918859cafd
allow to specify upgrade.cli-upgrade-link in order to link to the correct documentation
...
Signed-off-by: Simon L <szaimen@e.mail.de>
2023-06-10 10:05:36 +07:00
d293293cda
Fixed bug which 'overwritewebroot' does not work with 'overwritecondaddr'.
...
Signed-off-by: Takahiro Nagai <78393959+takahiro-blab@users.noreply.github.com>
Signed-off-by: Simon L <szaimen@e.mail.de>
2023-05-16 11:39:39 +07:00
84b88c01c7
adjust wording
...
Signed-off-by: Simon L <szaimen@e.mail.de>
2023-05-09 11:19:48 +07:00
6e5a307757
adjust wording for update hint when files of a specific app are not there
...
Signed-off-by: Simon L <szaimen@e.mail.de>
2023-05-09 10:56:02 +07:00
bb4b34ff69
Read mtime of version.php only once
...
- in most cases it would read again in \OC_Util::loadVersion anyway
- remove some unused use statements
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2023-04-21 14:10:47 +07:00
7519949f37
add the server roots and version info hash to apcu prefix
...
fixes collissions when more than one instance is running on the same
system
For the memcaches we use a more complex prefix, where version and
instance ID are incorporated. We do not have this data at hand at this
point of time. But we can get the mtime of the version.php file
relatively cheap.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2023-04-21 14:10:46 +07:00
b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls
...
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2023-04-20 16:52:38 +07:00
a06898a2d0
fix(security)!: Use consistent HTTP status for strict cookie checks
...
Before: 503/412
Now: 412 + json body explaining the error
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-04-17 16:06:37 +07:00
fc29b0d1b7
app type extended_authentication
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2023-04-12 09:34:49 +07:00
426c0341ff
Use typed version of IConfig::getSystemValue as much as possible
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-05 12:50:08 +07:00
c3a39cbc75
Merge pull request #37305 from nextcloud/fix/security/log-failing-strict-cookie-check
...
fix(security): Log failing strict cookie check
2023-03-21 19:05:39 +07:00
705165d3d1
fix(session): Fix DAVx5 sync problems by partial reverting session changes
...
Temporary disabled the short cut again to solve issues with CalDAV/CardDAV
clients like DAVx5 that use cookies and need a session. See
https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147
and the other comments for further information.
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-03-20 16:30:42 +07:00
0e6fccf9e1
fix(security): Log failing strict cookie check
...
The error is silent otherwise and makes it very hard to debug on a
production system.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-03-20 16:26:41 +07:00
bbc6eee803
fix: Avoid log spam on 404 routes not using GET
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-03-03 09:40:43 +07:00
98ed72b3ed
Revert "fix(performance): Do not set up filesystem on every call"
2023-02-21 07:36:43 +07:00
5d4efb4d5f
Do not set up filesystem on every call
...
Also remove old Oc_FileChunking logis that produced GC- collectable chunks
Signed-off-by: Anna Larch <anna@nextcloud.com>
2023-02-17 19:18:37 +07:00
6431c5a559
extend the reference API for the new link picker
...
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2023-01-27 11:10:55 +07:00
842f4d530f
fix(session): Always setup the session if a session cookie is passed
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-22 11:33:23 +07:00
6abb37317f
Do not setup a session when not required on WebDAV requests
...
If basic auth is used on WebDAV endpoints, we will not setup a session
by default but instead set a test cookie. Clients which handle session
cookies properly will send back the cookie then on the second request
and a session will be initialized which can be resued for
authentication.
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-21 21:17:16 +07:00
a529aa79d8
Strong type singletons from lib/base.php
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-12-19 09:10:41 +07:00
e1d324f7eb
Migrate lib/base.php to LoggerInterface
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-12-19 09:10:40 +07:00
26d75add8f
Put back cast to string now that timelimit is an int
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-12-19 09:10:40 +07:00
7372da6c6d
Fixing more psalm errors from lib/base.php
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-12-19 09:10:40 +07:00
444811b0fe
Use Server::get some more
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-12-19 09:10:40 +07:00
cf508c1e47
Use strict typing in base.php
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-12-19 09:10:40 +07:00
be4c061b75
Set apcu prefix for composer
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-07 22:32:06 +07:00
052dcdebe8
Refactor the ErrorHandler into a dynamic class
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-11-02 09:49:37 +07:00
11bedf1c3b
Use proper error pages instead of always redirecting
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-10-21 15:12:21 +07:00
f97f13b136
Merge pull request #33737 from andyxheli/patch-4
...
Makes untrusted domain error on info
2022-10-01 18:06:44 +07:00
9b7ef2962e
remove listeners to OC_Filesystem::(write|rename) old style hooks
...
- the events are not emitted anymore
- OC_Filesystem::isBlacklisted() is not called from anywhere else
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2022-09-26 21:07:08 +07:00
80f6a5834a
Refactor cache handling
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-08-31 16:24:35 +07:00
12c8123873
Makes untrusted domain error on info
...
Signed-off-by: Andy Xheli <axheli@axtsolutions.com>
Since e6d9ef2e38e6d9ef2e38https://github.com/nextcloud/server/issues/32599
This should fix.
https://github.com/nextcloud/server/issues/32599#event-7281164903
Signed-off-by: Andy Xheli <axheli@axtsolutions.com>
2022-08-29 13:27:12 +07:00
1b43fbe06c
Move setting of gc_maxlifetime to initSession
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-08-17 12:10:27 +07:00
9e1d431255
Add config option to disable strict session timeout to be able to use read_and_close
...
Fixed https://github.com/nextcloud/server/issues/29356
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-08-17 12:10:27 +07:00
9b4b72826a
Reopen sessions if we need to write to them instead of keeping them open
...
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-08-17 12:10:26 +07:00
d17e0699f3
Merge pull request #33173 from nextcloud/enhancement/maintenance-mode-http-header
...
Set special header for 503 maintenance mode
2022-08-10 09:16:02 +07:00
0ed987a8dd
Set special header for 503 maintenance mode
...
This removes ambiguity with a 503 returned by app code, web server or
similar. Front-end and clients can then handle this state accordingly.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-08-08 14:26:11 +07:00
a1149b0378
Do not redirect if requested CSS can not be found
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-08-08 14:09:58 +07:00
222a9523b5
Fix 404 handling of requested JSON/XML
...
If front-end or an application requests JSON/XML, there is no point in
redirecting to the default page if that response doesn't exist. In the
worst case that would just cause another request, therefore server load,
traffic and a response that is meaningless to the requester.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-07-08 19:14:05 +07:00
8e59d49701
Merge pull request #32435 from nextcloud/revert-32278-remove-default-php
...
Revert "Remove call to already default php.ini values"
2022-06-03 14:16:24 +07:00
e4378fd18c
Merge pull request #32349 from nextcloud/enh/projects-event
...
Add event to load additional scripts for projects
2022-05-27 18:36:40 +07:00
83f831c263
Merge pull request #32427 from nextcloud/boot-event-ordering
...
reorder startup events to fix overlapping
2022-05-17 11:55:00 +07:00
8ed92ad4f7
Merge pull request #32216 from SUNET/master
...
Respect user settings in php.ini if they are big enough
2022-05-17 10:14:56 +07:00
a6ca9d592d
Revert "Remove call to already default php.ini values"
2022-05-16 15:54:18 +07:00
a67bf03ac0
reorder startup events to fix overlapping
...
current the `request` and `runtime` events overlap with the `init` event which makes it hard to create usefull visualizations.
this reorders things a bit to remove an overlap
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-05-16 13:26:38 +07:00
0ace1831f4
Fix suggestions by @artonage
...
Signed-off-by: Micke Nordin <kano@sunet.se>
2022-05-16 10:15:45 +07:00
d3acf8203d
Properly import maintenance script
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-05-16 09:28:15 +07:00
9a6869943e
Introduce event for loading additional script on projects
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-05-12 10:50:13 +07:00
f110ff9f4d
Remove default values
...
These values are already the default on supported PHP versions.
I suggest to remove these calls.
2022-05-05 13:46:09 +07:00
30fe91a77f
Simpler version as proposed by @artonage
...
Co-authored-by: Louis <6653109+artonge@users.noreply.github.com>
Signed-off-by: Micke Nordin <kano@sunet.se>
2022-04-30 16:41:35 +07:00
Simon L
Arthur Schiwon
Côme Chilliet
Christoph Wurst
Maxence Lange
Côme Chilliet
Julius Härtl
Joas Schilling
Joas Schilling
Anna Larch
Julien Veyssier
Andy Xheli
Christoph Wurst
Carl Schwan
Robin Appelman
Louis
Micke Nordin
Git'Fellow
Mikael Nordin