When the ownership of a user share is transfered to the receiver the
share is removed, as the receiver now owns the original file. However,
due to a missing condition, any share with a group, link or remote with
the same id as the user was removed, not only the user shares.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Add "PARENT (2)" and its subdirectories to the paths to be checked, as
before only the own "PARENT" folder was being checked, but not the
shared one.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When a file is shared and the receiver of the share already has a file
with the same name that file is left untouched, and "(2)" is appended to
the name of the shared file.
As "textfile0.txt" is included in the user folder skeleton all the users
in the integration test have that file, so when it is shared the
receiver sees the share as "/textfile0 (2).txt", and her own file as
"/textfile0.txt".
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When using fake servers with Sinon.JS, the JavaScript test framework,
the XHR objects are also fake. In Sinon 5.0.8 the "setRequestHeader" of
XMLHttpRequest was modified to normalize the header values (as requested
by the spec), but since then only string values are accepted; null or
integer values can no longer be passed to "setRequestHeader", as it
expects the "replace" function to be available in the object. However,
in the tests null and integer values are passed to "setRequestHeader",
which causes them to fail.
Both Firefox and Chromium accept passing non-string values to their
"setRequestHeader" implementation, and it is done, for example, in
davclient.js; it is not clear yet whether Sinon got too restrictive or
the code calling "setRequestHeader" was too loose. Given that
davclient.js is an external dependency, as a temporary measure Sinon
version is forced to be 5.0.7 at most until either Sinon or davclient.js
are updated.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
test creating comments with numeric user ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
fix creating comments when file is accessible to users with numeric ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
tests for systemtags related to numeric user ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
fix systemtags event with numeric user ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
The slide gesture is enabled or disabled depending on the width of the
browser window. In order to easily control that width the karma-viewport
plugin is now used in the unit tests.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.
As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.
The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.
Fixes https://github.com/nextcloud/server/issues/5088
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Daniel Calviño Sánchez
Joas Schilling
Arthur Schiwon
Morris Jobke
Roeland Jago Douma
Thomas Müller
Robin Appelman
Björn Schießle
Julius Härtl
Lukas Reschke
Vincent Petry
Sergio Bertolin