Commit Graph

125 Commits

Author SHA1 Message Date
Pavel Krasikov 4c01326913 add docs for useJsNonce
Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
2020-03-15 17:02:11 +03:00
Joas Schilling 9c9f8fa5f7
Allow non integer ids in Entity Mapper
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-02-26 14:44:45 +01:00
TimObert 4c1834dace Fix requested changes
Signed-off-by: Tim Obert <tobert@w-commerce.de>
2020-02-14 14:16:31 +01:00
Tim Obert 058180d386 Change the route generation of AuthPublicShareController.php and adjust the routes for file sharing
Signed-off-by: Tim Obert <tobert@w-commerce.de>
2020-02-14 12:12:04 +01:00
Christoph Wurst 6127c288e8 Fix license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-01-13 14:23:49 +01:00
Daniel Calviño Sánchez 883a71ce8e Split the menu entry for external shares in two
The external shares entry showed a "button" that, when pressed, replaced
the button with the input to set the remote share address. The "button"
was actually a label for the input, so when the label was focused it
transferred the focus to the input and thus pressing enter or space did
not show the input. Moreover, inputs inside links are not valid HTML,
and once shown there was no way to hide the input again.

Due to all this, and for consistency with the direct link input, the
external share input was moved to a different menu item that is shown
and hidden when the button, which nows is also a real button, is
clicked.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-12-30 10:29:36 +01:00
Daniel Calviño Sánchez 33b2f4e295 Format HTML elements
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-12-30 10:29:36 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Roeland Jago Douma b607e3e6f4
Merge pull request #17948 from nextcloud/enh/check-if-property-is-bool
Make isXXX available for bool properties only
2019-11-26 12:25:36 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Daniel Kesselberg a27c10daa6
Make isXXX available for bool properties only
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-11-16 00:39:48 +01:00
Julius Härtl 3c09299346
Do not throw an exception for base App class
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-08 11:41:42 +01:00
Robin Appelman 5ca27085fc
mark getAppContainer as a valid way to construct app containers
this is triggerd (and not cought by the query arm) if an item from an app is queried before the app queries it's own Application instance

Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-04 19:40:08 +01:00
Roeland Jago Douma 380563fd53
Merge pull request #17562 from nextcloud/techdebt/17509/log-error-when-setting-up-application-incorrectly
Log an error in development cases when the application class was set …
2019-10-29 21:09:26 +01:00
Christoph Wurst ce9a434fb2
Add isXXX getter to Entity
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-10-22 14:54:21 +02:00
Joas Schilling aad535e3af
Log an error in development cases when the application class was set up incorrectly
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-10-16 12:17:09 +02:00
Roeland Jago Douma a85f2f4165
set default CSP on NotFoundResponse
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-09 22:37:12 +02:00
Roeland Jago Douma def82c5077
Remove reflect method form public interface
The reflect method is (and should) only every be called internally.
Since if you call it again it would otherwise start mixing and matching
arguments etc.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-30 13:28:18 +02:00
Roeland Jago Douma 35db32f504
Add deprecation warning
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-29 14:52:50 +02:00
Roeland Jago Douma c40fe8b819
Do not enforce the parent constructor of response to be called
If there is no policy set we just take the default empty ones.
That way no obscure errors get thrown if the constructor is not called.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-19 14:39:34 +02:00
Roeland Jago Douma c4cafae884
frame-src doesn't respect the nonce attribute
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-16 21:29:57 +02:00
Roeland Jago Douma b8c5008acf
Add feature policy header
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma f94ee72507
Add form-action CSP element
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Roeland Jago Douma cd243b0876
No need to have these classes we tighten the default CSP from time to
time

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 14:59:48 +02:00
Roeland Jago Douma 96e51b5f6f
Redirect to the right token on public shares
If the token doesn't match (or isn't set) during the redirect. We should
properly set it. Else we might redirect to a later auth display that set
these values.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-05-23 13:49:04 +02:00
Roeland Jago Douma 7276735eb4
Set empty CSP by default
For #14179

By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-04-16 14:09:39 +02:00
Marius David Wieschollek 5aeb8eac2b
[#11236] Set parameter type in QBMapper
Signed-off-by: Marius David Wieschollek <git.public@mdns.eu>
2019-03-24 22:43:45 +01:00
Roeland Jago Douma 4d8e1f6c67
CSP: set nonce for iframes
This for now uses the jsNonce. That way we can easily backport it.
For 17 I will fix it properly.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-03-16 20:20:03 +01:00
Joas Schilling c5ab74348c
Avoid duplicate App container creation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-05 17:55:35 +01:00
Joas Schilling 3203d3e806
Allow apps to redirect to the default app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-01 09:19:46 +01:00
Roeland Jago Douma b68567e9ba
Add StandaloneTemplateResponse
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-06 11:26:18 +01:00
Roeland Jago Douma d182037bce
Emit to load additionalscripts
Fixes #13662

This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.

This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-31 12:11:40 +01:00
Roeland Jago Douma ad676c0102
Set default frame-ancestors to 'self'
For #13042

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-08 15:36:40 +01:00
Roeland Jago Douma 64244e1a4f
CSP: Allow fonts to be provided in data
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-07 15:07:06 +01:00
Daniel Kesselberg 8a952b73d6
Access id property without getter.
Some implementations typehint getId to integer but default is null.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-12-24 14:21:40 +01:00
Daniel Kesselberg 21b80a89b0
Fetch lastInsertId only when id null
When id column has no autoincrement flag query for lastInsertId fails
on postgres because no value has been generated. Call lastInsertId only
if id is null.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-12-24 14:21:39 +01:00
Roeland Jago Douma 3ddc68f91b
Add IMapperException
This way code using the DB mappers can have try catch blocks on this
type of exceptions if they do not care if there was non or to many.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-06 22:26:58 +01:00
Roeland Jago Douma 58345e02d2
Basic CSP no longer deprecated
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-08 10:37:48 +01:00
Roeland Jago Douma 579822b6a5
Add report-uri to CSP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 13:38:32 +02:00
Roeland Jago Douma 5b61ef9213
Disallow unsafe-eval by default
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-14 20:45:34 +02:00
Joas Schilling 840dd4b39c
Allow to inject/mock `new \DateTime()` similar to time()
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 15:38:31 +02:00
Morris Jobke e45248c17a
Merge pull request #10967 from nextcloud/zipresponse
Add zip response
2018-10-02 23:34:30 +02:00
Morris Jobke bcbffdb644
Add PHPDoc
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-02 22:35:31 +02:00
Roeland Jago Douma 7d9052d4b9
fixup! Add fix response
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 08:17:27 +02:00
Roeland Jago Douma a891f42a5d
fixup! Add fix response
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 08:16:28 +02:00
Jakob Sack a9fa220e68
Add fix response
implements #7589
2018-10-02 08:13:39 +02:00
Christoph Wurst 3f594fc1b7
Document possibly thrown excption of QBMapper::insertOrUpdate
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-02 08:09:28 +02:00
Christoph Wurst 40fdff5b80
Add QBMapper::insertOrUpdate()
This allows elegant upserts where the entity ID is provided (e.g. by an
external system) and when that data is fed into our database multiple
times.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-02 08:09:27 +02:00
Roeland Jago Douma 8354c50911
Deprecate the childSrc functions
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Roeland Jago Douma c8fe4b4fc8
Add workerSrc to CSP
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00