In some cross-local-storage use cases, the Local storage is
instantiated with "/" as data directory. In such cases, calling
realpath() would cause PHP warnings when open_basedir is set.
This fix bypasses the realpath() call when dealing with a root storage.
Downstreaming of https://github.com/owncloud/core/pull/26060
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Right now a failed "copyr" will result in the error log being spammed with not really helpful error messages. Also situations such as `$dir` returning `false` are not really caught.
This adds more error handling and logging to make debugging such situations easier.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
In some cross-local-storage use cases, the Local storage is
instantiated with "/" as data directory. In such cases, calling
realpath() would cause PHP warnings when open_basedir is set.
This fix bypasses the realpath() call when dealing with a root storage.
Downstreaming of https://github.com/owncloud/core/pull/26060
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* put a file without a generated preview in the trashbin
(e.g. a *.docx file)
* open the trashbin
* following errors will show up in the nextcloud.log:
- filesize(): stat failed for ...
- fopen(...): failed to open stream: No such file or directory at ...
- fread() expects parameter 1 to be resource, boolean given at ...
- fclose() expects parameter 1 to be resource, boolean given at ...
- imagecreatefromstring(): Empty string or invalid image at ...
This is because the preview code tries to load an SVG image, which
is obviously only text.
The fix simply handles this before the loading happens and the web UI
keeps showing the default mimetype icon.
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
Some user agents are notorious and don't really properly follow HTTP
specifications. For those, have an automated opt-out. Since the protection
for remote.php is applied in base.php as starting point we need to opt out
here.
Nextcloud bot
Lukas Reschke
Morris Jobke
Juan Pablo Villafañez
Joas Schilling
Vincent Petry
Thomas Müller
Roeland Jago Douma
michag86
Bjoern Schiessle