sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
76,178 Commits
616 Branches
1167 Tags
8.9 GiB
Commit Graph

5642 Commits (2916e5df7e08fc588e752beaf486d907112a34ee)

Author SHA1 Message Date
Ferdinand Thiessen 2916e5df7e
feat: Provide CSP nonce as `<meta>` element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:32:44 +07:00
Ferdinand Thiessen 009761be58
test: Adjust tests for CSP nonce 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:06:32 +07:00
Ferdinand Thiessen 0563757ea4 fix(SetupCheck): Properly check public access to data directory 
When checking for public (web) access to the data directory the status is not enough
as you might have a webserver that forwards to e.g. a login page.
So instead check that the content of the file matches.

For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content
to allow checking.

¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-08 22:08:42 +07:00
Christoph Wurst 2b38d6ae7e
fix(session): Log when session_* calls are slow 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-08-07 09:02:10 +07:00
skjnldsv db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +07:00
Jérôme Herbinet c221090c86 fix: unify bundle naming 
Signed-off-by: Jérôme Herbinet <33763786+Jerome-Herbinet@users.noreply.github.com>
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-08-06 11:14:07 +07:00
Robin Appelman 9af6184af6 chore: delete repair step for 8y old oc_mounts issue 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-02 17:21:54 +07:00
Julius Härtl a6d421e767
chore: Remove deprecated legacy search backend 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-08-01 12:33:18 +07:00
Stephan Orbaugh 18c0bcb2da
Merge pull request #46476 from nextcloud/enh/noid/migration-attributes 
Migration Attributes
 2024-07-30 15:54:56 +07:00
Joas Schilling 710a69b4b5
feat(log): Allow to combine log.conditions to only log (app&user) 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-07-30 13:18:09 +07:00
Ferdinand Thiessen 21f558b12b
Merge pull request #46379 from nextcloud/fix/folder-search-owner 
fix: `OCP\Files\Node\Folder::search` was not setting the owner
 2024-07-30 13:04:15 +07:00
Maxence Lange ad490c963b feat(migration-attributes): tests 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-07-29 12:44:52 +07:00
provokateurin 9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 17:31:49 +07:00
Marcel Klehr 799ee8fd51
feat(TaskProcessing): Implement enums and default values 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-25 10:10:31 +07:00
Ferdinand Thiessen 57ed738af2
Merge pull request #46644 from nextcloud/cast-bigint 
fix: cast to bigint on postgresql
 2024-07-24 20:39:04 +07:00
Louis 7266a9ef33
Merge pull request #46418 from nextcloud/artonge/feat/user_admin_delegation 
feat(users): Add users and group management to admin delegation
 2024-07-24 11:15:54 +07:00
SebastianKrupinski fc0b694d37 feat: mail provider backend 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-07-23 16:20:36 +07:00
Robin Appelman 16c184e2cb
fix: cast to bigint on postgresql 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-07-23 14:41:13 +07:00
Louis Chemineau dff8815449
feat(users): Add support for admin delegation for users and groups management 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-07-22 17:17:35 +07:00
Julien Veyssier fffc784769
feat(taskprocessing): add support for webhooks (http or AppAPI) in the task processing API 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-07-22 11:34:29 +07:00
Stephan Orbaugh 9ed2d3e495
Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidator 
refactor: Migrate some legacy and core functions to `IFilenameValidator`
 2024-07-22 10:40:50 +07:00
Andy Scherzinger c2a571e435
Merge pull request #46473 from nextcloud/feat/restrict_admin_to_ips 
feat(security): restrict admin actions to IP ranges
 2024-07-22 10:10:42 +07:00
Ferdinand Thiessen 9716b0d735 refactor: Migrate some legacy and core functions to `IFilenameValidator` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-19 19:41:46 +07:00
Joas Schilling 7395211c1a
Merge pull request #46605 from nextcloud/bugfix/noid/test-more-oracle-versions 
fix(deps): Deprecate functionality deprecated by doctrine and test on more oracle versions
 2024-07-19 16:40:49 +07:00
Joas Schilling 047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +07:00
Benjamin Gaussorgues 202e5b1e95
feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +07:00
Marcel Klehr a3c3eab09c
Merge pull request #46368 from nextcloud/fix/task-processing 
TaskProcessing follow-up
 2024-07-19 12:38:30 +07:00
Joas Schilling f6238d35bd
fix(test): Make the test less flaky 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-07-19 11:21:16 +07:00
Joas Schilling eeb6ddb176
fix(db): Deprecate `IExpressionBuilder::or()` and `IExpressionBuilder::and()` without parameters 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-07-19 11:21:16 +07:00
Joas Schilling 829f2b9bc7
fix(db): Promote the use of `getDatabaseProvider` to reduce the impage of removed upstream platforms 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-07-19 11:21:14 +07:00
Joas Schilling a4c1d7291f
fix(db): Use `createSchemaManager()` method as `getSchemaManager()` is deprecated 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-07-19 11:21:11 +07:00
Robin Appelman 64ca4b832d
Merge pull request #46583 from nextcloud/filecache-sharding-compat 
Make filecache queries compatible with sharding
 2024-07-19 09:49:45 +07:00
provokateurin e5dcdfb9e0
feat(Security): Warn about using annotations instead of attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-18 11:25:32 +07:00
Robin Appelman c5b687271b
fix: make batch propagator work with sharding restrictions 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-07-17 19:16:07 +07:00
Robin Appelman 0931492ff0
fix: make usermountcache compatible with sharding 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-07-17 19:16:05 +07:00
Richard Steinmetz 718ef5dea5
Merge pull request #46510 from nextcloud/feat/info-xml-backends 
feat: hide caldav server settings if no app uses the caldav backend
 2024-07-17 18:57:08 +07:00
Julien Veyssier d37dd4b9a9
feat(settings/admin/ai): fix tests 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-07-17 15:24:19 +07:00
Marcel Klehr 969cc52851 fix(TaskProcessing): Run cs:fix 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Marcel Klehr 61ebfad724 fix(TaskProcessing): fix tests 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Marcel Klehr f1bb43dd55 test(TaskProcessing): Add test for setTaskResult with fileIds 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Joas Schilling 05888991d7
Merge pull request #46419 from nextcloud/bugfix/noid/limit-logo-size-for-outlook 
fix(mail): Fix big logos in mail templates for Outlook
 2024-07-17 11:54:47 +07:00
Joas Schilling 693a81bfa3
fix(mail): Fix big logos in mail templates for Outlook 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-07-17 09:24:55 +07:00
Ferdinand Thiessen 1b41e8f566
Merge pull request #46538 from nextcloud/fix/use-filename-validator 
refactor: Migrate filename validation from `Storage` and `Util` to `FilenameValidator`
 2024-07-16 17:42:40 +07:00
Robin Appelman decae5a45a
Merge pull request #46547 from nextcloud/query-builder-connection 
feat: allow running QueryBuilder queries on different connections
 2024-07-16 17:38:28 +07:00
Ferdinand Thiessen 322b3946d9
fix(dav): Verify target path in `setName` instead of source path 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-16 12:57:11 +07:00
Ferdinand Thiessen f4ede27cdb
refactor: Remove deprecated `Util` function for filename validation to `FilenameValidator` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-16 12:49:10 +07:00
Ferdinand Thiessen 69341e4306
refactor: Migrate filename validation logic from `Storage` to `FilenameValidator` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-16 12:49:09 +07:00
Richard Steinmetz e42bceac9f
feat: hide caldav server settings if no app uses the caldav backend 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2024-07-16 09:18:33 +07:00
Robin Appelman 9de6190ec4
feat: allow running QueryBuilder queries on different connections 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-07-15 22:41:04 +07:00
Ferdinand Thiessen bdbeabafa7
feat: Add `forbidden_filename_basenames` config option 
This allows to configure forbidden filenames (the full filename like `.htaccess`)
and also forbidden basenames like `com0` where `com0`, `com0.txt` and `com0.tar.gz` will match.
We need this as only using basenames was too restrictive and will cause problems on some systems when updating.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-15 19:39:18 +07:00