mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
56,889 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

10873 Commits

Author SHA1 Message Date
Julius Härtl c4ea37b8a1
Address minor comments 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 15:51:41 +01:00
Julius Härtl 36ffad5ba7
Make sure the migrations table schema is always checked 
Signed-off-by: Julius Härtl <jus@bitgrid.net>

Revert "Make sure the migrations table schema is always checked"

This reverts commit 258955ef738a52d9da2ac2fe59466e6093d7e9bc.

Set current vendor during upgrade and perform migrations table change if needed

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 15:24:03 +01:00
Julius Härtl 20949d7f48
Properly migrate from new owncloud avatar location 
as the files are not scanned we cannot use the OCP\Files api

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 15:23:29 +01:00
Julius Härtl f3150f29a7
Introduce deck share type to ShareAPIController 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 13:20:24 +01:00
Julius Härtl f2f3ad733f
Dummy general share checks for deck 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 13:20:23 +01:00
Julius Härtl e906138d8d
Let sharees endpoint properly handle deck shares 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 13:20:23 +01:00
Julius Härtl fcc0d35895
Add share type for deck 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 13:20:23 +01:00
Julius Härtl fdea545415
Allow apps to register their share providers from outside 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 13:20:23 +01:00
Julius Härtl 9fe94f282f
Readd repair steps that are relevant when migrating from ownCloud 
This reverts commit d9b1492e03.

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 12:13:35 +01:00
Julius Härtl 2607ac3fb2
Allow major/minor match for owncloud version 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 12:13:33 +01:00
Julius Härtl f5501ca276
Avoid checking for brute force protection capabilities when upgrading 
This might happen a releases that doesn't have this table yet

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 12:13:33 +01:00
Julius Härtl 7518f67f33
Drop fk constraints on locks table 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-09 12:13:32 +01:00
Joas Schilling c8e0f3015f
Merge pull request #24398 from nextcloud/fix/do-not-update-incompatible-app 
Do not update incompatible apps
 2020-12-09 09:28:25 +01:00
Joas Schilling 13a1eb6494
Merge pull request #24598 from nextcloud/techdebt/noid/wrap-the-exception-to-make-debuggin-easier 
Make debugging migration exceptions easier
 2020-12-08 17:10:20 +01:00
Joas Schilling 86a3b7e7bf
Merge pull request #24486 from nextcloud/feature/noid/phone-number-validation 
Phone number validation and search
 2020-12-08 17:05:38 +01:00
Joas Schilling 13a438b322
Fix PHP code style 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-08 13:08:47 +01:00
Joas Schilling 354c5ff024
Add a repairstep to validate the phone numbers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-07 20:35:54 +01:00
Joas Schilling c1f28f8d35
Make debugging migration exceptions easier 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-07 19:35:01 +01:00
Tigran Mkrtchyan f3513f3fe4 files: Local#writeStream should use it's own file_put_contents 
The OC\Files\Storage\Local#writeStream use system provided file_put_contents.
However, it overrides file_put_contents, thus expects that the default behaviour
can be different.

Use Local#file_put_contents in writeStream to benefit from class specific functionality.

Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
 2020-12-07 18:11:40 +01:00
Roeland Jago Douma 7f61535a1a
GD images 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-07 15:44:04 +01:00
Roeland Jago Douma c02e6fcae2
fix appconfig tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-07 15:44:04 +01:00
Roeland Jago Douma 0e10d8cb7c
Fix locking logic 
The comparrison on php8 return true while <php8 it is false.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-07 15:44:04 +01:00
Joas Schilling f648635758
Make the throwing optional, so background tasks don't break 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-07 14:19:38 +01:00
Joas Schilling 46b073d7ce
Add a config for default region of phone numbers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-07 14:19:38 +01:00
Joas Schilling 9e04e6f99a
Also translate the phone number when coming in via the accounts manager API directly 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-07 14:19:38 +01:00
Joas Schilling fe9c46e595
Add an endpoint to search for accounts based on phone number 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-07 14:19:37 +01:00
Joas Schilling eaba155a09
Add a database table for the accounts data so we can search it better 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-07 14:19:37 +01:00
Joas Schilling da9462b482
Make code strict 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-07 14:19:37 +01:00
Christoph Wurst cbb34af53f
Do not update incompatible apps 
Previously there was no (platform) dependency check for an app that was
installed before. So Nextcloud happily upgraded an app that now requires
a php version newer than the current one. Which means in the lucky case
you see a failing upgrade due to the language incompatibility, or in the
unlucky case you see unexpected errors later in production.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-04 17:05:22 +01:00
Christoph Wurst 24237f1a34
Check php compatibility of app store app releases 
Apps might increase the minimum php version requirement, in which case
an update could break the app or even the whole instance. We must not
install those releases, or better, don't even show them for
update/installation. This extends the app fetcher code to filter out the
releases that are not installable.

The filter respects minimum and maximum requirements. E.g. apps that are
still only released for php7.3 won't show up for php7.4 instances. This
behavior is new but if an app lists an explicit version requirement,
then we ought to repect that.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-04 16:52:31 +01:00
Roeland Jago Douma f0862dcfaa
Merge pull request #24552 from nextcloud/enh/remember_me_is_not_app_password 
Remember me is not an app_password
 2020-12-04 16:35:44 +01:00
Morris Jobke 0d7819eb6c
Merge pull request #24550 from nextcloud/enh/fix/new_session_id_if_decrypt_fails 
Generate a new session id if the decrypting the session data fails
 2020-12-04 12:52:59 +01:00
Morris Jobke 5cc348ae72
Fix typo 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-12-04 12:51:45 +01:00
Roeland Jago Douma 48b4b83b5a
Remember me is not an app_password 
While technically they are stored the same. This session variable is
used to indicate that a user is using an app password to authenticate.
Like from a client. Or when having it generated automatically.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-04 12:40:28 +01:00
Roeland Jago Douma 858f623081
Generate a new session id if the decrypting the session data fails 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-04 11:42:40 +01:00
Vincent Petry 9b3361ce87
Don't log params of imagecreatefromstring 
To prevent flooding the log with actual image data.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2020-12-04 09:30:20 +01:00
Roeland Jago Douma c9cd633665
Fix the download of multiple files from the webUI 
needed a setupFS call

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-03 13:20:01 +01:00
Joas Schilling 64bc7c79e8
Merge pull request #24498 from nextcloud/enhancement/nextcloud-log-normalizer 
Replace abandoned log normalizer with our fork
 2020-12-03 11:04:49 +01:00
Julius Härtl 04d67d558e
Also handle legacy cipher support when encryption is disabled but an old master key is present 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-03 09:47:05 +01:00
Christoph Wurst 244c53dea1
Replace abandoned log normalizer with our fork 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-03 09:44:25 +01:00
Morris Jobke 4d64ec9944
Merge pull request #24519 from nextcloud/fix/bug/emailtemplate 
Fix vsprint parameter
 2020-12-03 09:13:58 +01:00
Roeland Jago Douma 3d315ec64f
Fix vsprint parameter 
%2\$; is not valid. On php7 this is just ignored but on php8 it gives an
error. %2\$s; works.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-03 08:25:11 +01:00
Roeland Jago Douma 04c037ebfd
[3rdparty] Migrate to Opis/Closure 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-02 20:16:57 +01:00
Roeland Jago Douma 6f4d3edb5e
Merge pull request #24113 from nextcloud/extend-cache-events 
extend cache events
 2020-12-02 19:48:20 +01:00
Christoph Wurst 4deff37a3c
Merge pull request #23278 from nextcloud/enh/noid/user-limits 
Allow subscription to indicate that a userlimit is reached
 2020-12-02 18:22:13 +01:00
Morris Jobke e580f91143
Merge pull request #23257 from aler9/patch-32bit-filesize-master 
Fix file size computation on 32bit platforms
 2020-12-02 16:22:24 +01:00
Roeland Jago Douma d69407963c
Merge pull request #24500 from nextcloud/bugfix/noid/log_query_no_crash 
Prevent log_query to mess up regular execution flow
 2020-12-02 16:15:26 +01:00
Robin Appelman aef1cdba03
code style and dispatchTyped 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2020-12-02 16:15:02 +01:00
Morris Jobke c0a05c0412
Add notification for user limit 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-12-02 15:20:03 +01:00
Morris Jobke d87705a894
Allow subscription to indicate that a userlimit is reached 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-12-02 15:20:03 +01:00
Vincent Petry a50bcdabcc
Prevent log_query to mess up regular execution flow 
When the "log_query" debug config parameter is set, SQL queries are
logged. However, if an error occurs when converting the values to
string, it will abort the request.

This fix catches the error and continues instead.

Also added handler for DateTime value which is already known to cause
aborts here.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2020-12-02 14:10:35 +01:00
aler9 ac0c7a8fe0 Fix file size computation on 32bit platforms 
Signed-off-by: aler9 <46489434+aler9@users.noreply.github.com>
 2020-12-02 12:05:14 +01:00
Christoph Wurst 9a3cc099db
Merge pull request #24414 from nextcloud/techdebt/remove-update-php 
Remove the deprecated update.php
 2020-11-30 12:11:03 +01:00
Morris Jobke 83a75c670b
Replace static call to Share::unshare with ShareManager->deleteShare in tests 
And then cleanup all the code that is dead then...

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-30 09:51:18 +01:00
Morris Jobke 6564a95160
Remove now unused methods in Share.php due to the reduced code complexity in Share::getItems 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-29 23:28:16 +01:00
Morris Jobke 10e5ae5e18
Remove unused method Share Helper::generateTarget 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-29 22:52:52 +01:00
Morris Jobke a125d8aaa1
Reduce code complexity in Share::getItems by tracing all remaining callers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-29 22:30:09 +01:00
Morris Jobke 596df8fc6f
Remove unused Share::getItemSharedWithBySource() 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-29 22:24:12 +01:00
Christoph Wurst fd649afb1f
Remove the deprecated update.php 
* It was documented as deprecated.
* The app code checker warned about it
* It's been three years

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-11-27 13:02:59 +01:00
Robin Appelman 88f35d52d2
rename cache event to follow new naming standards 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2020-11-26 15:39:46 +01:00
Robin Appelman 23fb497ff5
extend cache events 
- adds cache remove event
- expose storage id in event
- emit events during cache move

Signed-off-by: Robin Appelman <robin@icewind.nl>
 2020-11-26 15:22:03 +01:00
Christoph Wurst 7dd39a91ee
Remove dead method \OC\Updater::checkAppUpgrade 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-11-26 14:48:41 +01:00
Christoph Wurst 54e3beba16
Merge pull request #24319 from nextcloud/techdebt/noid/streamline-user-creation-and-deletion-events 
Streamline user creation and deletion events
 2020-11-26 14:09:54 +01:00
Roeland Jago Douma 2172432420
Merge pull request #23912 from nextcloud/objectstore-copy 
use in objectstore copy
 2020-11-25 16:09:26 +01:00
Arthur Schiwon 9cfa8a6c44
send expected format of cloud id 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2020-11-24 23:14:43 +01:00
blizzz 5d03b5c5dd
Merge pull request #24162 from nextcloud/fix/noid/fedshares-displaynamez 
set the display name of federated sharees from addressbook
 2020-11-24 17:23:37 +01:00
blizzz 6156a49f6e
Merge pull request #24341 from nextcloud/fix/sharing-enforce-expire-checkbox 
Fix the config key on the sharing expire checkbox
 2020-11-24 15:49:49 +01:00
Robin Appelman 9d4848e863
use in objectstore copy 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2020-11-24 15:16:58 +01:00
Christoph Wurst 2526c5e042
Fix the config key on the sharing expire checkbox 
We don't use `shareapi_internal_enforce_expire_date` anywhere.
`shareapi_enforce_internal_expire_date` is the one we want.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-11-24 14:17:41 +01:00
Arthur Schiwon 16a78f535a
set the display name of federated sharees from addressbook 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2020-11-24 11:30:11 +01:00
Roeland Jago Douma c2c539a754
Merge pull request #24323 from nextcloud/fix/comments-tab-missing 
Fix reverse registration and missing comments tab
 2020-11-24 09:34:50 +01:00
Roeland Jago Douma 8ac9767881
Merge pull request #24312 from nextcloud/bugfix/noid/fix-router-alias 
Add proper alias for internal router class
 2020-11-24 08:43:29 +01:00
Christoph Wurst decc5c844b
Fix reverse registration and missing comments tab 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-11-24 08:28:19 +01:00
Julius Härtl d9708ebece
Add proper alias for internal router class 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-11-24 08:01:39 +01:00
Morris Jobke f4c1512bb7
Fix typo in @deprecated PHPDoc tag 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-24 00:13:09 +01:00
Morris Jobke 9bf76d2bad
Streamline user creation and deletion events 
CreateUserEvent was the only one that didn't matched the naming scheme of BeforePASTTENSEEvent and PASTTENSEEvent. The event wasn't used at all so this just removes it again as there is BeforeUserCreatedEvent that is also available since 18.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-23 23:59:52 +01:00
Morris Jobke 9a0428835f
Merge pull request #24267 from nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent 
Auto-wire remaining encryption app services that depend on View
 2020-11-22 22:33:53 +01:00
Roeland Jago Douma 032de4f333
Merge pull request #24269 from nextcloud/taint-specialize 
Mark getAppPath as specialized taint
 2020-11-22 13:39:46 +01:00
Lukas Reschke d25ca1976b Mark getAppPath as specialized taint 
Should remove some false positives.

https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-21 01:15:15 +00:00
Lukas Reschke 98ddfdd1e8 Mark cleanAppId as sanitizer for include 
Should remove a bunch of false positive code scanning results.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-21 00:57:25 +00:00
Morris Jobke e606c0eef4
Allow View to be used via DI 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-21 00:18:59 +01:00
Morris Jobke db3a3bee37
Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-app 
Auto-wire as much as possible in the encryption app
 2020-11-21 00:04:54 +01:00
Morris Jobke 6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis 
Add Psalm Security Analysis
 2020-11-21 00:04:37 +01:00
Morris Jobke 5be18215fb
Auto-wire as much as possible in the encryption app 
Also cleans up only non-classname services in the server container

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-20 23:13:22 +01:00
Lukas Reschke 47ac8e0028
Add Psalm Taint Flow Analysis 
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/

Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-20 23:12:00 +01:00
Carlos Ferreira a42eb05a35
Simple typo in comments 2020-11-20 20:01:28 +01:00
Morris Jobke 691409cdec
Merge pull request #24062 from nextcloud/revert-24060-revert-24039-faster-installation 
Revert "Revert "Installation goes brrrr""
 2020-11-20 15:02:51 +01:00
Roeland Jago Douma b71803802c
Harden EncryptionLegacyCipher a bit 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-20 09:52:55 +01:00
Morris Jobke 1b613c84e9
Merge pull request #24007 from nextcloud/select-distinct-multiple 
allow selecting multiple columns with SELECT DISTINCT
 2020-11-19 22:39:01 +01:00
Morris Jobke c2510ecae9
Merge pull request #24103 from nextcloud/bugfix/noid/groupfolder-share-object-storage 
Only check path for being accessible when the storage is a object home
 2020-11-19 22:37:28 +01:00
Morris Jobke 650ffc587f
Merge pull request #24164 from nextcloud/fix/lazy-app-registration 
Allow lazy app registration
 2020-11-19 22:35:09 +01:00
Roeland Jago Douma d602aa1825
Merge pull request #24135 from medical-cloud/fix/23357-nextcloud-logo-in-email-notifications-is-misaligned-in-version-20 
Fix nextcloud logo in email notifications misalignment
 2020-11-19 10:48:18 +01:00
medcloud 87ec4a0da3 Fix #23357 
Signed-off-by: medcloud <42641918+medcloud@users.noreply.github.com>
 2020-11-18 22:29:02 +01:00
Maxence Lange a0d9b15a80 missing level 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2020-11-18 18:30:07 -01:00
Christoph Wurst 3cf39c573f
Allow lazy app registration 
During app installation we run migration steps. Those steps may use
services the app registers or classes from composer. Hence we have to
make sure the app runs through the registration.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-11-18 08:48:45 +01:00
Roeland Jago Douma 72a9c35be3
Remove some IRouter methods 
This is not the end. IRouter needs to burn.
But it is a start.

🎵 we didn't start the fire 🎵

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-17 14:08:20 +01:00
Joas Schilling a8cb8e21c1
Add types to function builder 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-11-16 19:46:24 +01:00
Joas Schilling 9a3ce2f71f
Don't drop the table anymore when we create it again 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-11-16 19:34:38 +01:00
Robin Appelman a61a757b85
allow selecting multiple columns with SELECT DISTINCT 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2020-11-16 15:45:17 +01:00
Roeland Jago Douma 426dc68b45
Merge pull request #24069 from nextcloud/fix-default-internal-expiration-date 
Fix default internal expiration date
 2020-11-16 14:13:56 +01:00