Commit Graph

83 Commits

Author SHA1 Message Date
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Robin Appelman 8b58b4c2a7
Fix invalid path repair step not getting all invalid entries
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-18 14:01:49 +02:00
Morris Jobke 01466ab840 Merge pull request #5715 from nextcloud/master-5655
Fixed repair step
2017-07-13 19:30:05 +02:00
Robin Appelman 350e036c56 chunk getting invalid paths and reuse queries
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-13 16:37:38 +02:00
Robin Appelman 4a727a578c use a generator instead of fetching all rows at once
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-13 16:37:34 +02:00
Joas Schilling c6b7204fcb
Don't throw an error when the table doesn't exist
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-12 15:35:24 +02:00
Morris Jobke b4a221f9be Merge pull request #5424 from nextcloud/moveFromCache-from-shared
fix moving folders out of a cache jail
2017-07-06 18:31:18 +02:00
Robin Appelman 601362e164
adjust to moved repair step
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-06-29 14:45:08 +02:00
Morris Jobke 846e62c225 Run repair step only once
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-06-22 15:43:59 -05:00
Robin Appelman d3c20eefca
Add repair step for invalid paths
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-06-21 15:52:27 +02:00
Arthur Schiwon c1d9565131
added kml, kmz, tcx types as well while at it
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-06-14 11:02:05 +02:00
Arthur Schiwon addcda9325
add geospatial mime types repair step
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-06-14 10:48:56 +02:00
Joas Schilling 682a57d50e
Copy avatars to the new location
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-18 10:49:04 +02:00
Joas Schilling c90d56748f
We want to see 1 in 100 messages, not all but the 100th
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-18 10:49:04 +02:00
Joas Schilling 2259140e3b
Add some more casting
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-18 10:49:04 +02:00
Joas Schilling 0e325756c3
Avoid problems for some DBs by removing the table completly
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-18 10:49:03 +02:00
Joas Schilling c6a5a25b48
Add a migration step to save the data from the accounts table before migrating
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-18 10:48:54 +02:00
Lukas Reschke 0c5a48c4a4
Add tests for repairstep
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:52 +02:00
Lukas Reschke 47cd976035
Add app bundles
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:49 +02:00
Stefan Weil c9e08a6445 Add repair steps for new image mime types
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-04-25 18:56:23 +02:00
Morris Jobke c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Robin Appelman 11c1e5dd86
fix whitespace in cleantags
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:49:09 +02:00
Morris Jobke 713f684a8b
Adding tests for 4 byte unicode characters
* success on SQLite and Postgres
* failure on MySQL due to the limited charset that only supports up to 3 bytes

Add config option to update charset of mysql to utf8mb4

* fully optional
* requires additional options set in the database

only disable unicode test on mysql

Fixing ctor call

Adding docker based unit test execution for mysql utf8mb4

Add mysqlmb4 test configuration to Jenkinsfile

fix collation on utf8mb4

Properly setup charset and collation in the doctrine connection

Allow files containing 4-byte chars in case the database supports it

During setup of a mysql database we try to detect if charset 'utf8mb4' can be used

Fix mysql settings

Add console command to migrate the charset

Set ROW_FORMAT before setting collation to mb4

Also select tables with wrong collation

Faster MySQL docker

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-21 16:42:12 -06:00
Morris Jobke d99ce3971b
Namespace and array syntax fixes
* minor fixes in preparation of a bigger DB and config PR

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 14:52:54 -06:00
Joas Schilling 0beb78517f
Fix DI
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-03 12:20:02 +01:00
Morris Jobke 0b12eb0640
Execute UpdateLanguageCode only once
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-02 21:53:36 -06:00
Joas Schilling ba472f7ce0
Fix table name and add a test for more than 1 entries
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-02 09:11:47 +01:00
Morris Jobke 1bcd396679
Change language code for languages with only one translation
* then the language is not that specific and get also matched for fi
* fallback from fi_FI to fi is supported - the other way around not
* contains repair script
* contains tests for repair script
* fixes #869

Order results to make postgres happy

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-01 22:35:28 -06:00
Morris Jobke 2bbf3b18d9
cleanup old and not needed repair steps to speed up the update
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 22:35:18 -06:00
Morris Jobke c2d3e12e23
Remove unneeded UpdateCertificateStore.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 21:26:59 -06:00
Joas Schilling ade91c8fe2
Recognize .bat and .cmd files
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 14:25:25 +01:00
blizzz 64e9a1aec0 Merge pull request #3176 from nextcloud/default-value-datadir
Add proper default value for datadir
2017-01-30 13:01:24 +01:00
Robin Appelman c76fe2b4f5
remote now unneeded AvatarPermissions repair step
Avatars are now stored in appdata

Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-01-26 19:24:55 +01:00
Morris Jobke a4ad8af6e3
Add proper default value for datadir
* better safe than sorry
* fixes #3091

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-19 19:49:41 -06:00
Joas Schilling 77b5d7bc86
Change the row-format before changing the collation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-12 16:54:29 +01:00
Joas Schilling 22e74cf5ac
Use the new expression
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 14:30:25 +01:00
Lukas Reschke 5d01004368
Adjust version to Nextcloud
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-05 14:30:25 +01:00
Vincent Petry 7baa4ea1a4
Add repair step to fix file share permissions
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-05 14:30:22 +01:00
Vincent Petry 252eddadd9
Remove obsolete RepairLegacyStorages repair step
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-19 17:45:46 +01:00
Joas Schilling d5df692481
Add a repair step to fix broken mounts
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-13 13:54:18 +01:00
Roeland Jago Douma e3d6b4fe1c
Fixed correct filename of MoveAvatarsBackgroundJob
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-13 12:46:58 +01:00
Roeland Jago Douma 542f1a7e0b Merge pull request #2405 from nextcloud/add-avatar-job-once
Execute MoveAvatars repair step only once
2016-11-30 11:36:01 +01:00
Morris Jobke 69db58250a
Execute MoveAvatars repair step only once
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-11-29 16:55:13 +01:00
Roeland Jago Douma 78a318d388
Add test if repair step is already done
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-19 20:26:53 +01:00
Roeland Jago Douma ccb05dbb17
Adds background job to cleanup all previews.
* A repair step that inserts a background job for each user
* Each background job will delete for 15 seconds if it takes longer we
reschedule. This is done so instances that don't use the system cron
won't time out.
* Added tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-19 20:14:44 +01:00
Morris Jobke e7ec4601a3
Use callForSeenUsers for avatar migration
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-28 08:44:05 +02:00
Jörn Friedrich Dreyer f8352fcb8d
introduce callForSeenUsers and countSeenUsers (#26361)
* introduce callForSeenUsers and countSeenUsers

* add tests

* oracle should support not null on clob

* since 9.2.0
2016-10-28 08:44:05 +02:00
Joas Schilling 15bbe02106
Ignore failures of collation change in the pre update step
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Morris Jobke cc28f82b36
Add config option to update charset of mysql to utf8mb4
* fully optional
* requires additional options set in the database
2016-10-19 00:15:01 +02:00
Roeland Jago Douma a7be37d735
DI fails for bg job
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:17 +02:00