Despite it's PHPDoc the function might return `null` which was not properly catched and thus in some situations the share was resolved to the sharing users root directory.
To test this perform the following steps:
* Share file in owncloud 7 (7.0.4.2)
* Delete the parent folder of the shared file
* The share stays is in the DB and the share via the sharelink is inaccessible. (which is good)
* Upgrade to owncloud 8 (8.0.2) (This step is crucial. The bug is not reproduceable without upgrading from 7 to 8. It seems like the old tokens are handled different than the newer ones)
* Optional Step: Logout, Reset Browser Session, etc.
* Access the share via the old share url: almost empty page, but there is a dowload button which adds a "/download" to the URL.
* Upon clicking, a download.zip is downloaded which contains EVERYTHING from the owncloud directory (of the user who shared the file)
* No exception is thrown and no error is logged.
This will add a check whether the share is a valid one and also adds unit tests to prevent further regressions in the future. Needs to be backported to ownCloud 8.
Adding a proper clean-up of the orphaned shares is out-of-scope and would probably require some kind of FK or so.
Fixes https://github.com/owncloud/core/issues/15097
This speeds up all pages that don't use the navigation by 0.04sec per app,
because we don't need to create the routing anymore, unless we really need to.
Replaces the OC_Mail and phpmailer with SwiftMail allowing us to mock it properly.
Fixes the unit test execution on master on local machines and https://github.com/owncloud/core/issues/12014
Conflicts:
3rdparty
lib/private/server.php
lib/public/iservercontainer.php
tests/lib/mail.php
tests/settings/controller/mailsettingscontrollertest.php
Conflicts:
3rdparty
lib/private/mail.php
lib/private/server.php
lib/public/iservercontainer.php
settings/ajax/lostpassword.php
settings/application.php
* Original avatarcontroller migrated to the appframework
* Added DataDisplayResponse that show data inline in the browser (used
to retrun the image)
* Removed some unneeded code
* Added unit tests for the avatarcontroller
This is required when working with stuff such as PDF.js in the files_pdfviewer application. Opt-in only.
Master change only because the stable CSP policies has a failback that allows nearly anything 🙈