Commit Graph

11045 Commits

Author SHA1 Message Date
Julius Härtl e2fffcda44 Fail when creating new files with an empty path
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-04-28 10:06:03 +00:00
Joas Schilling ab595274c0 Do not allow to overwrite some variables
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 13:40:14 +00:00
Joas Schilling 6a8d6beb57 Fix ratelimit template
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 13:40:12 +00:00
Roeland Jago Douma 4082318616
Merge pull request #26760 from nextcloud/backport/26259/stable21
[stable21] Validate the website field input to be a valid URL
2021-04-26 20:42:06 +02:00
Roeland Jago Douma e075f80f41
Merge pull request #26759 from nextcloud/backport/26747/stable21
[stable21] Fix installer deprecation warnings for PHP 8
2021-04-26 20:41:49 +02:00
Joas Schilling d1756dde20 Log deprecation only as debug
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-26 15:12:50 +00:00
Joas Schilling 6ed9bb36ac Respect the error level when logging
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-26 15:12:50 +00:00
Joas Schilling 2c1218826d Validate the website field input to be a valid URL
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-26 11:58:56 +00:00
acsfer 63fa7d9354 PHP 8+ deprecates openssl_free_key 2021-04-26 10:46:44 +00:00
acsfer c12be83a0b Only use libxml_disable_entity_loader on PHP<8 2021-04-26 10:46:44 +00:00
Maxence Lange 35204381bb private cannot be final
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2021-04-26 07:06:08 +00:00
Roeland Jago Douma 97e5fe43df Explicitly check hex2bin input
For #23197

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-04-22 11:31:39 +00:00
Roeland Jago Douma f915efc859
Merge pull request #26639 from nextcloud/backport/26551/stable21
[stable21] ensure redis returns bool for hasKey
2021-04-20 10:33:18 +02:00
Arthur Schiwon 92e1606c18
ensure redis returns bool for hasKey
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-04-19 23:40:47 +02:00
Vincent Petry fe0f1c792c
Fix empty password check for mail shares
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-04-19 15:44:26 +02:00
Lukas Reschke ad91f39c46 Limit size of properties to 2048 characters
It is unreasonable to expect that one of these fields would be longer
than 2048 characters. Whilst some have definitely lower limits (such as
for phone numbers or domain names), a upper bound as sanity check makes
sense.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-12 16:37:04 +00:00
Lukas Reschke b5838c5248 Increase subnet matcher
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-12 10:36:25 +00:00
Lukas Reschke d66e86c56c
Merge pull request #26400 from nextcloud/backport/26061/stable21
[stable21] Log and continue when failing to update encryption keys during for individual files
2021-04-06 13:43:34 +02:00
John Molakvoæ b59cf16325
Merge pull request #26406 from nextcloud/backport/26396/stable21 2021-04-02 16:59:51 +02:00
Julius Härtl dc8e819915 Properly handle creating the template directory in a subfolder (fixes #25787)
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-04-01 13:31:55 +00:00
Julius Härtl 89a19a338e Get the parent directory before creating a file from a template
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-04-01 13:31:55 +00:00
Robin Appelman 40507ca543
make ILDAPProviderFactory usable when there is no ldap setup
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-04-01 13:08:23 +02:00
Vincent Petry 6ac708c99a Fix phpcs issues in encryption update
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-04-01 07:56:41 +00:00
Julius Härtl d6bad03a5c Log and continue when failing to update encryption keys during for individual files
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-04-01 07:56:41 +00:00
Joas Schilling 0c348863e7 Allow apps to write/update account data
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-01 06:07:47 +00:00
kesselb 618a48487f
Merge pull request #26377 from nextcloud/backport/25500/stable21
[stable21] fix(translation): replace static error message
2021-03-31 10:07:58 +02:00
Julius Härtl 00daf58da8
Merge pull request #26376 from nextcloud/backport/25804/stable21
[stable21] Do not attempt to read 0 bytes when manually iterating over a non-seekable file
2021-03-31 09:44:47 +02:00
Christoph Wurst 0432b32535
Merge pull request #26379 from nextcloud/backport/25924/stable21
[stable21] Only mark migrations as installed after execution
2021-03-31 07:43:32 +02:00
Arthur Schiwon caec3a8cee gracefully handle deleteFromSelf when share is already gone
- handling race conditions

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-03-30 20:26:29 +00:00
Joas Schilling e3927afe19 Only mark migrations as installed after execution
The problem is that if a developer creates a structural error in their migration file,
they will already be marked as executed and an not be rerun.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-30 19:51:12 +00:00
Samuel 3073732002 revert(comment)
Signed-off-by: Samuel <faust64@gmail.com>
2021-03-30 19:26:04 +00:00
Samuel c49cff453c revert(exception): keep throwing an exception for now
Signed-off-by: Samuel <faust64@gmail.com>
2021-03-30 19:26:04 +00:00
Samuel 22ddcfa740 fix(translation): replace static error message
as suggested by @kesselb in nextcloud/server#25490

Signed-off-by: Samuel <faust64@gmail.com>
2021-03-30 19:26:04 +00:00
Julius Härtl fc2e09b667 Properly end iterating over the file once the target has been reached
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-03-30 19:22:47 +00:00
Vincent Petry ec492eadfa Add known user check in avatar when v2-private scope
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-29 07:03:37 +00:00
Vincent Petry ab22999eb9 Added PlaceholderAvatar with own cached images
When avatar scope is private, the PlaceholderAvatar is used to deliver a
placeholder avatar based on the user's initials.

This was implemented as a separate class for now to avoid messing with
the existing UserAvatar implementation and its generated vs
non-generated logic.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-29 07:03:36 +00:00
Vincent Petry 73ec32d19b Add property scope tests for AccountManager
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-29 07:03:35 +00:00
Vincent Petry b9d59e2994 OCS allow reading and writing account property scopes
Extends the provisioning API to allow a user to get and set their own
account property scopes.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-29 07:03:32 +00:00
Vincent Petry 5d76574a81 Map old account scope properties to new names
Use new scope values in settings page.
Adjust all consumers to use the new constants.
Map old scope values to new ones in account property getter.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-29 07:03:31 +00:00
Vincent Petry f45f826b52 Add new v2-private account scope
Added new v2-private account manager scope that restricts the scope
further by excluding public link access.

Avatars with v2-private account scope are now showing the guest avatar
instead of the real avatar.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-29 07:03:31 +00:00
Roeland Jago Douma d65ce19f6e
Merge pull request #26291 from nextcloud/backport/21484/stable21
[stable21] show better error messages when a file with a forbidden path is encountered
2021-03-26 10:44:43 +01:00
Morris Jobke cf8be87e47 Log when a storage is marked as unavailable
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2021-03-25 16:10:28 +00:00
Robin Appelman fdf7eb10a2 show better error messages when a file with a forbidden path is encountered
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-25 10:56:59 +00:00
Morris Jobke ffb7c51ca6
Merge pull request #26257 from nextcloud/backport/26198/stable21
[stable21] Handle limit offset and sorting in files search
2021-03-24 17:32:36 +01:00
John Molakvoæ (skjnldsv) e9fafce71b Catch invalid cache source storage path
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-03-24 11:03:30 +00:00
Robin Appelman 5a1ae2c3c0 use node search api for legacy file search endpoint
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-23 13:41:22 +00:00
Robin Appelman d4381c0eac handle ordering in folder search
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-23 13:41:18 +00:00
Robin Appelman 8551ee079d folder filtering in sql
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-23 13:41:16 +00:00
Robin Appelman 277c0039f6 cleanup fileinfo creation
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-23 13:41:13 +00:00
Robin Appelman c8679885f6 format
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-23 13:41:12 +00:00