mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
50,134 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

9582 Commits

Author SHA1 Message Date
Roeland Jago Douma 2e2d1b6b5c
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare 
Fix permission check on incoming federated shares
 2019-08-01 10:55:35 +02:00
Roeland Jago Douma f94ee72507
Add form-action CSP element 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-31 15:16:10 +02:00
Julius Härtl 22b81ac1e4
Fix permission check on incoming federated shares 
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-31 12:59:51 +02:00
Roeland Jago Douma 417fbb5d60
setting unsafe-eval is deprecated 
This will be removed in a future version of Nextcloud.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-30 16:27:38 +02:00
Joas Schilling d4eb8481fa
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare 
Remove unused OC\Share\Share::checkPasswordProtectedShare
 2019-07-30 09:58:38 +02:00
Roeland Jago Douma 135209f24e
Merge pull request #16579 from nextcloud/enh/PostLoginEvent 
Add proper PostLoginEvent
 2019-07-30 08:54:10 +02:00
Morris Jobke e21f440990
Merge pull request #16502 from nextcloud/bugfix/16474 
Check the if we can actually access the storage cache for recent files
 2019-07-29 16:59:26 +02:00
Roeland Jago Douma ba60fafb9a
Add proper PostLoginEvent 
This can be used by othr mechanisms to listen for this event in a lazy
fashion.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-29 16:31:40 +02:00
Morris Jobke 98237d2a00
Remove unused OC\Share\Share::checkPasswordProtectedShare 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-29 15:23:21 +02:00
Morris Jobke e45fb5fa3e
Fix typo in comment 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-29 14:55:43 +02:00
Roeland Jago Douma 51197ac622
Merge pull request #16582 from nextcloud/enh/split_up_security_middleware 
Split up security middleware
 2019-07-29 12:13:55 +02:00
Roeland Jago Douma fb78cd3ed8
Merge pull request #16570 from nextcloud/enh/supress_touch_error 
Supress warnings touch can generate
 2019-07-29 10:39:46 +02:00
Roeland Jago Douma 37a4282c7a
Split up security middleware 
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-27 16:11:45 +02:00
Roeland Jago Douma 9ef23e2362
Merge pull request #16558 from nextcloud/enh/less_verbose_locked_logging 
Do not log all locked exceptions
 2019-07-27 10:39:11 +02:00
Roeland Jago Douma 1cc8a2f5d2
Supress warnings touch can generate 
We already catch the result value. Having the warning being logged
explicitly doesn't help and polutes the log.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-26 17:26:59 +02:00
Morris Jobke 2e803dc3d3
Merge pull request #16555 from nextcloud/fix/16529/mask-keys 
use a pattern to identify sensitive config keys
 2019-07-26 15:15:56 +02:00
Roeland Jago Douma cdc43cd39b
Merge pull request #16456 from nextcloud/dep/searchByTag 
Remove deprecated searchByTag
 2019-07-26 15:07:04 +02:00
Roeland Jago Douma 4cc41cb4c7
Do not log all locked exceptions 
This can happen for valid reasons (multiple users writing at the same
time) with for example the text app. Apps should properly handle it. No
reason to log it by default.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-26 14:55:13 +02:00
Arthur Schiwon 78201bcb72
treat sensitive config keys by pattern 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2019-07-26 13:31:14 +02:00
Roeland Jago Douma 323f40a493
Merge pull request #16461 from nextcloud/fix/noid/pgsql-version 
fixes the check for postgresql
 2019-07-26 12:32:04 +02:00
Roeland Jago Douma 0487144b26
Remove deprecated searchByTag 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-26 12:29:19 +02:00
Julius Härtl e43b341b04
Add additional check for read permissions 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-24 14:01:24 +02:00
Julius Härtl 3674f6fa2d
Check the if we can actually access the storage cache for recent files 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-24 14:01:24 +02:00
Joas Schilling 7d3a349d8f
PHPStorm code cleanup 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-24 10:39:57 +02:00
Joas Schilling 3b334169a8
Get the topmost parent for the parent instead of doing endless recursion 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-24 10:39:22 +02:00
Morris Jobke d5b524ae07
Merge pull request #16492 from nextcloud/enh/exclude-rnd-files 
Exclude .rnd files from integrity check
 2019-07-23 14:57:55 +02:00
Morris Jobke 3a6d8174a9
Merge pull request #16450 from nextcloud/tech-debt/noid/cleanup-unused-OC_API-methods 
Removes unused OC_API::register
 2019-07-22 16:04:01 +02:00
Morris Jobke 54bcd86db7
Adjust deprecation tests 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-22 12:06:16 +02:00
Daniel Kesselberg 608f4d3ee9
Pass $configargs to openssl_pkey_export 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-07-21 22:21:59 +02:00
Daniel Kesselberg 8bed3021bd
Exclude .rnd files from integrity check 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-07-21 20:29:11 +02:00
Morris Jobke a085a88205
Merge pull request #14954 from tacruc/searchPatterns 
Allow to search for real pattern in contacts
 2019-07-19 18:03:37 +02:00
Morris Jobke baff2ccdba
Merge pull request #16452 from nextcloud/bug/noid/error-with-exception-on-ssl-error 
Error with exception on SSL error
 2019-07-18 20:51:30 +02:00
Morris Jobke 4ae17427c5
Error with exception on SSL error 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-18 18:50:44 +02:00
Arthur Schiwon 8b1126e6d2
fixes the check for postgresql 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2019-07-18 18:34:10 +02:00
Roeland Jago Douma 057e88e9e7
Merge pull request #16380 from Dreamsorcerer/patch-1 
Allow use of server var for CSP nonce
 2019-07-18 15:33:15 +02:00
Sam Bull ea935f65fd
Add support for CSP_NONCE server variable 
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.

Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-18 12:16:29 +02:00
Morris Jobke 55d8c3db3e
Reduce indirection in AppManager 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-18 11:33:58 +02:00
Morris Jobke 605d0874a4
Removes unused OC_API::register 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-18 11:27:09 +02:00
Morris Jobke 48653d1a27
Merge pull request #16440 from marcelklehr/fix/objectstorage-put-contents 
Fix File#putContents(string) on ObjectStorage
 2019-07-17 22:38:41 +02:00
Morris Jobke 5b604eaeab
Merge pull request #15040 from nextcloud/feature/13980/push-for-deleted-notifications 
Notifications overhaul
 2019-07-17 20:22:03 +02:00
Morris Jobke 782554d2ac
Merge pull request #16075 from nextcloud/bugfix/15823/app-restricted-groups 
Remove deleted groups from app restrictions fixes #15823
 2019-07-17 17:36:00 +02:00
Marcel Klehr d46744e2f1 Fix File#putContents(string) on ObjectStorage 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2019-07-17 14:58:56 +02:00
Morris Jobke 223a91d5ef
Merge pull request #16416 from nextcloud/enh/log-details 
Move log detail aggregation and reuse it in syslog/systemd logger
 2019-07-17 11:43:32 +02:00
Julius Härtl 07bbec3355
Move log detail aggregation to separate class and reuse it in syslog/systemd logger 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-17 08:45:55 +02:00
Morris Jobke 99f2c82222
Properly inject the logger 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-16 22:38:14 +02:00
Roeland Jago Douma 8ca2b31804
Do not keep searching for recent 
If userA has a lot of recent files. But only shares 1 file with userB
(that has no files at all). We could keep searching until we run out of
recent files for userA.

Now assume the inactive userB has 20 incomming shares like that from
different users. getRecent then basically keeps consuming huge amounts
of resources and with each iteration the load on the DB increases
(because of the offset).

This makes sure we do not get more than 3 times the limit we search for
or more than 5 queries.

This means we might miss some recent entries but we should fix that
separatly. This is just to make sure the load on the DB stays sane.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-16 19:14:55 +02:00
Joas Schilling 594efca1e3
Update since to the correct version 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-16 16:58:38 +02:00
Joas Schilling 565838da9c
Update unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-16 13:32:44 +02:00
Joas Schilling 55f5bc79a1
Keep the old method as a fallback and adjust the tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-16 11:36:32 +02:00
Oliver Salzburg 392a4dd68a
Use specific privileges when creating admin 
Using the ALL shorthand can cause problems when not all privileges are available to the user.
For example, AWS RDS MariaDB/MySQL will not grant the initial user account on an instance the SUPER privilege.
While the user account is still valid for pretty much any task on the DB instance, it can not use the ALL shorthand when granting privileges to new users.
By supplying a specific set of privileges, we work around this limitation without sacrificing functionality.

Closes #16139

Signed-off-by: Oliver Salzburg <oliver.salzburg@gmail.com>
 2019-07-16 10:26:25 +02:00