This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.
As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.
The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.
Fixes https://github.com/nextcloud/server/issues/5088
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This helps massively reduce the numerous useless 401 exceptions that
appears in the test log. These appear only because Sabre first connects
without any auth type to receive the challenge and then sends the
authentication data.
With this change it will directly use basic auth.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
There is a bunch of javascript we always load from vendors. This
combines this into 1 javascript file. Which reduces the number of
request by ~10.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This will help user to selectively move the folders
specified using --path option, instead of moving
entire folder under files directory.
Signed-off-by: Sujith H <sharidasan@owncloud.com>
Update the integration test for transfer-ownership
Update the integration test for transfer-ownership
as the new option --path is introduced in the command.
Signed-off-by: Sujith H <sharidasan@owncloud.com>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Lukas Reschke
Morris Jobke
Vincent Petry
Sergio Bertolin
Joas Schilling
Roeland Jago Douma
Robin Appelman
Roeland Jago Douma
Sujith H