Commit Graph

52610 Commits

Author SHA1 Message Date
zertrin af5380f5a8 Fix security header setting in .htaccess by adding 'onsuccess unset'
The headers might already be set by the system administrator at the http server
level (apache or nginx) for some or all virtualhosts.

Using "always set" in the .htaccess of Nextcloud leads to the situation where
the headers might be set twice (once in the default 'onsuccess' table and once
in the 'always' table)! Which leads to warnings in the admin area.

Adding "onsuccess unset" solves the problem, and forces the header in
the 'onsucess' table to be unset, and the header in the 'always' table to be set.

NOTE: with this change, Nextcloud overrides whatever the system administrator
might have already set

See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002

Signed-off-by: zertrin <zertrin@gmail.com>
2020-03-05 11:11:09 +08:00
Nextcloud bot 48b374f683
[tx-robot] updated from transifex 2020-03-05 02:18:19 +00:00
Nextcloud bot 0f9fe74020
[tx-robot] updated from transifex 2020-03-04 02:17:52 +00:00
Roeland Jago Douma 0be52ab134
Merge pull request #19739 from nextcloud/bugfix/noid/groupid-spaces
Do not use replace on the group id
2020-03-03 20:24:50 +01:00
Roeland Jago Douma 65b75c8bba
Merge pull request #19764 from nextcloud/fix/transfer-ownerhip-owner-check
Do not allow transfer ownership when the user isn't the owner
2020-03-03 20:20:43 +01:00
Christoph Wurst b57ffe8d75
Merge pull request #19766 from nextcloud/dependabot/composer/phpseclib/phpseclib-2.0.25
Bump phpseclib/phpseclib from 2.0.23 to 2.0.25
2020-03-03 19:32:01 +01:00
Christoph Wurst 6f9110932b
Bump phpseclib/phpseclib from 2.0.23 to 2.0.25
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-03 16:18:56 +01:00
Roeland Jago Douma 6ea1aef031
Merge pull request #19723 from nextcloud/bug/18603/avatar-response
Always use status 200 for avatar response
2020-03-03 16:15:14 +01:00
Christoph Wurst 57707aaec6
Merge pull request #19741 from nextcloud/dependabot/composer/pear/archive_tar-1.4.9
Bump pear/archive_tar from 1.4.8 to 1.4.9
2020-03-03 14:58:20 +01:00
Christoph Wurst 68b764bb0f
Do not allow transfer ownership when the user isn't the owner
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-03 14:48:45 +01:00
Roeland Jago Douma aaff6a0242
Merge pull request #19755 from nextcloud/bug/19754/translate-tags
Fetch translate for Tags from files app
2020-03-03 12:43:01 +01:00
Daniel Kesselberg c0009bdf6a Fetch translate for Tags from files app
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-03-03 10:29:21 +00:00
Christoph Wurst 4efee15541
Bump pear/archive_tar from 1.4.8 to 1.4.9
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-03 08:36:02 +01:00
Nextcloud bot 26ea9681ab
[tx-robot] updated from transifex 2020-03-03 02:18:20 +00:00
blizzz b54069189c
Merge pull request #19742 from nextcloud/bug/19740/add-msg-for-exception
Add message for DoesNotExistException
2020-03-02 16:19:30 +01:00
Roeland Jago Douma 64a29d01a4
Merge pull request #19731 from nextcloud/fix/15455/dont_hanlde_deleted_shares
Don't try to format deleted shares
2020-03-02 14:10:03 +01:00
Daniel Kesselberg 5ce9e73bad
Add message for DoesNotExistException
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-03-02 13:24:06 +01:00
Christoph Wurst 165fd30dc0
Merge pull request #19697 from nextcloud/dependabot/composer/aws/aws-sdk-php-3.133.23
Bump aws/aws-sdk-php from 3.93.9 to 3.133.23
2020-03-02 13:05:21 +01:00
Julius Härtl 6020a2efd9
Do not use replace on the group id
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-03-02 12:58:53 +01:00
Christoph Wurst 59837e2e9c
Bump aws/aws-sdk-php from 3.93.9 to 3.133.23
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-02 09:19:08 +01:00
Roeland Jago Douma 7613681627
Don't try to format deleted shares
Fixes #15455

The issue is that we have a fallback for shares to use the target. So
when the target exists again we happily format it (not that the shares
are still invalid).

This just tries to get the node. If we can't then boom.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-03-02 09:18:04 +01:00
Roeland Jago Douma fb9a6b8134
Merge pull request #19713 from nextcloud/dependabot/npm_and_yarn/sinon-9.0.0
Bump sinon from 8.1.1 to 9.0.0
2020-03-02 08:08:33 +01:00
Roeland Jago Douma 02999091e0
Merge pull request #19699 from nextcloud/bugfix/19349/allow-single-file-downloads
Allow single file downloads so the video player works again
2020-03-02 08:05:04 +01:00
Roeland Jago Douma 1ef982a967
Merge pull request #19722 from nextcloud/bug/18727/dont-resize-svg
Don't try to resize a svg uploaded as background image
2020-03-02 07:40:01 +01:00
Nextcloud bot 351cd95777
[tx-robot] updated from transifex 2020-03-02 02:17:53 +00:00
Daniel Kesselberg e35b76a12b
Don't try to resize a svg uploaded as background image.
image* are gd functions without support for svg hence we are not able to resize svg.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-03-01 21:19:07 +01:00
Roeland Jago Douma 48e57ebdce
Merge pull request #19714 from nextcloud/dependabot/npm_and_yarn/babel/core-7.8.6
Bump @babel/core from 7.8.4 to 7.8.6
2020-03-01 16:11:56 +01:00
dependabot-preview[bot] 2524a6af8c Bump @babel/core from 7.8.4 to 7.8.6
Bumps [@babel/core](https://github.com/babel/babel) from 7.8.4 to 7.8.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.4...v7.8.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-03-01 11:01:18 +00:00
Roeland Jago Douma e0596e4d79
Merge pull request #19712 from nextcloud/dependabot/npm_and_yarn/vue-router-3.1.6
Bump vue-router from 3.1.5 to 3.1.6
2020-03-01 10:25:19 +01:00
dependabot-preview[bot] 1600daa9e4 Bump vue-router from 3.1.5 to 3.1.6
Bumps [vue-router](https://github.com/vuejs/vue-router) from 3.1.5 to 3.1.6.
- [Release notes](https://github.com/vuejs/vue-router/releases)
- [Changelog](https://github.com/vuejs/vue-router/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/vuejs/vue-router/compare/v3.1.5...v3.1.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-03-01 07:28:39 +00:00
Roeland Jago Douma daa7534527
Merge pull request #19710 from nextcloud/dependabot/npm_and_yarn/babel-eslint-10.1.0
Bump babel-eslint from 10.0.3 to 10.1.0
2020-03-01 08:11:41 +01:00
Roeland Jago Douma 1b7cb9a6c7
Merge pull request #19709 from nextcloud/dependabot/npm_and_yarn/babel/preset-env-7.8.6
Bump @babel/preset-env from 7.8.3 to 7.8.6
2020-03-01 08:11:15 +01:00
Nextcloud bot 91acb72d6a
[tx-robot] updated from transifex 2020-03-01 02:18:37 +00:00
Daniel Kesselberg 68148f4073
Always use status 200 for avatar response
As discussed in #18603 caching a 201 response is hard. It's now possible to distinguish between generated and uploaded avatars by reading the X-NC-IsCustomAvatar (0 = generated, 1 = uploaded) header.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-03-01 00:42:24 +01:00
dependabot-preview[bot] 30d6ba7201 Bump @babel/preset-env from 7.8.3 to 7.8.6
Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.8.3 to 7.8.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.8.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-02-29 10:38:28 +00:00
Roeland Jago Douma e921e27a39
Merge pull request #19707 from nextcloud/fix/noid/non-centered-nojavascript
Fix non-centered no javascript message
2020-02-29 11:28:18 +01:00
dependabot-preview[bot] 48158d61ed
Bump sinon from 8.1.1 to 9.0.0
Bumps [sinon](https://github.com/sinonjs/sinon) from 8.1.1 to 9.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v8.1.1...v9.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-29 10:16:47 +00:00
dependabot-preview[bot] c2167ab6f9
Bump babel-eslint from 10.0.3 to 10.1.0
Bumps [babel-eslint](https://github.com/babel/babel-eslint) from 10.0.3 to 10.1.0.
- [Release notes](https://github.com/babel/babel-eslint/releases)
- [Commits](https://github.com/babel/babel-eslint/compare/v10.0.3...v10.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-29 10:14:08 +00:00
Gary Kim ff6db60b8c
Fix non-centered no javascript message
Signed-off-by: Gary Kim <gary@garykim.dev>
2020-02-29 10:43:42 +08:00
Nextcloud bot 1e16fa7a8f
[tx-robot] updated from transifex 2020-02-29 02:18:30 +00:00
Christoph Wurst 0cb00912ec
Merge pull request #19664 from nextcloud/feature/revive-send-welcome-email-toggle
Revive the "send email to new users" toggle for the user form
2020-02-28 17:11:12 +01:00
Joas Schilling a792a31448
Allow single file downloads so the video player works again
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-02-28 16:25:09 +01:00
Roeland Jago Douma de34786303
Merge pull request #19493 from nextcloud/simplefile-new-lazy
Create SimpleFile only when writing the content
2020-02-28 16:07:02 +01:00
Christoph Wurst d47daefe38
Revive the "send email to new users" toggle for the user form
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-02-28 14:01:03 +01:00
Joas Schilling 0f08acfe31
Merge pull request #19321 from nextcloud/enh/allow-to-overwrite-share-target-mountpoints
Allow to overwrite share target mountpoints
2020-02-28 13:41:13 +01:00
Christoph Wurst 36d6fca856
Merge pull request #19673 from nextcloud/dependabot/composer/php-opencloud/openstack-3.0.7
Bump php-opencloud/openstack from 3.0.6 to 3.0.7
2020-02-28 13:40:22 +01:00
Roeland Jago Douma 245125d81b
Bump autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-02-28 12:55:35 +01:00
Robin Appelman 63608ef461
allow writing content directly when creating new SimpleFile
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-02-28 12:55:22 +01:00
Robin Appelman 5ca1929e8c
Create SimpleFile only when writing the content
instead of first creating an empty file and then writing the content.

This solves the overhead of creating an empty file with the common pattern:

```php
$file = $simpleFilder->newFile('foo.txt');
$file->putContent('bar.txt');
```

roughly halving the number of storage and database operations that need to be done when creating a `SimpleFile`.

This is not automatically done with `File` because that has a more complex api which I'm more hesitant to touch.
Instead the `Folder::newFile` api has been extended to accept the content for the new file.

In my local testing, the overhead of first creating an empty file took about 20% of the time for preview generation

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-02-28 12:55:22 +01:00
Robin Appelman fed86e8382
better tests for SimpleFolder
test behavior, not implementation

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-02-28 12:55:20 +01:00