In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When "send password by Talk" was disabled in a mail share it was
possible to keep the same password as before, as it does not pose any
security issue (unlike keeping it when "send password by Talk" is
enabled, as in that case the password was already disclosed by mail).
However, if a mail share is updated but the password is not set again
only the hashed password will be available. In that case it would not
make sense to send the password by mail, so now the password must be
changed when disabling "send password by Talk".
Note that, even if explicitly setting the same password again along with
the "send password by Talk" property would work, this was also prevented
for simplicity.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When "send password by Talk" is enabled in a mail share a new password
must be also set. However, when the passwords of the original and the
new share were compared it was not taken into account that the original
password is now hashed, while the new one is not (unless no new password
was sent, in which case the password of the original share was set in
the new share by the controller, but that was already prevented due to
both passwords being literally the same), so it was possible to set the
same password again.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When "send password by Talk" is enabled in a link share now a non empty
password is enforced.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Before the resources/config/ca-bundle.crt was only used when the list of custom
certificates was empty and the instance was not installed. But it should also
be used when the list is empty and the instance is installed.
This is inverting the logic to stop if the instance is not installed to use the
default bundle. And it also does this when the list is empty.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
In test it reduced the transfered data from 5 MB to 2 MB. This should reduce the load on the appstore significantly.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.
Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Previous implementation assumes the app path is always a child \OC::$SERVERROOT. That's not always true.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Also prefix resources
Unify the prefix handling
Handle urls with and without slash
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Else the number of files can grow very large very quickly in the preview
folder. Esp on large systems.
This generates the md5 of the fileid. And then creates folders of the
first 7 charts. In that folder is then a folder with the fileid. And
inside there are the previews.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
these are actually expected to FAIL, because NULL as a userid is not
allowed in the schema, but documented to be used on the source
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
JSUnit tests are failing for some reason. It seems to be related to a new karma-coverage version published a few hours ago.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
hashes are set in "X-Hash-MD5", "X-Hash-SHA1" and "X-Hash-SHA256" headers.
these headers are set for file uploads and the MOVE request at the end of a multipart upload.
Signed-off-by: Robin Appelman <robin@icewind.nl>
Bump p-limit from 2.2.2 to 2.3.0, @nextcloud/auth from 1.2.2 to 1.2.3, @babel/preset-env from 7.8.7 to 7.9.5, @nextcloud/event-bus from 1.1.3 to 1.1.4, @nextcloud/password-confirmation from 1.0.0 to 1.0.1, @nextcloud/l10n from 1.2.2 to 1.2.3, @nextcloud/initial-state from 1.1.1 to 1.1.2, core-js from 3.6.4 to 3.6.5 …
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
If the value was never enabled or disabled, the settings show "Restrict
username enumeration to groups" as disabled. However, in some components
it was enabled by default, which caused an inconsistency in the
behaviour with respect to the settings, for example in the contacts
menu.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Daniel Calviño Sánchez
Joas Schilling
Roeland Jago Douma
Arthur Schiwon
Christoph Wurst
Julius Härtl
Morris Jobke
Clement Wong
Roeland Jago Douma
Jan-Christoph Borchardt
Robin Appelman
MichaIng
Daniel Kesselberg
Sander Ruitenbeek
John Molakvoæ
Joas Schilling
John Molakvoæ (skjnldsv)
Christoph Wurst
Azul
Arne Hamann