sánchez 41f2d912d2 Allow "wasm-unsafe-eval" in CSP 
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).

Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.

To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2023-08-10 02:38:41 +07:00
Joas Schilling 2c6f32cb28
feat(request): Allow to match the client version with the IRequest::USER_AGENT_* regex 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-11 07:35:50 +07:00
jld3103 b0001c6010
Add template types to responses 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-06-30 09:33:29 +07:00
Christoph Wurst 08a3f37695
chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-06-12 10:03:59 +07:00
Côme Chilliet 8d5165e8dc
Adapt tests to config value typing 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 17:42:14 +07:00
MichaIng 5f90b8eb11
Change X-Robots-Tag header from "none" to "noindex, nofollow" 
While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines.

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names
https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list
https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240

Signed-off-by: MichaIng <micha@dietpi.com>
 2023-02-15 20:16:51 +07:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Christoph Wurst 20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +07:00
Stanimir Bozhilov 7dcd6eb561
Merge branch 'master' into add-scim-json-support 
Signed-off-by: Stanimir Bozhilov <stanimir.bozhilov.1998@gmail.com>
 2022-12-19 09:07:38 +07:00
Vincent Petry ae6fe874ed
Merge pull request #35780 from nextcloud/fix/http-dispatcher-double-parameter-cast 
Fix missing cast of double controller parameters
 2022-12-16 16:18:35 +07:00
Christoph Wurst b6dd1a1d7b
fix(app framework): Fix missing cast of double controller parameters 
``settype`` allows 'double' as alias of 'float'.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 09:33:52 +07:00
Artur Neumann 81f2857f34
check if params given to API are really an array 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2022-12-15 13:45:22 +07:00
Côme Chilliet 68363f6944
Fix some more problems with tests under PHP 8.2 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-11-15 16:02:24 +07:00
Stanimir Bozhilov 46c10c77e1 Fix the JSON content type regex to match all MIME types 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-26 11:51:44 +07:00
Stanimir Bozhilov f7d51a39cf Add unit tests for application/scim+json content type 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-20 16:19:05 +07:00
Simon Leiner 09362eaeaa
Support specifying IPv6 proxies in CIDR notation 
Previously, it was not possible to use CIDR notation for IPv6 proxies
in the trusted_proxies parameter of config.php [1]. This patch adds
support for that.

[1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies

Signed-off-by: Simon Leiner <simon@leiner.me>
 2022-08-02 17:36:47 +07:00
Côme Chilliet 1bd5222224
Fix PHP 8.2 warnings about undeclared properties 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-06-21 16:17:52 +07:00
Côme Chilliet c7e1c36362
Remove at matcher uses in tests/lib 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-06-16 17:43:17 +07:00
Julius Härtl 3901a93c72
Use JSON_THROW_ON_ERROR instead of custom error handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-05-30 19:17:49 +07:00