cb252c5591
Add Transactional trait for atomic DB operations
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-02-17 09:58:41 +07:00
e485451eed
Add test
...
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2022-02-11 23:34:25 +07:00
c712987878
send request id in response header
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-02-01 14:24:01 +07:00
6312c0df69
Check style update
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-01-13 00:19:07 +07:00
3a1b3745eb
Fix DateTime constructor calls with null
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2021-11-23 09:28:58 +07:00
6958d8005a
Add admin privilege delegation for admin settings
...
This makes it possible for selected groups to access some settings
pages.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2021-09-29 21:43:31 +07:00
6d5cfe0c66
Move DateTime::RFC2822 to DateTimeInterface::2822
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-06-23 15:30:43 +07:00
770881d5d6
Move DateTime::ATOM to DateTimeInterface::ATOM
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-06-23 15:28:07 +07:00
181aab416a
Fix warnings about logException
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-06-04 10:57:09 +07:00
377514aad1
Escape filename in Content-Disposition
...
We should escape all occurences of ' and \ in here.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-06-02 19:22:17 +07:00
b6c6527705
Fix unauthorized OCS status in provisioning
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-05-12 08:16:07 +07:00
99f0b10421
Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger
...
Less ILogger
2021-04-27 15:38:12 +07:00
df47445c01
Fix unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 14:34:32 +07:00
174f4dd043
Fix ratelimit template
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 13:55:34 +07:00
30e096f3f5
Allow overwriting isAuthenticated
...
* Some implementations might check for different things
* IT will not change how the current ones work
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-03-09 09:17:30 +07:00
cc744740b7
Remove deprecated \OCP\API
...
Time to remove this forgood now.
Remaining constant moved over
The world is a tiny bit better
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-03-03 20:54:32 +07:00
8b64e92b92
Bump doctrine/dbal from 2.12.0 to 3.0.0
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-01-08 11:45:19 +07:00
48679ae39f
Make sure we just check for the keys
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-07 15:44:03 +07:00
9163790b7c
Set frame-ancestors to none if none are filled
...
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-18 10:13:36 +07:00
f03bb4716b
Remove OCSResponse type hint - see #23827
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-03 10:43:32 +07:00
fa6a790859
Remove deprecated OCSResponse
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-01 14:12:27 +07:00
91d445909a
Fix code style
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-10-12 14:54:51 +07:00
6a1f8fb3be
Fix typo 'shared'
2020-10-12 14:19:41 +07:00
d9015a8c94
Format code to a single space around binary operators
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +07:00
95a301ea57
Fix tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-02 10:37:18 +07:00
a9f22ac7b1
More test fixing
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 12:40:25 +07:00
234b510652
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-12 13:55:19 +07:00
0123cd0ae3
Use assertStringContainsString instead of assertContains on strings
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-23 17:11:29 +07:00
91e7f12088
Adjust apps' code to use the ContainerInterface
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-21 20:43:18 +07:00
7d7ba61625
Add real events to load additionalscripts
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-15 14:07:18 +07:00
81e5593133
Move to lazy panel registration during registration context
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-07-15 09:27:57 +07:00
f03f88b437
Delegate bootstrap registration lazily
...
* Keep the registration context
* Expose the context object for other components
* Ensure registration is only run once
Search providers are migrated for demonstration.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-14 15:33:32 +07:00
3f447b9c8c
Fix supporting defaults for routes
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-08 19:52:45 +07:00
edc1c77dd9
Do not create a RouteActionHandler object for each route
...
This is not required and doesn't allow us to be properly lazy. On top of
it this doesnt allow us to cache the routes (since closures/objects
can't be cached).
This is the first small step into cleaning up the routing we have
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-07 12:33:22 +07:00
e70249e089
Update SecurityMiddleware.php
...
OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header.
in other areas OC::$WEBROOT is always used together with an /
2020-07-06 21:34:46 +07:00
4a3ea04baa
Callable parameter injection
...
This is like what we have to DI and classes, but for callables.
The motivating factor is to get rid of *service locators* in the `boot`
method of apps as a new pattern is about to emerge where we have lots of
`query` calls on the app or server container in order to fetch some
services.
With this little helper it's possible to call another (public) method
and magically have everything injected.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-03 14:37:46 +07:00
74a9cadc50
Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-02 11:13:13 +07:00
b7060be18d
Fix robots "noindex, nofollow" signals
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-25 08:29:43 +07:00
4488e846a5
Add unified search API
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-24 14:20:25 +07:00
859941db32
Merge pull request #21479 from nextcloud/fix/21474/allow_specifying_cookie_type
...
Allow to specify the cookie type for appframework responses
2020-06-22 13:00:12 +07:00
fbf9772a3e
Allow to specify the cookie type for appframework responses
...
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-06-22 08:38:44 +07:00
c006b5ff2a
Fix unit test of the ResponseTest
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-06-21 09:44:56 +07:00
2b7b7144d4
Allow crash reporters registration during app bootstrap
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-19 10:38:26 +07:00
69571fb536
Add dedicated API for apps' bootstrapping process
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 09:22:21 +07:00
7c15c63b05
Merge pull request #20939 from nextcloud/enh/middleware/not_modified
...
Move not modified check to the middleware
2020-05-13 09:04:56 +07:00
4fbea316a7
Merge pull request #20897 from nextcloud/bugfix/httpcache
...
Proxy server could cache http response when it is not private
2020-05-13 08:27:05 +07:00
12fa748c49
Move the notmodified check to middleware where it belongs
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-13 08:11:24 +07:00
979dd1b6f5
Fix http cache test
...
Signed-off-by: Clement Wong <git@clement.hk>
2020-05-12 11:50:48 +07:00
203d7eb1d3
Add AppFramework GZip middleware to gzip responses
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-12 09:09:48 +07:00
c870b6ab2e
Fix new routing in settings etc
...
Also prefix resources
Unify the prefix handling
Handle urls with and without slash
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-22 13:09:25 +07:00
250467e842
Extend tests for root url
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-04-18 11:21:28 +07:00
1584c9ae9c
Add visibility to all methods and position of static keyword
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:51:06 +07:00
caff1023ea
Format control structures, classes, methods and function
...
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +07:00
14c996d982
Use elseif instead of else if
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +07:00
44577e4345
Remove trailing and in between spaces
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:07:47 +07:00
afbd9c4e6e
Unify function spacing to PSR2 recommendation
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +07:00
2a529e453a
Use a blank line after the opening tag
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:50:14 +07:00
41b5e5923a
Use exactly one empty line after the namespace declaration
...
For PSR2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:48:10 +07:00
2fbad1ed72
Fix (array) indent style to always use one tab
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +07:00
85e369cddb
Fix multiline comments
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +07:00
463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports
...
Remove unused imports
2020-03-27 17:14:08 +07:00
b80ebc9674
Use the short array syntax, everywhere
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +07:00
2ee65f177e
Use the shorter phpunit syntax for mocked return values
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:21:27 +07:00
74936c49ea
Remove unused imports
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +07:00
7af3bcb4bc
Add test to trigger "Trying to access array offset on value of type int"
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-01-23 10:18:14 +07:00
8331d8296b
Make getServerHost more robust to faulty user input
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-01-16 11:26:29 +07:00
d393b1612b
Modify regex to match some other chromium browsers
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-27 17:24:52 +07:00
3a7cf40aaa
Mode to modern phpunit
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 15:27:18 +07:00
c007ca624f
Make phpunit8 compatible
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +07:00
b607e3e6f4
Merge pull request #17948 from nextcloud/enh/check-if-property-is-bool
...
Make isXXX available for bool properties only
2019-11-26 12:25:36 +07:00
68748d4f85
Some php-cs fixes
...
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +07:00
a27c10daa6
Make isXXX available for bool properties only
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-11-16 00:39:48 +07:00
de6940352a
Move settings to an app
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2019-09-28 09:39:28 +07:00
3f12ec95f0
SessionMiddleware: declare session property
...
* Remove request since we don't useit
* Update tests as well
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-28 13:02:29 +07:00
f81817b47d
Add tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 19:40:13 +07:00
b8c5008acf
Add feature policy header
...
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +07:00
cf647451e5
Update CSP test cases to handle the new form-action
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +07:00
37a4282c7a
Split up security middleware
...
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.
I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +07:00
b0c2042a28
Merge pull request #15714 from nextcloud/fix/204_304_rfc
...
Check the actual status code for 204 and 304
2019-05-24 19:51:01 +07:00
b0c030cbb5
Check the actual status code for 204 and 304
...
The header is the full http header like: HTTP/1.1 304 Not Modified
So comparing this to an int always yields false
This also makes the 304 RFC compliant as the resulting content length
should otherwise be the length of the message and not 0.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-05-24 15:18:32 +07:00
22ae682823
Make it possible to show admin settings for sub admins
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-23 20:31:40 +07:00
7276735eb4
Set empty CSP by default
...
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-04-16 14:09:39 +07:00
5aeb8eac2b
[ #11236 ] Set parameter type in QBMapper
...
Signed-off-by: Marius David Wieschollek <git.public@mdns.eu>
2019-03-24 22:43:45 +07:00
b68567e9ba
Add StandaloneTemplateResponse
...
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-06 11:26:18 +07:00
d88604015a
No need to emit additonalscript event on public pages
...
There already is a separate event for this. This will make it possible
to only inject code with the logged in one on default rendered pages.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-05 20:59:36 +07:00
d182037bce
Emit to load additionalscripts
...
Fixes #13662
This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.
This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-31 12:11:40 +07:00
f8b74cf0a5
Allow resources via OCS as well
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-01-22 14:18:58 +07:00
ad676c0102
Set default frame-ancestors to 'self'
...
For #13042
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-08 15:36:40 +07:00
64244e1a4f
CSP: Allow fonts to be provided in data
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-07 15:07:06 +07:00
54ff913de6
Cleanup middleware registering
...
Fixes #12224
Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-03 11:50:01 +07:00
514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-17 15:54:45 +07:00
0e5147f001
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +07:00
401ca28f07
Adding handling of CIDR notation to trusted_proxies for IPv4
...
Signed-off-by: Oliver Wegner <void1976@gmail.com>
2018-10-30 09:15:42 +07:00
579822b6a5
Add report-uri to CSP
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 13:38:32 +07:00
5b61ef9213
Disallow unsafe-eval by default
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-14 20:45:34 +07:00
8c1e75e052
Do not use file as template parameter
...
Using file will overwrite the $file parameter in the template base.
Leading to trying to include a file that is the exception message. Which
will of course fail.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-08-09 16:45:25 +07:00
5455045a9b
Fix direct access to authen page
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:57:13 +07:00
1bb8bc8ff9
Add AuthPublicShareControllerTest
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:38 +07:00
61e445da88
Add PublicShareControllerTests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:38 +07:00
e7338173e8
Add PublicShareMiddlewareTest
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +07:00
Christoph Wurst
Christopher Ng
Robin Appelman
Carl Schwan
Côme Chilliet
Joas Schilling
Lukas Reschke
Christoph Wurst
Roeland Jago Douma
Morris Jobke
Robin Windey
Julius Härtl
Holger Hees
blizzz
Roeland Jago Douma
Clement Wong
Daniel Kesselberg
Marius David Wieschollek
Oliver Wegner