Otherwise an administrator could bypass sudo mode by installing an app that allows RCE by design. I've by intention excluded the update endpoint from the requirement because updating apps should be as unintruisive as possible.
Not the cleanest approach by adding this to the AJAX endpoints instead of requiring a controller but for 11 this felt safer for me. We can clean this up together later then. (also the other AJAX endpoints in this folder do have the same logic)
Ref https://github.com/nextcloud/server/issues/2487
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈
Fixes https://github.com/owncloud/core/issues/14196 for core
Otherwise every time the AppStore was opened a lot of connections to the AppStore server were made which resulted in a terrible performance.
This changeset will cache the response for a sensible time so that only the first request will be somewhat slow.
Performance changes:
- Loading a category took previously more than 3 seconds on my machine. Now for every follow-up request it takes less than 200ms, resulting in a performance gain of 1950%
- Loading the category list took previously about 750ms - now it takes 154ms, a total performance gain of 395%
`OC_JSON::success` and `OC_JSON::error` are calling
`OC_JSON::encodedPrint`, which already sets these headers. So this two
calls are uneeded duplicates.
Morris Jobke
Lukas Reschke
Joas Schilling
Lukas Reschke
Thomas Müller
Joas Schilling
Jenkins for ownCloud
Georg Ehrke
Bart Visscher
Robin Appelman
Jan-Christoph Borchardt