Commit Graph

9822 Commits

Author SHA1 Message Date
Roeland Jago Douma f763219f19
Merge pull request #17712 from nextcloud/enh/limit_hardening/database/user
Make sure limit is never negative
2019-10-28 13:59:09 +01:00
Roeland Jago Douma 70500e25ad
Merge pull request #17173 from nextcloud/feature/event-broadcasting
Make it possible to broadcast events to (web) clients
2019-10-28 13:58:35 +01:00
Christoph Wurst d180a98714
Make it possible to broadcast events to (web) clients
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-10-28 13:58:13 +01:00
Roeland Jago Douma dd185e383d
Make sure limit is never negative
There were some cases where a negative limit could be passed in. Which
would happily make the query explode.

This is just a quick hack to make sure it never is negative.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-28 13:07:43 +01:00
Daniel Kesselberg 83af640780
Remove objectstore credentials
Also remove the username for Swift v2 and add todo for unclear keys.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-27 00:51:39 +02:00
Daniel Kesselberg 8e44e0134a
Remove objectstore credentials
S3: key and secret
Swift v3: user.name and user.password

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-27 00:41:01 +02:00
Roeland Jago Douma 931c68c0bf
Do not show 'Get your own free account' on services under subscription
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-25 16:46:32 +02:00
Roeland Jago Douma e71f222082
Cleanup theming mess
* Do not do translations in the constructor. This gets called to early
so there is no user yet. Which means we can't obtain the locale. Which
means we store the wrong translation instance.

* Same for the theming app magic. Just use the parent call when needed.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-25 13:31:19 +02:00
Roeland Jago Douma 6a560fd51e
Don't pass in the locale as the language
This messes with the translation of the date names etc.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-25 13:29:51 +02:00
Julius Härtl 7636b9e164
Fix help route in navigation
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-10-22 17:56:55 +02:00
blizzz 923735021b
Merge pull request #17568 from nextcloud/fix/noid/move-away-from-deprecated-event
use OCP\EventDispatcher\Event over Symfony's deprecated Event
2019-10-21 13:40:36 +02:00
Roeland Jago Douma 8d094920c3
Merge pull request #17594 from nextcloud/dont-cache-notfound
Dont cache empty url for not found routes
2019-10-21 12:06:49 +02:00
Roeland Jago Douma 2276cb12c4
Merge pull request #17547 from nextcloud/enh/noid/log-exception-json-escape
Do not escape slashes for logged exceptions
2019-10-21 11:14:03 +02:00
Robin Appelman 219905b9c8
Dont cache empty url for not found routes
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-10-18 18:20:25 +02:00
Arthur Schiwon e8095cf737
use OCP\EventDispatcher\Event over Symfony's deprecated Event
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-10-17 13:31:48 +02:00
John Molakvoæ bd5189f29f
Let SCSS cleanup only run once (#17543)
Let SCSS cleanup only run once
2019-10-17 10:03:08 +02:00
Roeland Jago Douma 098ab7af4b
Do DI on registered middleware as well
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-16 22:52:48 +02:00
Julius Härtl a9c089064b
Deprecate TemplateManager
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-10-16 09:54:17 +02:00
Julius Härtl 0a4dd3605b
Do not escape slashes for logged exceptions
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-10-15 16:09:23 +02:00
Julius Härtl ee743867d4
Make sure the cache is only reset once at a time
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-10-15 15:17:16 +02:00
Julius Härtl e51010b0f4
Use a distributed cache for the isCachedCache
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-10-15 11:56:02 +02:00
Daniel Kesselberg 0ecc70c497
Assume that getType is available
From PHP7 getType is always available. No need to check it nowdays.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-14 09:50:12 +02:00
Daniel Kesselberg ace74ef866
Fix ReflectionType::__toString() is deprecated
As of PHP 7.1.0, ReflectionType::__toString() is deprecated, and ReflectionParameter::getType() may return an instance of ReflectionNamedType. To get the name of the parameter type, ReflectionNamedType() is available in this case.

https://www.php.net/manual/en/reflectionparameter.gettype.php
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-14 09:50:06 +02:00
Christoph Wurst f6a79338d4
Make sure we create an app's Application class just once
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-10-11 08:21:24 +02:00
Roeland Jago Douma 1e8f063aed
Merge pull request #17484 from nextcloud/bugfix/activity-last-timestamp-merged
Always use the latest timestamp for merged activities
2019-10-10 20:30:16 +02:00
Roeland Jago Douma 5917644536
Merge pull request #17276 from nextcloud/storage-id-eq
Get single storage id using `eq` instead of `in`
2019-10-09 15:17:49 +02:00
Julius Härtl a41ed39bf2
Always use the latest timestamp for merged activities
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-10-09 11:25:37 +02:00
Roeland Jago Douma 5122629bb0
Make renewSessionToken return the new token
Avoids directly getting the token again. We just inserted it so it and
have all the info. So that query is just a waste.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-09 10:10:37 +02:00
Roeland Jago Douma 3fccc7dc47
Cache the public key tokens
Sometimes (esp with token auth) we query the same token multiple times.
While this is properly indexed and fast it is still a bit of a waste.

Right now it is doing very stupid caching. Which gets invalidate on any
update.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-08 13:57:36 +02:00
Roeland Jago Douma 075a0b24d5
Merge pull request #17431 from johkoenig/bugfix/17377/trusted_domain_helper_case_insensitive
make TrustedDomainHelper case insensitive
2019-10-08 08:51:11 +02:00
Roeland Jago Douma f2d44b87bb
Merge pull request #17440 from nextcloud/enh/noid/log-json-escape
Do not escape slashes in log json
2019-10-08 08:48:52 +02:00
Daniel Kesselberg fdf4e1ebb2
Remove duplicate code
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-08 00:46:50 +02:00
Julius Härtl 29a6f2d830
Do not escape slashes in log json
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-10-07 13:39:40 +02:00
Johannes Koenig 2df8d646c1 make TrustedDomainHelper case insensitive
Signed-off-by: Johannes Koenig <mail@jokoenig.de>
2019-10-06 20:43:55 +02:00
John Molakvoæ 62399c76e8
Allow group displaynames in the database backend (#17221)
Allow group displaynames in the database backend
2019-10-05 18:34:14 +02:00
Roeland Jago Douma 6db51324fa
Fix DB usersInGroups fetching
* Follow the interface defaults
* Only set limit or offset if they are properly set

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-02 09:43:35 +02:00
blizzz 47ab961aa7
Merge pull request #17001 from nextcloud/fix/noid/addressbookchanges-avatar
reduce adressbook change events and handling
2019-10-01 12:17:35 +02:00
Christoph Wurst de6940352a Move settings to an app
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2019-09-28 09:39:28 +00:00
Joas Schilling b9f963225f
Do not allow to have an empty display name
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-27 14:29:57 +02:00
Joas Schilling 00859f46f3
Fix DI issue
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-27 14:29:56 +02:00
Joas Schilling a54ff49c6b
Remove inherited docs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-27 14:29:56 +02:00
Joas Schilling 653628c8fb
Allow to set the group display name in the database backend
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-27 14:29:56 +02:00
Joas Schilling 45506adc5c
Add a displayname to the database group backend
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-27 14:29:56 +02:00
Roeland Jago Douma cc6874df19
Merge pull request #17264 from nextcloud/move-from-storage-wrappers
handle moveFromStorage within the same storage even when storage wrap…
2019-09-26 15:48:59 +02:00
Robin Appelman bde791cec9
use eq instead of in for loading single storage
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-26 15:04:04 +02:00
Robin Appelman 1a8f9b8b1d
log which storage id can't be inserted
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-26 15:04:00 +02:00
Roeland Jago Douma 1cb1b132ca
Merge pull request #17252 from nextcloud/bugfix/noid/user-0-can-not-comment
Fix user with id 0 to be able to comment
2019-09-26 11:30:56 +02:00
Roeland Jago Douma 6ac67011f4
Merge pull request #17262 from nextcloud/objectstore-remove-cache-on-delete
dont delete cache entries if deleting an object from object store failed
2019-09-26 11:24:02 +02:00
Robin Appelman 35f317df7b
handle moveFromStorage within the same storage even when storage wrappers are applied to the source storage
the target storage doesn't need additional handling for wrappers as the wrappers implementation of moveFromStorage already deals with that

Any storage based on local storage isn't affected by this as local storage already has it's own way of handling with this

Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-25 19:17:06 +02:00
Robin Appelman 733d4b6cca
dont delete cache entries if deleting an object from object store failed
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-25 18:09:45 +02:00
Joas Schilling e4b36f4f47
Fix user with id 0 to be able to comment
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-25 09:07:07 +02:00
Roeland Jago Douma 48a00b88e1
Merge pull request #17163 from nextcloud/bugfix/noid/print-error-on-data-dir-error
Print error on data dir error
2019-09-23 10:08:58 +02:00
Roeland Jago Douma b2aec1d816
Merge pull request #17206 from nextcloud/logger-catch-exceptions
catch exceptions that occur during logging
2019-09-19 18:33:45 +02:00
Robin Appelman 2943c18548
catch exceptions that occur during logging
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-19 13:39:40 +02:00
Christoph Wurst a5869be60f Fix l10n in federated file sharing
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-09-19 12:57:45 +02:00
Roeland Jago Douma 210a0554a2
Use the actual password to update the tokens
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-18 19:50:58 +02:00
Daniel Kesselberg ee76b0fbd2
Add uid to delete temp token query
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-09-18 16:52:42 +02:00
Joas Schilling a4ba2113b2
Fix getById for files in appdata and the root mount
In case the path we are currently in is inside the appdata_* folder,
the original getById method does not work, because it can only look inside
the user's mount points. But the user has no mount point for the root storage.

So in that case we directly check the mount of the root if it contains
the id. If it does we check if the path is inside the path we are working
in.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-17 11:15:59 +02:00
Joas Schilling ad7d13a87c
Print the error pages as error so we load less scripts and might be able to view it
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-16 19:38:43 +02:00
Roeland Jago Douma 978d312e69
Merge pull request #17151 from nextcloud/td/remove/createPreview
Remove deprecated function createPreview
2019-09-15 19:36:18 +02:00
Greta Doci 0a874c51af
Disable app token creation for impersonated people, ref #15539
Signed-off-by: Greta Doci <gretadoci@gmail.com>
2019-09-15 12:04:27 +02:00
Roeland Jago Douma 98f91982be
Remove deprecated function createPreview
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-15 10:52:34 +02:00
Roeland Jago Douma 2b98eea129
Harden identifyproof openssl code
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-14 13:52:10 +02:00
Christoph Wurst a1ef939c06
Use Symfony's new contract Event class instead of the deprecated one
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-09-12 14:44:55 +02:00
blizzz ac48a9ba61
Merge pull request #17106 from nextcloud/feature/dispatch-typed-event
Add Symfony inspired typed event dispatcher method
2019-09-12 09:25:26 +02:00
Roeland Jago Douma 1b8d6df6cd
Merge pull request #17084 from nextcloud/refactor/symfony-dispatcher-signature
Use the new Symfony event dispatcher signature
2019-09-11 22:08:38 +02:00
Christoph Wurst b9e14d5972
Add Symfony inspired typed event dispatcher method
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-09-11 20:02:50 +02:00
Joas Schilling 15d39c48e6
Merge pull request #17021 from nextcloud/bye-spreed-hello-talk
Bye Spreed namespace, hello Talk!
2019-09-11 14:59:37 +02:00
Roeland Jago Douma 2187f856ce
Merge pull request #16682 from nextcloud/enh/12790/workflow-backend
workflow overhaul
2019-09-11 13:14:06 +02:00
Roeland Jago Douma 41cbb05aea
Split personal security settings in code
Instead of one big monolitic sections this is the first step in breaking
down the settings. This should make is easiet to see what does what. As
well as nicely splitting up the sections.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-10 16:22:41 +02:00
Christoph Wurst 222b458280
Use the new Symfony event dispatcher signature
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-09-10 11:26:55 +02:00
Arthur Schiwon 20901c59d4
emit file events via Dispatcher, too
another step to get rid of hooks and emitters

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-09 22:56:04 +02:00
Roeland Jago Douma bf6082e119
Merge pull request #16836 from nextcloud/fix/16724/smb-availability
Fix SMB availability status + higher delay on auth issues
2019-09-09 16:50:42 +02:00
Roeland Jago Douma b3f663b8aa
Merge pull request #16859 from PhrozenByte/patch-1
Add IAppManager::getAppWebPath()
2019-09-09 12:20:27 +02:00
Roeland Jago Douma ac19017461
Merge pull request #16962 from nextcloud/keep-cypress-git
Kill repair step for cypress
2019-09-08 21:29:01 +02:00
Roeland Jago Douma 1cfb851300
Merge pull request #17006 from nextcloud/querybuilder-max-min
add MAX and MIN to functionbuilder
2019-09-07 11:09:11 +02:00
Robin Appelman 8ef5a366ec
add MAX and MIN to functionbuilder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-06 12:28:17 +02:00
Daniel Rudolf 2d56664e35
Improve usage of IAppManager::getAppWebPath()
Deprecate \OC_App::getAppWebPath() and \OC_App::getAppPath()

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2019-09-05 18:35:40 +02:00
Joas Schilling 858b18e34a
Bye Spreed namespace, hello Talk!
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-05 15:32:58 +02:00
Arthur Schiwon 3ce5d4e545
reduce adressbook change events and handling
... from four to one on avatar updates

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-04 13:46:25 +02:00
Julius Härtl 64fe9bc287
Return the proper jailed path when requesting the root path
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-09-04 13:25:17 +02:00
Roeland Jago Douma b7301f40dd
Merge pull request #16972 from nextcloud/enh/default_client_timeout
Set a default request timeout
2019-09-04 08:08:48 +02:00
Roeland Jago Douma ca2623e6ad
Set a default request timeout
This to avoid endless running processes.
A default timeout of 30 seconds should cover the 99% case. If a job need
specific longer time it should set that.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-02 15:42:48 +02:00
Daniel Kesselberg 62ded4ad50
Kill repair step for cypress tests
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-09-02 11:50:23 +02:00
Samuel CHEMLA 94eb77a535 Fix sanity checks #16963
Signed-off-by: Samuel CHEMLA <chemla.samuel@gmail.com>
2019-09-01 22:27:08 +02:00
Daniel Kesselberg 2d04be27df
Keep cypress if git
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-09-01 20:46:13 +02:00
Julius Härtl 299759b836
Handle throwables in the http dispatcher
Co-authored-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-29 17:19:14 +02:00
Roeland Jago Douma 130fdf5006
Merge pull request #16913 from nextcloud/fix/declare_members
SessionMiddleware: declare session property
2019-08-29 09:54:45 +02:00
Roeland Jago Douma 3f12ec95f0
SessionMiddleware: declare session property
* Remove request since we don't useit
* Update tests as well

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-28 13:02:29 +02:00
Roeland Jago Douma c73b4f25c3
Make sure they keys are unique
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-28 12:55:07 +02:00
Joas Schilling b1a0d464ba
Merge pull request #16723 from nextcloud/fix/sharing/unshare-message
Add expiration event for shares
2019-08-26 12:58:51 +02:00
John Molakvoæ 40edabaf61
Merge pull request #16795 from nextcloud/enh/phpstan/limiter
Fix report of phpstan in Limiter
2019-08-26 11:42:03 +02:00
Daniel Rudolf 34919d3ebc
Add IAppManager::getAppWebPath()
Implements a public API for \OC_App::getAppWebPath()

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
2019-08-25 15:27:04 +02:00
blizzz f515da4f3c
Merge pull request #16845 from nextcloud/bugfix/noid/public-constants
Make the sharing constants publicly available
2019-08-23 23:15:15 +02:00
Joas Schilling 92862c51f5
Always check via http and https whether htaccess is working
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-23 14:33:58 +02:00
Joas Schilling b130a4c8fb
Make the sharing constants publicly available
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-23 13:54:19 +02:00
Arthur Schiwon 43bc31bacb
set a storage availability delay on auth issues to avoid lock out
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-22 12:40:15 +02:00
Roeland Jago Douma 1e74ffd46b
Merge pull request #16820 from nextcloud/bugfix/noid/access-handling-of-projects
Change access handling of projects
2019-08-21 22:02:50 +02:00
blizzz 9ac15bc4e9
Merge pull request #16813 from compagnon/fix/noid/AutoloadNotAllowedException-theming-off
autoloader.php could raise Not AllowedException
2019-08-21 16:04:32 +02:00
Joas Schilling 69f2974706
Only trigger the events with tags that where actually assigned
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-21 11:58:27 +02:00
Joas Schilling 23bd4c127d
Add a repair step to clear the projects access cache
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-21 09:16:14 +02:00
Joas Schilling b53283fcb7
Change the logic so projects are only shown when you can access all resources
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-21 09:16:14 +02:00
John Molakvoæ (skjnldsv) b557f52c22
Add expiration event for shares
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-08-21 08:30:17 +02:00
Roeland Jago Douma dd02920aed
Merge pull request #16811 from nextcloud/bugfix/16771/correctly-remove-apps-without-any-releases
Correctly remove apps without any releases
2019-08-20 22:29:20 +02:00
Roeland Jago Douma 1dda6fb05b
Merge pull request #16812 from nextcloud/bugfix/noid/previewv1-returntype
Explicit cast for ProviderV1Adapter
2019-08-20 22:28:43 +02:00
Guillaume COMPAGNON 0516675a5c autoloader.php could raise Not AllowedException
when theming is off

Signed-off-by: Guillaume Compagnon <gcompagnon@outlook.com>

	modified:   lib/private/TemplateLayout.php
2019-08-20 17:11:40 +02:00
Julius Härtl d3d37aa19d
Explicit cast for ProviderV1Adapter
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-20 15:47:59 +02:00
Joas Schilling 17096adff9
Correctly remove apps without any releases
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-20 14:47:46 +02:00
Joas Schilling 323642454a
Undefined variable response when server is no nextcloud anymore
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-20 12:54:58 +02:00
Joas Schilling 650e4f9f4c
Merge pull request #16793 from nextcloud/bugfix/noid/filter-more-configs
Filter more configs
2019-08-20 09:01:20 +02:00
Roeland Jago Douma 1614dee6dc
Codechecker: removed unused use
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-19 19:41:46 +02:00
Roeland Jago Douma 7927aebdeb
Fix report of phpstan in Limiter
* unneeded arguments to constructor
* added return types
* let automatic DI do its work

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-19 19:38:43 +02:00
Joas Schilling b6c78eb9d4
Filter more configs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-19 16:32:20 +02:00
Joas Schilling 810ee7d811
Make the auto-disabled list more broad
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-15 11:12:45 +02:00
Georg Ehrke f6c3424039
Fix tracking of auto disabled apps in Updater
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-15 11:12:43 +02:00
Roeland Jago Douma d14aed1048
Merge pull request #15946 from martink-p/bugxfix/9792/encrypted-external-webdav
Update Encryption.php
2019-08-15 10:22:50 +02:00
Roeland Jago Douma f7152cccb2
Merge pull request #16572 from nextcloud/fix/15613/bring-back-psql9-compat
instead of upsert query, fallback to default on PSQL <= 9.4
2019-08-14 10:10:37 +02:00
blizzz 2ac01c0203
Merge pull request #16725 from nextcloud/bugfix/noid/syslog-di
Fix loading of the syslog logging class
2019-08-14 09:46:48 +02:00
Arthur Schiwon d0409548c6
instead of upsert, fallback to default query on PgSQL <= 9.4
because there is no upsert yet

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-14 09:05:11 +02:00
Julius Härtl 2efb9a7d90
Make sure SystemConfig class can be injected and syslog_tag is fetched properly
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-13 16:26:18 +02:00
Roeland Jago Douma 145eee91fe
Get the proper UID
Some user backends (like the database backend) allow us to obtain a user
case insensitive. However the UID itself is case sensitive.

Example:
* create a user User1
* login as User1
  - This results the data/User1 folder to be created etc
* now have some code somewhere that obtains the userFolder (from
IRootFolder) but pas in 'uSER1' as uid
  - The code will check if that is a valid user. And in this case it is
  since User1 and uSER1 both map to the same user
  - However the the UID in the user object is used for the folder a new
  folder fill be create data/uSER1

With this PR this is avoided now. Since we obtain the real UID casing in
the backend before creating the user object.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-13 09:33:46 +02:00
Roeland Jago Douma f465f9d4b9
Merge pull request #16721 from nextcloud/fix/16644
Correctly handle emtpy string in proxyuserpwd config
2019-08-11 22:46:01 +02:00
Roeland Jago Douma 9d6eb2daf7
Merge pull request #16179 from J0WI/mv-frameoptions
Add X-Frame-Options header to .htaccess
2019-08-11 21:30:51 +02:00
Scott Shambarger edf946dfc7
Correctly handle emtpy string in proxyuserpwd config
As documented, the default value for config value proxyuserpwd is ''.
However, that value results in the error:
 "cURL error 5: Unsupported proxy syntax in '@'".
This patch handles the values of '' and null (the default in the code)
the same for config values proxyuserpwd and proxy.

Signed-off-by: Scott Shambarger <devel@shambarger.net>
2019-08-11 21:07:30 +02:00
J0WI 1b074f48d8
Remove duplicated spaces
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI 3f2932c75a
Sort headers
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI 76cbd7db6e
Add X-Frame-Options header to .htaccess
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:49 +02:00
Roeland Jago Douma b8c5008acf
Add feature policy header
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma 5d94590cee
Have the OCSBaseResponse call the parent constructor
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-08 09:52:20 +02:00
Roeland Jago Douma b42b26eceb
Merge pull request #15187 from vitormattos/bugfix-create-database-user
Bugfix: user is not allowed
2019-08-08 09:03:48 +02:00
Roeland Jago Douma 650927a822
Properly return an int in the getId function of the cache
fixes #16684

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-07 20:38:42 +02:00
Roeland Jago Douma 2e2d1b6b5c
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare
Fix permission check on incoming federated shares
2019-08-01 10:55:35 +02:00
Roeland Jago Douma f94ee72507
Add form-action CSP element
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Julius Härtl 22b81ac1e4
Fix permission check on incoming federated shares
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 12:59:51 +02:00
Roeland Jago Douma 417fbb5d60
setting unsafe-eval is deprecated
This will be removed in a future version of Nextcloud.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-30 16:27:38 +02:00
Joas Schilling d4eb8481fa
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare
Remove unused OC\Share\Share::checkPasswordProtectedShare
2019-07-30 09:58:38 +02:00
Roeland Jago Douma 135209f24e
Merge pull request #16579 from nextcloud/enh/PostLoginEvent
Add proper PostLoginEvent
2019-07-30 08:54:10 +02:00
Morris Jobke e21f440990
Merge pull request #16502 from nextcloud/bugfix/16474
Check the if we can actually access the storage cache for recent files
2019-07-29 16:59:26 +02:00
Roeland Jago Douma ba60fafb9a
Add proper PostLoginEvent
This can be used by othr mechanisms to listen for this event in a lazy
fashion.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-29 16:31:40 +02:00
Morris Jobke 98237d2a00
Remove unused OC\Share\Share::checkPasswordProtectedShare
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 15:23:21 +02:00
Morris Jobke e45fb5fa3e
Fix typo in comment
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 14:55:43 +02:00
Roeland Jago Douma 51197ac622
Merge pull request #16582 from nextcloud/enh/split_up_security_middleware
Split up security middleware
2019-07-29 12:13:55 +02:00
Roeland Jago Douma fb78cd3ed8
Merge pull request #16570 from nextcloud/enh/supress_touch_error
Supress warnings touch can generate
2019-07-29 10:39:46 +02:00
Roeland Jago Douma 37a4282c7a
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +02:00
Roeland Jago Douma 9ef23e2362
Merge pull request #16558 from nextcloud/enh/less_verbose_locked_logging
Do not log all locked exceptions
2019-07-27 10:39:11 +02:00
Roeland Jago Douma 1cc8a2f5d2
Supress warnings touch can generate
We already catch the result value. Having the warning being logged
explicitly doesn't help and polutes the log.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 17:26:59 +02:00
Morris Jobke 2e803dc3d3
Merge pull request #16555 from nextcloud/fix/16529/mask-keys
use a pattern to identify sensitive config keys
2019-07-26 15:15:56 +02:00
Roeland Jago Douma cdc43cd39b
Merge pull request #16456 from nextcloud/dep/searchByTag
Remove deprecated searchByTag
2019-07-26 15:07:04 +02:00
Roeland Jago Douma 4cc41cb4c7
Do not log all locked exceptions
This can happen for valid reasons (multiple users writing at the same
time) with for example the text app. Apps should properly handle it. No
reason to log it by default.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 14:55:13 +02:00
Arthur Schiwon 78201bcb72
treat sensitive config keys by pattern
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-26 13:31:14 +02:00