* this code adds a cookie when a special get parameter is set
* the content of this get parameter is used as value for the cookie
* the cookie expires after 20 seconds
* the JS code checks every 500 milliseconds for the cookie
-> if the cookie is set the request returned and the download is started
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈
Fixes https://github.com/owncloud/core/issues/14196 for core
Some code paths called the `normalizePath` functionality with types other than a string which resulted in unexpected behaviour.
Thus the function is now manually casting the type to a string and I corrected the usage in list.php as well.
`\OCA\Files\Helper::buildFileStorageStatistics` might throw an exception from `OC_Helper::getStorageInfo`, previously this lead to a uncatched exception being thrown when invoking this methods.
This was user triggable by for example calling `/index.php/apps/files/ajax/delete.php` with a not existing dir (for example `dir=asdf/../&allfiles=true`)
Furthermore a not logged-in user was able to access this page before which resulted in a Fatal PHP error since the filesystem could not get setup properly.
Otherwise when the file without any specified mimetype was accessed the error log was flooded with entries such as "Undefined index: mime", there can be multiple issues found about this in the forum and our bugtracker.
To test this access `/index.php/apps/files/ajax/mimeicon.php` with and without `$_GET['mime']`.
Fixes itself.
Moved populateTags to be done on the main file list.
This prevents the public file list to go through the same code and cause
an error when there is no user.
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)
Get final redirect manually using get_headers()
Migrate to HTTPHelper class and add unit tests
When moving files on storages that don't expose permissions, the storage
itself might throw an exception when the permission is denied.
This fix ensures that exceptions are caught and forwarded to the client
instead of just hanging.