dependabot-preview[bot]
eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
...
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard ) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases )
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-02-18 13:31:24 +01:00
Christoph Wurst
9ce3ea3368
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-30 14:07:05 +01:00
Roeland Jago Douma
adc4f1a811
Merge pull request #22916 from J0WI/unifiy-links-to-php.net
...
Unify links to php.net
2020-12-22 09:53:31 +01:00
Julius Härtl
fbbb48fcc2
Merge pull request #24730 from J0WI/fix-trusted-ipv6
...
Fix IPv6 localhost regex
2020-12-21 09:59:31 +01:00
Christoph Wurst
d89a75be0b
Update all license headers for Nextcloud 21
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-16 18:48:22 +01:00
J0WI
331f30f085
Fix IPv6 localhost regex
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2020-12-16 14:37:56 +01:00
Daniel Kesselberg
8ebd31d686
Make $vars and $secureRandom required.
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-12-10 17:06:32 +01:00
Christoph Wurst
d9015a8c94
Format code to a single space around binary operators
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +02:00
J0WI
68ce17e59b
Unify links to php.net
...
Update all links to https://www.php.net/
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2020-09-17 17:40:04 +02:00
Christoph Wurst
2a054e6c04
Update the license headers for Nextcloud 20
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-08-24 14:54:25 +02:00
Georg Ehrke
3bdfb380fc
Fix PHPDoc of IRequest::getHeader
...
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2020-07-14 14:20:43 +02:00
Joas Schilling
74a9cadc50
Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-02 11:13:13 +02:00
Christoph Wurst
cb057829f7
Update license headers for 19
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-29 11:57:22 +02:00
Christoph Wurst
734c62bee0
Format code according to PSR2
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:56:50 +02:00
Christoph Wurst
28f8eb5dba
Add visibility to all constants
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
Christoph Wurst
caff1023ea
Format control structures, classes, methods and function
...
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst
14c996d982
Use elseif instead of else if
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
Christoph Wurst
3a415e4139
Remove space between switch case and colon
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:17:53 +02:00
Christoph Wurst
85e369cddb
Fix multiline comments
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +02:00
Daniel Kesselberg
8331d8296b
Make getServerHost more robust to faulty user input
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-01-16 11:26:29 +01:00
Daniel Kesselberg
d393b1612b
Modify regex to match some other chromium browsers
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-27 17:24:52 +01:00
Christoph Wurst
5bf3d1bb38
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Julius Härtl
a055d8ddf9
Always return overwritehost if configured
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-28 15:02:33 +01:00
Daniel Kesselberg
fdf4e1ebb2
Remove duplicate code
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-08 00:46:50 +02:00
b108@volgograd
bf167ad3ac
Remove duplicate functionality
...
This functionality implemented in the next line:
$requestUri = preg_replace('%/{2,}%', '/', $requestUri);
2019-01-20 13:29:58 +04:00
Roeland Jago Douma
514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-17 15:54:45 +01:00
Morris Jobke
dccfe4bf84
Merge pull request #12036 from olivermg/master
...
Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
2018-10-30 10:49:08 +01:00
Oliver Wegner
401ca28f07
Adding handling of CIDR notation to trusted_proxies for IPv4
...
Signed-off-by: Oliver Wegner <void1976@gmail.com>
2018-10-30 09:15:42 +01:00
Daniel Kesselberg
986f4df2a5
Add REMOTE_ADDR to getHeader
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-25 22:26:49 +02:00
Robin Appelman
c0a283fefb
ensure we always return an array from `Request::getParams`
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-08-28 18:11:42 +02:00
Roeland Jago Douma
043a824e6a
Fix comments
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Roeland Jago Douma
0ee45d3d20
Fix proper types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Roeland Jago Douma
a229095af1
Make Request strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Morris Jobke
4ef302c0be
Request->getHeader() should always return a string
...
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.
Found while enabling the strict_typing for lib/private for the PHP7+ migration.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-17 09:51:31 +01:00
Roeland Jago Douma
ca70694502
Also check for empty content lenth
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 21:48:59 +01:00
Morris Jobke
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Roeland Jago Douma
c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-24 21:07:16 +02:00
Roeland Jago Douma
9717cdfb9e
If there is no content don't error
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:51:13 +02:00
Roeland Jago Douma
ede15f0988
Fix L10N::t
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
coderkun
bdc7bb1f26
Add IPv6 to “localhost” regex ( #440 )
...
Signed-off-by: Oliver Hanraths <olli@coderkun.de>
2017-05-14 21:29:03 +02:00
Joas Schilling
695696a4a6
Use constants
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:04:32 -05:00
Juan Pablo Villafáñez
38e5135cb9
Reorder the entries of the log for easier reading
2017-04-12 13:03:19 +02:00
Roeland Jago Douma
2a9192334e
Don't try to parse empty body if there is no body
...
Fixes #3890
If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.
See RFC 2616 Section 4.3
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 08:22:33 +02:00
Roeland Jago Douma
8626ccab1c
dont require strict same site cookies for ocs requests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-09 16:48:48 +01:00
Joas Schilling
33fb86f68b
Fix detection of the new iOS app
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 10:10:21 +01:00
Christoph Wurst
5e728d0eda
oc_token should be nc_token
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-02-02 21:56:44 +01:00
Lukas Reschke
a05b8b7953
Harden cookies more appropriate
...
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.
See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.
Fixes https://github.com/nextcloud/server/issues/1412
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
Joas Schilling
c20ab0049f
Identify Chromium as Chrome
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-26 12:07:10 +02:00
Joas Schilling
f9cea0b582
Merge pull request #797 from nextcloud/only-match-for-auth-cookie
...
Match only for actual session cookie
2016-08-31 15:59:16 +02:00
Lukas Reschke
d50e7ee36c
Remove reading PATH_INFO from server variable
...
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.
Fixes https://github.com/nextcloud/server/issues/983
2016-08-19 14:48:13 +02:00