sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
84,637 Commits
621 Branches
1167 Tags
8.5 GiB
Commit Graph

51 Commits (master)

Author SHA1 Message Date
John Molakvoæ 4829ac57c1 fix: use `OCP\Server` 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2025-08-01 17:00:09 +07:00
Josh 14b4d0327e fix(AppFramework): Log malformed protocol values and unify fallback behavior 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2025-08-01 17:00:09 +07:00
Robin Appelman aa15f9d16d
chore: run rector 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-07-01 22:45:52 +07:00
Ferdinand Thiessen 5981b7eb51
chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +07:00
Joas Schilling 522be60ff0
fix(phpunit): Remove some more withConsecutive calls 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-03-31 09:43:22 +07:00
Johannes Endres ae2cc23658 fix: Change UserAgent to *cloud 
Co-authored-by: Daniel Kesselberg <mail@danielkesselberg.de>
Signed-off-by: Johannes Endres <je@johannes-endres.de>
 2025-02-19 18:51:08 +07:00
Christoph Wurst 49dd79eabb
refactor: Add void return type to PHPUnit test methods 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-09-15 22:32:31 +07:00
provokateurin 9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 17:31:49 +07:00
Andy Scherzinger 1f7e2ba599
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +07:00
Joas Schilling 9ed3ab7d87
test(request): Add tests to strip the port when forwarding requests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-02-13 16:51:13 +07:00
Arthur Schiwon 216b95f8b1 test(unit): fix RequestTest 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-01-27 15:11:26 +07:00
Joas Schilling 2fa78f6245
Reverse X-Forwarded-For list to read the correct proxy remote address 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-16 07:45:19 +07:00
Joas Schilling 2c6f32cb28
feat(request): Allow to match the client version with the IRequest::USER_AGENT_* regex 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-11 07:35:50 +07:00
Côme Chilliet 8d5165e8dc
Adapt tests to config value typing 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 17:42:14 +07:00
Stanimir Bozhilov 7dcd6eb561
Merge branch 'master' into add-scim-json-support 
Signed-off-by: Stanimir Bozhilov <stanimir.bozhilov.1998@gmail.com>
 2022-12-19 09:07:38 +07:00
Artur Neumann 81f2857f34
check if params given to API are really an array 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2022-12-15 13:45:22 +07:00
Stanimir Bozhilov 46c10c77e1 Fix the JSON content type regex to match all MIME types 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-26 11:51:44 +07:00
Stanimir Bozhilov f7d51a39cf Add unit tests for application/scim+json content type 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-20 16:19:05 +07:00
Simon Leiner 09362eaeaa
Support specifying IPv6 proxies in CIDR notation 
Previously, it was not possible to use CIDR notation for IPv6 proxies
in the trusted_proxies parameter of config.php [1]. This patch adds
support for that.

[1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies

Signed-off-by: Simon Leiner <simon@leiner.me>
 2022-08-02 17:36:47 +07:00
Côme Chilliet c7e1c36362
Remove at matcher uses in tests/lib 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-06-16 17:43:17 +07:00
Joas Schilling cc6653e45c
Adjust and add unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +07:00
Carl Schwan 6312c0df69
Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +07:00
Joas Schilling 74a9cadc50
Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-07-02 11:13:13 +07:00
Christoph Wurst 1584c9ae9c
Add visibility to all methods and position of static keyword 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:51:06 +07:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +07:00
Christoph Wurst 14c996d982
Use elseif instead of else if 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 10:35:09 +07:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +07:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-26 16:34:56 +07:00
Christoph Wurst 2ee65f177e
Use the shorter phpunit syntax for mocked return values 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:21:27 +07:00
Daniel Kesselberg 8331d8296b
Make getServerHost more robust to faulty user input 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-01-16 11:26:29 +07:00
Daniel Kesselberg d393b1612b
Modify regex to match some other chromium browsers 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-12-27 17:24:52 +07:00
Roeland Jago Douma 3a7cf40aaa
Mode to modern phpunit 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 15:27:18 +07:00
Roeland Jago Douma c007ca624f
Make phpunit8 compatible 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 13:34:41 +07:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +07:00
Roeland Jago Douma 514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-12-17 15:54:45 +07:00
Oliver Wegner 401ca28f07 Adding handling of CIDR notation to trusted_proxies for IPv4 
Signed-off-by: Oliver Wegner <void1976@gmail.com>
 2018-10-30 09:15:42 +07:00
Roeland Jago Douma d179186430
Remove testcase 
Since a token now always requires a string we don't need to test for
null

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-05 16:14:46 +07:00
Roeland Jago Douma 0ee45d3d20
Fix proper types 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +07:00
Bjoern Schiessle f0202245ee
allow 'Nextcloud' in the user agent string of Android 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-12-12 12:16:01 +07:00
Morris Jobke 43e498844e
Use ::class in test mocks 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-10-24 17:45:32 +07:00
Roeland Jago Douma c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-24 21:07:16 +07:00
Roeland Jago Douma 2a9192334e
Don't try to parse empty body if there is no body 
Fixes #3890

If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.

See RFC 2616 Section 4.3

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-04 08:22:33 +07:00
Robin Appelman 9a8cef965f
add test for skipping cookie checks for ocs 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-10 14:11:00 +07:00
Christoph Wurst 5e728d0eda oc_token should be nc_token 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-02-02 21:56:44 +07:00
Lukas Reschke a05b8b7953
Harden cookies more appropriate 
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.

See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.

Fixes https://github.com/nextcloud/server/issues/1412

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-23 12:53:44 +07:00
Joas Schilling c20ab0049f
Identify Chromium as Chrome 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-26 12:07:10 +07:00
Joas Schilling f9cea0b582 Merge pull request #797 from nextcloud/only-match-for-auth-cookie 
Match only for actual session cookie
 2016-08-31 15:59:16 +07:00
Lukas Reschke d50e7ee36c
Remove reading PATH_INFO from server variable 
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
 2016-08-19 14:48:13 +07:00
Lukas Reschke b53ea18ea5
Match only for actual session cookie 
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
 2016-08-09 19:23:08 +07:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master 
Fixes https://github.com/nextcloud/server/issues/50
 2016-07-20 18:37:57 +07:00