mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
56,473 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

56473 Commits

Author SHA1 Message Date
dependabot-preview[bot] 01ec741e6c
Merge pull request #24272 from nextcloud/dependabot/npm_and_yarn/jquery-migrate-3.3.2 2020-11-24 09:29:34 +00:00
Roeland Jago Douma c2c539a754
Merge pull request #24323 from nextcloud/fix/comments-tab-missing 
Fix reverse registration and missing comments tab
 2020-11-24 09:34:50 +01:00
Roeland Jago Douma 82d3f50b78
Fix the OCP\BackgroundJob\Job to make it compatible with its interface 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-24 09:33:49 +01:00
dependabot-preview[bot] 0c2a6d1474 Bump jquery-migrate from 3.3.1 to 3.3.2 
Bumps [jquery-migrate](https://github.com/jquery/jquery-migrate) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/jquery/jquery-migrate/releases)
- [Commits](https://github.com/jquery/jquery-migrate/compare/3.3.1...3.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
 2020-11-24 08:06:06 +00:00
Roeland Jago Douma 8ac9767881
Merge pull request #24312 from nextcloud/bugfix/noid/fix-router-alias 
Add proper alias for internal router class
 2020-11-24 08:43:29 +01:00
Julius Härtl b3191edcda
Merge pull request #24271 from nextcloud/dependabot/npm_and_yarn/babel/preset-env-7.12.7 
Bump @babel/preset-env from 7.12.1 to 7.12.7
 2020-11-24 08:38:15 +01:00
Roeland Jago Douma ac42f94269
Merge pull request #24320 from nextcloud/typo/noid/fix-typo-in-deprecated 
Fix typo in @deprecated PHPDoc tag
 2020-11-24 08:31:38 +01:00
Roeland Jago Douma 14b563fe43
Merge pull request #24321 from nextcloud-pr-bot/automated/noid/psalm-baseline-update 
[Automated] Update psalm-baseline.xml
 2020-11-24 08:31:28 +01:00
Christoph Wurst decc5c844b
Fix reverse registration and missing comments tab 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-11-24 08:28:19 +01:00
Julius Härtl d9708ebece
Add proper alias for internal router class 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-11-24 08:01:39 +01:00
Nextcloud-PR-Bot fda21b35c4 Update psalm baseline 
Signed-off-by: GitHub <noreply@github.com>
 2020-11-24 04:25:08 +00:00
Nextcloud bot eddc31a07b
[tx-robot] updated from transifex 2020-11-24 02:18:55 +00:00
Morris Jobke f4c1512bb7
Fix typo in @deprecated PHPDoc tag 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-24 00:13:09 +01:00
Morris Jobke 9bf76d2bad
Streamline user creation and deletion events 
CreateUserEvent was the only one that didn't matched the naming scheme of BeforePASTTENSEEvent and PASTTENSEEvent. The event wasn't used at all so this just removes it again as there is BeforeUserCreatedEvent that is also available since 18.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-23 23:59:52 +01:00
Arthur Schiwon 21a53de451
avoid empty null default with value that will be inserted anyways 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2020-11-23 21:20:27 +01:00
Morris Jobke dc5f17f561
Merge pull request #24288 from nextcloud/techdebt/noid/encryption-setup-dependency-cleanup 
Remove unused dependencies in encryption app setup
 2020-11-23 20:43:42 +01:00
dependabot-preview[bot] 8f830c7754 Bump @babel/preset-env from 7.12.1 to 7.12.7 
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.12.1 to 7.12.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.7/packages/babel-preset-env)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
 2020-11-23 18:24:55 +00:00
Morris Jobke d9e0efbf72
Merge pull request #24289 from nextcloud/techdebt/noid/encryption-make-application-class-dependency-free 
[encryption] Remove dependency fetching inside the constructor and mo…
 2020-11-23 16:23:21 +01:00
Morris Jobke c832e6180b
Remove unused dependencies in encryption app setup 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-23 16:20:00 +01:00
Morris Jobke 5d88686b18
Merge pull request #24310 from nextcloud/perf/noid/theming-capabilities 
Optimize check if background is themed
 2020-11-23 15:48:57 +01:00
Roeland Jago Douma a3cff5abbe
Merge pull request #24273 from nextcloud/dependabot/npm_and_yarn/babel/core-7.12.7 
Bump @babel/core from 7.12.3 to 7.12.7
 2020-11-23 14:39:56 +01:00
Julius Härtl a0c0918ce2
Optimize chek if background is themed 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-11-23 13:48:05 +01:00
dependabot-preview[bot] f2a249ff71 Bump @babel/core from 7.12.3 to 7.12.7 
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.12.3 to 7.12.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.7/packages/babel-core)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
 2020-11-23 10:49:41 +00:00
Roeland Jago Douma 59a83b77ea
Merge pull request #24275 from nextcloud/dependabot/npm_and_yarn/moment-timezone-0.5.32 
Bump moment-timezone from 0.5.31 to 0.5.32
 2020-11-23 11:10:24 +01:00
Roeland Jago Douma e0a6f6d34b
Merge pull request #24251 from nextcloud/fix/sabre-parse-xml-errors 
Update sabre/xml to fix XML parsing errors (with empty strings)
 2020-11-23 10:28:06 +01:00
dependabot-preview[bot] f8af508907 Bump moment-timezone from 0.5.31 to 0.5.32 
Bumps [moment-timezone](https://github.com/moment/moment-timezone) from 0.5.31 to 0.5.32.
- [Release notes](https://github.com/moment/moment-timezone/releases)
- [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md)
- [Commits](https://github.com/moment/moment-timezone/compare/0.5.31...0.5.32)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
 2020-11-23 08:23:42 +00:00
Christoph Wurst a35a9a009d
Update sabre/xml to fix XML parsing errors (with empty strings) 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-11-23 09:13:46 +01:00
Roeland Jago Douma a1cd5ca20c
Merge pull request #24290 from nextcloud/propagate-taint 
Add IRequest taint sources
 2020-11-23 08:40:14 +01:00
Roeland Jago Douma ad5059a39e
Merge pull request #24293 from nextcloud/dependabot/composer/vimeo/psalm-4.2.1 
Bump vimeo/psalm from 4.2.0 to 4.2.1
 2020-11-23 08:03:07 +01:00
dependabot-preview[bot] 942cd71055
Bump vimeo/psalm from 4.2.0 to 4.2.1 
Bumps [vimeo/psalm](https://github.com/vimeo/psalm) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/vimeo/psalm/releases)
- [Commits](https://github.com/vimeo/psalm/compare/4.2.0...4.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-11-23 02:42:54 +00:00
Nextcloud bot 6b9f57905f
[tx-robot] updated from transifex 2020-11-23 02:18:46 +00:00
Lukas Reschke a5d4d3d4cc
Add IRequest taint sources 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-22 23:04:43 +01:00
Morris Jobke efe644137d
[encryption] Remove dependency fetching inside the constructor and move them to method call parameters 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-22 22:35:02 +01:00
Morris Jobke 9a0428835f
Merge pull request #24267 from nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent 
Auto-wire remaining encryption app services that depend on View
 2020-11-22 22:33:53 +01:00
Morris Jobke 858c7f4032
Auto-wire remaining encryption app services that depend on View 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-22 22:22:16 +01:00
Roeland Jago Douma 032de4f333
Merge pull request #24269 from nextcloud/taint-specialize 
Mark getAppPath as specialized taint
 2020-11-22 13:39:46 +01:00
Roeland Jago Douma 293410f576
Merge pull request #24268 from nextcloud/add-app-as-sanitizer-for-include 
Mark cleanAppId as sanitizer for include
 2020-11-22 10:53:26 +01:00
Nextcloud bot f1d71a21e5
[tx-robot] updated from transifex 2020-11-22 02:18:27 +00:00
John Molakvoæ e1821f36d9
Merge pull request #24276 from nextcloud/dependabot/npm_and_yarn/vue-material-design-icons-4.11.0 
Bump vue-material-design-icons from 4.10.0 to 4.11.0
 2020-11-21 11:11:28 +01:00
dependabot-preview[bot] 1cde362c2e
Bump vue-material-design-icons from 4.10.0 to 4.11.0 
Bumps [vue-material-design-icons](https://github.com/robcresswell/vue-material-design-icons) from 4.10.0 to 4.11.0.
- [Release notes](https://github.com/robcresswell/vue-material-design-icons/releases)
- [Changelog](https://github.com/robcresswell/vue-material-design-icons/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/robcresswell/vue-material-design-icons/compare/4.10.0...4.11.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-11-21 02:20:25 +00:00
Nextcloud bot 1859cebe56
[tx-robot] updated from transifex 2020-11-21 02:19:19 +00:00
Lukas Reschke d25ca1976b Mark getAppPath as specialized taint 
Should remove some false positives.

https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-21 01:15:15 +00:00
Lukas Reschke 98ddfdd1e8 Mark cleanAppId as sanitizer for include 
Should remove a bunch of false positive code scanning results.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-21 00:57:25 +00:00
Morris Jobke e606c0eef4
Allow View to be used via DI 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-21 00:18:59 +01:00
Morris Jobke db3a3bee37
Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-app 
Auto-wire as much as possible in the encryption app
 2020-11-21 00:04:54 +01:00
Morris Jobke 6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis 
Add Psalm Security Analysis
 2020-11-21 00:04:37 +01:00
Morris Jobke 5be18215fb
Auto-wire as much as possible in the encryption app 
Also cleans up only non-classname services in the server container

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-20 23:13:22 +01:00
Lukas Reschke 47ac8e0028
Add Psalm Taint Flow Analysis 
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/

Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-20 23:12:00 +01:00
Morris Jobke c31e4266c7
Merge pull request #24257 from nextcloud/nc-comments 
Simple typo in comments
 2020-11-20 20:42:40 +01:00
Morris Jobke 1448b7c923
Merge pull request #24242 from essys/patch-1 
Update ScanLegacyFormat.php
 2020-11-20 20:39:49 +01:00