mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
41,274 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

777 Commits

Author SHA1 Message Date
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections 
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-20 22:48:13 +02:00
Joas Schilling 984933e586
Only use readable chars in Share Tokens 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-07-18 15:44:34 +02:00
Morris Jobke b4deba2078 Merge pull request #5483 from nextcloud/issue-5075-png-files-for-activity-emails 
Use PNGs for icons in activity emails
 2017-07-07 11:05:00 +02:00
Joas Schilling b27819785e
Don't log passwords on dav exceptions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-06-29 17:20:10 +02:00
Morris Jobke eb9aedf44b Enhance the logging if the part file can not be renamed 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-06-22 17:50:14 -05:00
Joas Schilling 90fa27694a
Use PNG version of the icons for shipped activities 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-06-20 13:48:51 +02:00
Joas Schilling 698a7cb7f0 Merge pull request #5124 from nextcloud/allow-dirlisting-with-unreadable-items 
Allow dir-listing also when one child is blocked by access control
 2017-06-16 10:47:08 +02:00
Morris Jobke ca3c69c8ae Merge pull request #5298 from nextcloud/bugfix/4885/calendar_shares_url_special_char_issue 
urldecode group principals in Cal- and CardDAV backend
 2017-06-14 23:10:40 -05:00
Morris Jobke ac565cecad Merge pull request #5300 from nextcloud/bugfix/noid/fix_proppatch_requests_to_groupshares 
allow users to send PropPatch request when calendar is group-shared with them
 2017-06-14 23:00:39 -05:00
Morris Jobke f38f2baa5a Merge pull request #5295 from nextcloud/bugfix/5077/allow_proppatches_to_birthday_calendar 
allow PropPatch requests to contact_birthdays
 2017-06-13 18:11:13 -05:00
Lukas Reschke 633396001f
Prevent sending second WWW-Authenticate header 
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.

Fixes https://github.com/nextcloud/server/issues/5088

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-06-13 13:54:52 +02:00
Georg Ehrke 35781ae45c
urldecode group principals in Cal- and CardDAV backend 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-06-12 21:01:30 +02:00
Georg Ehrke 0f1d47cdf3
allow users to send PropPatch request when calendar is group-shared with them 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-06-08 09:21:56 +02:00
Georg Ehrke 9563c25c69
allow PropPatch requests to contact_birthdays 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-06-08 08:00:52 +02:00
Joas Schilling d0c614a322
Allow dir-listing also when one child is blocked by access control 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-05-26 15:54:39 +02:00
Georg Ehrke 4b5379309e
fix replacing of 4MB Unicode Chars in cal props table 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-05-21 13:26:46 +02:00
Lukas Reschke 639ba526d0
Adjust realm from SabreDAV to Nextcloud 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 21:38:55 +02:00
Lukas Reschke f93db724d7
Make legacy DAV backend use the BearerAuth backend as well 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 21:19:39 +02:00
Lukas Reschke df3909a7c3
Use Bearer backend for SabreDAV 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:10 +02:00
Lukas Reschke 5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:03 +02:00
Roeland Jago Douma cef2110263
Revert "fix objectstore rename" 
This reverts commit 5334a3dc33.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-15 13:59:18 +02:00
Morris Jobke b2c96d0c23 Stop if user folder is not available 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-05-09 11:26:08 -05:00
Morris Jobke 2d707fdfb5 Merge pull request #4621 from nextcloud/fix_readonly_shared_calendar_proppatch 
fix PROPPATCH requests to read-only shared calendars
 2017-05-08 12:42:30 -05:00
Morris Jobke df6ce6b385 Merge pull request #4675 from nextcloud/fix_4651 
Create a photo cache to speedup the contactsmenu
 2017-05-08 12:20:27 -05:00
Robin Appelman 9d8936c5bf
fix error when browsing the dav root 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-05-08 14:34:36 +02:00
Roeland Jago Douma dea6edb066
Fix init 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 12:40:00 +02:00
Georg Ehrke 255442f281
fix PROPPATCH requests to read-only shared calendars 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-05-08 12:09:15 +02:00
Roeland Jago Douma 92408390b0
Fix ImageExportPluginTest 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma 747990b03a
No more XSS 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma 3ab53d000f
Clear cache on vcard change/delete 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma 34d97aa51c
Request proper size for contacts menu 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma dd430c2fd7
Cache the carddav photo endpoint 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma 303c0dd6a8
Always dispatch Carddav events 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:47 +02:00
Morris Jobke 49e958fa12 Enforce type hints in dav app 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-05-04 19:32:22 -03:00
Bjoern Schiessle c053a275d7
check password for mail shares as well 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-05-04 11:20:20 +02:00
Roeland Jago Douma 59e27f03b6
Add caching to the imageexport plugin 
Since we now heavily use this endpoint for the contacts menu we better
set proper caching on the images. Else this gets reload over and over
again leading to slow loading menu and unneded bytes transfered.

* cache for 1 hour by default
* added ETag for validation

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-02 12:30:34 +02:00
Morris Jobke 2a773310dc Merge pull request #4098 from nextcloud/feature/caldav_search 
add Nextcloud Search extension to CalDAV
 2017-04-28 23:38:04 -03:00
Georg Ehrke 0f8a9514de
rename calendarobjects_properties -> calendarobjects_props 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-28 20:21:46 +02:00
Georg Ehrke 8d00458b56
unit test custom calendar search 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-28 20:21:36 +02:00
Robin Appelman ab9a36e872
allow apps to set custom mount types 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-04-28 09:38:21 +02:00
Roeland Jago Douma 9da697b11a Merge pull request #4524 from nextcloud/downstream-27508 
Keep file id on move
 2017-04-28 09:37:40 +02:00
Vincent Petry 211a76eff3
Add comment 2017-04-27 09:29:20 +02:00
Vincent Petry 614bd5c294
Properly handle missing READ permission 2017-04-27 09:29:02 +02:00
Morris Jobke 3e37a5f1c7 Merge pull request #3770 from nextcloud/faster-search-in-contacts 
Factorize query for searching contacts
 2017-04-27 00:25:30 -03:00
Roeland Jago Douma edd9444209 Merge pull request #4503 from nextcloud/downstream-27281 
fix objectstore rename
 2017-04-26 17:17:24 +02:00
Vincent Petry 7b6e4d0dd2
Fix FutureFile MOVE to keep destination node 
Sabre usually deletes the target node on MOVE before proceeding with the
actual move operation. This fix prevents this to happen in case the
source node is a FutureFile.
 2017-04-26 15:46:38 +02:00
Vincent Petry ec8d7010e5
Accept moving FutureFile into a Directory 2017-04-26 15:43:01 +02:00
Vincent Petry 82b967d3f9
Remove ObjectTree::move and let is use the IMoveTarget approach instead 
This removes the duplicated code
 2017-04-26 15:35:08 +02:00
Vincent Petry 0a9f7730d0
Ported ObjectTree::move to IMoveTarget in new DAV endpoint 2017-04-26 15:33:20 +02:00
Georg Ehrke c76633bb8a
require at least one param or prop filter element 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-25 18:20:32 +02:00
Joas Schilling 5334a3dc33
fix objectstore rename 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-25 17:52:05 +02:00
Vincent Petry 1c40a05204
Restrict proppatch to the proper nodes 
Need to fetch the node earlier because cancelling from within the
handler is not possible. Well, it is but it prevents other node types
using the same property names to run because the failure marks the
property with status 403.
 2017-04-25 17:25:03 +02:00
Georg Ehrke ac3cc5211b
updateProperties: catch exception when reading calendar data 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-25 16:42:41 +02:00
Georg Ehrke dd424fcb7b
unit test CalDAV Search Plugin 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-25 16:39:17 +02:00
Georg Ehrke 40eec1e63c
add repairstep with backgroundjob to index calendar data 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-25 11:55:31 +02:00
Georg Ehrke e760cda96f
remove unused CalendarSearchValidator 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-24 22:38:21 +02:00
Georg Ehrke 57b543a918
add Nextcloud Search extension to CalDAV 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-24 22:38:20 +02:00
Joas Schilling 3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports 
Remove unused use statements
 2017-04-24 11:47:37 +02:00
Roeland Jago Douma d842b29c5b Merge pull request #4401 from nextcloud/caldav-carddav-nc-owner-displayname 
add owner-displayname property to calendars and addressbooks
 2017-04-24 09:17:55 +02:00
Georg Ehrke c89e057d27
add owner-displayname property to calendars and addressbooks 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-23 11:26:49 +02:00
Morris Jobke c54a59d51e
Remove unused use statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 19:23:31 -05:00
Morris Jobke 2b6f6dac00
Remove unused variables 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 18:20:51 -05:00
Roeland Jago Douma 6d1651452f
Add back the name query part 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-21 20:43:40 +02:00
Thomas Citharel ecba3722da
Factorize query for searching contacts 2017-04-21 20:43:36 +02:00
Joas Schilling 088f4422f9
Fix remaining "PHP Inspection" warnings 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-20 10:44:11 +02:00
Joas Schilling 62ef59616d
Add public access modifier to all methods 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-20 10:44:11 +02:00
Joas Schilling c2d1e6e7ff
Restrict share handling to the owner only 
Otherwise group members can remove the share for the complete group,
remove edit permissions and even single user shares for other users.

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-20 10:44:11 +02:00
Björn Schießle b90e91144b Merge pull request #3614 from nextcloud/discover-federatedsharing-endpoints 
Discover federatedsharing endpoints
 2017-04-12 16:01:07 +02:00
Joas Schilling a3c3124762
Allow file upload when storage is unlimited 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-12 12:27:47 +02:00
Morris Jobke 1729e4471f
Update comments to Nextcloud 
* based on PR by @Ardinis
* see #4311

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-11 23:16:27 -05:00
Bjoern Schiessle d5dec527c9
get addressbook url and carddav user from remote server 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-04-11 15:04:01 +02:00
Lukas Reschke aacbb560ae
Add missing maintenance plugin to new DAV endpoint 
The `/remote.php/dav/` endpoint was not implementing the MaintenancePlugin. Thus when the instance was put into maintenance mode the endpoints were still accessible and delivered empty content. Sync clients really do love this.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-11 01:31:57 +02:00
Morris Jobke a045f3c4d7 Merge pull request #4146 from nextcloud/unread-comments-folder 
Allow getting the unread comment count for an entire folder at once
 2017-04-10 13:21:39 -05:00
Roeland Jago Douma e9c6fe2fd8 Merge pull request #4222 from nextcloud/dav-search-fileid 
Allow searching file by fileid
 2017-04-10 15:57:56 +02:00
Georg Ehrke c99bdc9eb4
don't remove owner property for public calendars 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-09 21:20:59 +02:00
Lukas Reschke 63288ebc50
Don't list on public calendar endpoints 
There is no need to allow listing here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-05 22:43:05 +02:00
Robin Appelman bb7e236e74
Allow searching file by fileid 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-04-05 15:22:53 +02:00
Morris Jobke 51bcb0bbe1 Merge pull request #3620 from nextcloud/feature/1463/editable_color_name_for_shared_calendars 
allow sharees to edit certain calendar properties for themselves
 2017-04-03 13:12:56 -05:00
Joas Schilling 43143e170e
Make sure transparency is an integer when saving a calendar 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-30 17:58:33 +02:00
Robin Appelman 429f8ae011
Allow getting the unread comment count for an entire folder at once 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 12:48:24 +02:00
Morris Jobke c1030a34a5 Merge pull request #4062 from nextcloud/downstream-26872 
Adding dav resource for avatars
 2017-03-29 10:30:22 -06:00
Roeland Jago Douma 00839a5ac5 Merge pull request #4066 from nextcloud/always-fix-the-values-live 
Directly fix invalid values of DTEND and DTSTART
 2017-03-29 10:13:10 +02:00
Roeland Jago Douma 7cc96c2121
Don't output jpeg if we request png 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-29 00:05:04 +02:00
Lukas Reschke 2a77727897
Fix PHPDoc 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-29 00:04:29 +02:00
Roeland Jago Douma f0850b266e
Fix inspection results 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-29 00:04:29 +02:00
Thomas Müller 836271e0fd
Adding AvatarNodeTest 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:04:29 +02:00
Thomas Müller 3e93f491f2
Adding AvatarHomeTest 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:04:29 +02:00
Thomas Müller 73007255ce
Return last modification time to allow proper listing in cadaver 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:04:29 +02:00
Thomas Müller 23aab05bda
Adding dav resource for avatars 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:04:29 +02:00
Georg Ehrke 242bb746b9
OCA\DAV\Files\CustomPropertiesBackend -> OCA\DAV\DAV\CustomPropertiesBackend 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-03-27 19:15:51 +02:00
Georg Ehrke b887adf386
allow sharees to edit certain calendar properties for themselves 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-03-27 17:21:57 +02:00
Joas Schilling 3bd501aad2
Directly fix the values 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-26 13:09:53 +02:00
Georg Ehrke 896dd76ab5
fix bug with shared_by for own calendars if shared 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-03-25 23:07:09 +01:00
Bjoern Schiessle ee014bddbd
fix tests 
calling getAbsoluteBundlePath() in the constructor makes other tests fail

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-03-24 11:27:01 +01:00
Joas Schilling 33867f331c
Load cert file before syncing addressbooks and contacts 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-24 11:06:44 +01:00
Bjoern Schiessle aa26a3ae74
use right format for avatars 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-03-24 11:06:44 +01:00
Bjoern Schiessle e637113452
don't add empty values to the vcard 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-03-24 11:06:44 +01:00
Bjoern Schiessle faf836b0c0
fix the way we create a new vcard to avoid to have multiple UIDs 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-03-24 11:06:41 +01:00
Christoph Wickert 07b35b7bae DummyGetResponsePlugin: ownCloud -> Nexcloud 
Signed-off-by: Christoph Wickert <cwickert@suse.de>
 2017-03-18 12:59:25 +01:00
Markus Goetz 075a606514
Chunking NG: Assemble in natural sort order of files 
For https://github.com/owncloud/client/pull/5476

Before this, the assembly could be bogusly in the order 0,1,10,11,2,3 etc.

As per the spec "The name of every chunk should be its chunk number."
https://github.com/cernbox/smashbox/blob/master/protocol/chunking.md

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-17 00:06:31 -06:00