Christoph Wurst
b80ebc9674
Use the short array syntax, everywhere
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
Christoph Wurst
74936c49ea
Remove unused imports
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Pavel Krasikov
4c01326913
add docs for useJsNonce
...
Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
2020-03-15 17:02:11 +03:00
Joas Schilling
9c9f8fa5f7
Allow non integer ids in Entity Mapper
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-02-26 14:44:45 +01:00
TimObert
4c1834dace
Fix requested changes
...
Signed-off-by: Tim Obert <tobert@w-commerce.de>
2020-02-14 14:16:31 +01:00
Tim Obert
058180d386
Change the route generation of AuthPublicShareController.php and adjust the routes for file sharing
...
Signed-off-by: Tim Obert <tobert@w-commerce.de>
2020-02-14 12:12:04 +01:00
Christoph Wurst
6127c288e8
Fix license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-01-13 14:23:49 +01:00
Daniel Calviño Sánchez
883a71ce8e
Split the menu entry for external shares in two
...
The external shares entry showed a "button" that, when pressed, replaced
the button with the input to set the remote share address. The "button"
was actually a label for the input, so when the label was focused it
transferred the focus to the input and thus pressing enter or space did
not show the input. Moreover, inputs inside links are not valid HTML,
and once shown there was no way to hide the input again.
Due to all this, and for consistency with the direct link input, the
external share input was moved to a different menu item that is shown
and hidden when the button, which nows is also a real button, is
clicked.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-12-30 10:29:36 +01:00
Daniel Calviño Sánchez
33b2f4e295
Format HTML elements
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-12-30 10:29:36 +01:00
Christoph Wurst
5bf3d1bb38
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Roeland Jago Douma
b607e3e6f4
Merge pull request #17948 from nextcloud/enh/check-if-property-is-bool
...
Make isXXX available for bool properties only
2019-11-26 12:25:36 +01:00
Roeland Jago Douma
68748d4f85
Some php-cs fixes
...
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Daniel Kesselberg
a27c10daa6
Make isXXX available for bool properties only
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-11-16 00:39:48 +01:00
Julius Härtl
3c09299346
Do not throw an exception for base App class
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-08 11:41:42 +01:00
Robin Appelman
5ca27085fc
mark getAppContainer as a valid way to construct app containers
...
this is triggerd (and not cought by the query arm) if an item from an app is queried before the app queries it's own Application instance
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-04 19:40:08 +01:00
Roeland Jago Douma
380563fd53
Merge pull request #17562 from nextcloud/techdebt/17509/log-error-when-setting-up-application-incorrectly
...
Log an error in development cases when the application class was set …
2019-10-29 21:09:26 +01:00
Christoph Wurst
ce9a434fb2
Add isXXX getter to Entity
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-10-22 14:54:21 +02:00
Joas Schilling
aad535e3af
Log an error in development cases when the application class was set up incorrectly
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-10-16 12:17:09 +02:00
Roeland Jago Douma
a85f2f4165
set default CSP on NotFoundResponse
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-09 22:37:12 +02:00
Roeland Jago Douma
def82c5077
Remove reflect method form public interface
...
The reflect method is (and should) only every be called internally.
Since if you call it again it would otherwise start mixing and matching
arguments etc.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-30 13:28:18 +02:00
Roeland Jago Douma
35db32f504
Add deprecation warning
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-29 14:52:50 +02:00
Roeland Jago Douma
c40fe8b819
Do not enforce the parent constructor of response to be called
...
If there is no policy set we just take the default empty ones.
That way no obscure errors get thrown if the constructor is not called.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-19 14:39:34 +02:00
Roeland Jago Douma
c4cafae884
frame-src doesn't respect the nonce attribute
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-16 21:29:57 +02:00
Roeland Jago Douma
b8c5008acf
Add feature policy header
...
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma
f94ee72507
Add form-action CSP element
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Roeland Jago Douma
cd243b0876
No need to have these classes we tighten the default CSP from time to
...
time
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 14:59:48 +02:00
Roeland Jago Douma
96e51b5f6f
Redirect to the right token on public shares
...
If the token doesn't match (or isn't set) during the redirect. We should
properly set it. Else we might redirect to a later auth display that set
these values.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-05-23 13:49:04 +02:00
Roeland Jago Douma
7276735eb4
Set empty CSP by default
...
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-04-16 14:09:39 +02:00
Marius David Wieschollek
5aeb8eac2b
[ #11236 ] Set parameter type in QBMapper
...
Signed-off-by: Marius David Wieschollek <git.public@mdns.eu>
2019-03-24 22:43:45 +01:00
Roeland Jago Douma
4d8e1f6c67
CSP: set nonce for iframes
...
This for now uses the jsNonce. That way we can easily backport it.
For 17 I will fix it properly.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-03-16 20:20:03 +01:00
Joas Schilling
c5ab74348c
Avoid duplicate App container creation
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-05 17:55:35 +01:00
Joas Schilling
3203d3e806
Allow apps to redirect to the default app
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-01 09:19:46 +01:00
Roeland Jago Douma
b68567e9ba
Add StandaloneTemplateResponse
...
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-06 11:26:18 +01:00
Roeland Jago Douma
d182037bce
Emit to load additionalscripts
...
Fixes #13662
This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.
This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-31 12:11:40 +01:00
Roeland Jago Douma
ad676c0102
Set default frame-ancestors to 'self'
...
For #13042
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-08 15:36:40 +01:00
Roeland Jago Douma
64244e1a4f
CSP: Allow fonts to be provided in data
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-07 15:07:06 +01:00
Daniel Kesselberg
8a952b73d6
Access id property without getter.
...
Some implementations typehint getId to integer but default is null.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-12-24 14:21:40 +01:00
Daniel Kesselberg
21b80a89b0
Fetch lastInsertId only when id null
...
When id column has no autoincrement flag query for lastInsertId fails
on postgres because no value has been generated. Call lastInsertId only
if id is null.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-12-24 14:21:39 +01:00
Roeland Jago Douma
3ddc68f91b
Add IMapperException
...
This way code using the DB mappers can have try catch blocks on this
type of exceptions if they do not care if there was non or to many.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-06 22:26:58 +01:00
Roeland Jago Douma
58345e02d2
Basic CSP no longer deprecated
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-08 10:37:48 +01:00
Roeland Jago Douma
579822b6a5
Add report-uri to CSP
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 13:38:32 +02:00
Roeland Jago Douma
5b61ef9213
Disallow unsafe-eval by default
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-14 20:45:34 +02:00
Joas Schilling
840dd4b39c
Allow to inject/mock `new \DateTime()` similar to time()
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 15:38:31 +02:00
Morris Jobke
e45248c17a
Merge pull request #10967 from nextcloud/zipresponse
...
Add zip response
2018-10-02 23:34:30 +02:00
Morris Jobke
bcbffdb644
Add PHPDoc
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-02 22:35:31 +02:00
Roeland Jago Douma
7d9052d4b9
fixup! Add fix response
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 08:17:27 +02:00
Roeland Jago Douma
a891f42a5d
fixup! Add fix response
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 08:16:28 +02:00
Jakob Sack
a9fa220e68
Add fix response
...
implements #7589
2018-10-02 08:13:39 +02:00
Christoph Wurst
3f594fc1b7
Document possibly thrown excption of QBMapper::insertOrUpdate
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-02 08:09:28 +02:00
Christoph Wurst
40fdff5b80
Add QBMapper::insertOrUpdate()
...
This allows elegant upserts where the entity ID is provided (e.g. by an
external system) and when that data is fed into our database multiple
times.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-02 08:09:27 +02:00
Roeland Jago Douma
8354c50911
Deprecate the childSrc functions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Roeland Jago Douma
c8fe4b4fc8
Add workerSrc to CSP
...
Fixes #11035
Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Roeland Jago Douma
c21cee248c
Disallow eval on the StrictEvalCSP
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-07-11 21:12:36 +02:00
Roeland Jago Douma
5455045a9b
Fix direct access to authen page
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:57:13 +02:00
Roeland Jago Douma
6de656e435
Update token on regeneration for public login
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:38 +02:00
Roeland Jago Douma
1bb8bc8ff9
Add AuthPublicShareControllerTest
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:38 +02:00
Roeland Jago Douma
61e445da88
Add PublicShareControllerTests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:38 +02:00
Roeland Jago Douma
31392c2443
Move public auth page over
...
Now this is in core so the basics (that 99% of the app will want to
use) looks always the same.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
Roeland Jago Douma
f36ef8ca80
Add the new PublicShareController and PublicShareMiddleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:35 +02:00
Roeland Jago Douma
b38fa573e1
Add stricter CSPs
...
* Deprecate our default CSP
* Add strict CSP that is always our strictest setting
* Add strict eval CSP (disable unsafe-eval)
* Add strict inline CSP (disables inline styles)
This is just to move forward and have a incremental improvement of our
CSP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-13 14:47:57 +02:00
Roeland Jago Douma
a34495933e
Move caching logic to response
...
This avoids having to do it at all the places we want cached responses.
We can't inject the ITimeFactor without breaking public API.
However we can perfectly overwrite the service (resulting in the same
testable effect).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-04 08:48:54 +02:00
Roeland Jago Douma
ed7b4839d9
The column is not user input so suppress the phan warning
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-14 14:46:33 +02:00
Roeland Jago Douma
74d7f6d4ca
Add a QueryBuilder Mapper
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-10 19:47:43 +02:00
Julius Härtl
6ded1c46b7
Add since tags
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 13:18:17 +02:00
Julius Härtl
2e60f91ab1
Move external share saving to template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 13:11:55 +02:00
Julius Härtl
30e76f9f14
Add footer to public page template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 12:22:01 +02:00
Julius Härtl
eb19899f8e
Move common menu templates to public API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 11:09:19 +02:00
Roeland Jago Douma
129a608ebe
OCP\AppFramework\App strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-09 08:42:03 +01:00
Julius Härtl
36563d4a4b
Remove setters
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
9cf49873fa
Rework array handling to avoid phan error
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
2b6c00fc0f
Add id to list element
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
7cd0340366
Sort menu by priority
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
038aad73c7
Add missing phpdoc for public API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
4f83462f67
Add phpdoc, typehints and sanitize HTML
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Julius Härtl
4f78980fad
Add menu item abstraction
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Julius Härtl
0655df09d6
Pass template parameters to parent template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Roeland Jago Douma
fb41a93a95
Merge pull request #8473 from nextcloud/strict_cmr
...
Strict OCP\AppFramework\Utility\IControllerMethodReflector
2018-02-21 22:56:40 +01:00
Roeland Jago Douma
aa060f5332
Strict OCP\AppFramework\Utility\IControllerMethodReflector
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 19:55:49 +01:00
Roeland Jago Douma
5825c27a12
Make sure that render always returns a string
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 13:28:40 +01:00
Joas Schilling
7bc9a69c3f
Remove deprecated core API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-15 17:54:50 +01:00
Roeland Jago Douma
d44de92c31
Merge pull request #7838 from nextcloud/timefactory_strict
...
Make the ITimeFactory strict + return types
2018-01-15 09:27:37 +01:00
Roeland Jago Douma
7ffd62bf95
Make the ITimeFactory strict + return types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:55:40 +01:00
Roeland Jago Douma
704133d732
Remove deprecated functions from DI Container
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 19:29:52 +01:00
Roeland Jago Douma
f55732a18f
Merge pull request #7075 from nextcloud/remove-unused-variables
...
Remove unused variables
2017-11-07 16:18:40 +01:00
Morris Jobke
4866314ce0
Run updated license header updater
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-07 13:47:42 +01:00
Morris Jobke
31c5c2a592
Change @georgehrke's email
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
Morris Jobke
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Morris Jobke
5445b1ff17
Remove unused variables
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 09:43:45 +01:00
Julius Härtl
4cfa1c66b8
Doc: Fix phpDoc issues
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-10-23 23:23:56 +02:00
Roeland Jago Douma
87e10f9e6a
OC_OCS_Response is deprecated
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-21 17:56:00 +02:00
Thomas Citharel
eb51c46549
fix typo and set @since properly
...
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
Thomas Citharel
ecf347bd1a
Add CSP frame-ancestors support
...
Didn't set the @since annotation yet.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
Lukas Reschke
f93a82b8b0
Remove explicit type hints for Controller
...
This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 17:32:03 +02:00
Morris Jobke
84c22fdeef
Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call
...
Add metadata to \OCP\AppFramework\Http\Response::throttle
2017-08-01 14:43:47 +02:00
Morris Jobke
6010c4f267
Merge pull request #5877 from nextcloud/typehint_middleware
...
Prop argument type for Middleware
2017-08-01 14:28:16 +02:00
Lukas Reschke
0fa49db770
Some more invalid PHPDocs in legacy classes
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Lukas Reschke
dfd8125aeb
Replace wrong PHPDocs
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Roeland Jago Douma
72eb610b3d
Prop argument type for Middleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-31 16:54:19 +02:00
Lukas Reschke
f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle
...
Fixes https://github.com/nextcloud/server/issues/5891
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-27 14:17:45 +02:00
Roeland Jago Douma
361d2badd8
Some phpstorm inspection fixes
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-22 21:10:16 +02:00