Commit Graph

9623 Commits

Author SHA1 Message Date
Roeland Jago Douma 1e74ffd46b
Merge pull request #16820 from nextcloud/bugfix/noid/access-handling-of-projects
Change access handling of projects
2019-08-21 22:02:50 +02:00
blizzz 9ac15bc4e9
Merge pull request #16813 from compagnon/fix/noid/AutoloadNotAllowedException-theming-off
autoloader.php could raise Not AllowedException
2019-08-21 16:04:32 +02:00
Joas Schilling 69f2974706
Only trigger the events with tags that where actually assigned
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-21 11:58:27 +02:00
Joas Schilling 23bd4c127d
Add a repair step to clear the projects access cache
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-21 09:16:14 +02:00
Joas Schilling b53283fcb7
Change the logic so projects are only shown when you can access all resources
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-21 09:16:14 +02:00
Roeland Jago Douma dd02920aed
Merge pull request #16811 from nextcloud/bugfix/16771/correctly-remove-apps-without-any-releases
Correctly remove apps without any releases
2019-08-20 22:29:20 +02:00
Roeland Jago Douma 1dda6fb05b
Merge pull request #16812 from nextcloud/bugfix/noid/previewv1-returntype
Explicit cast for ProviderV1Adapter
2019-08-20 22:28:43 +02:00
Guillaume COMPAGNON 0516675a5c autoloader.php could raise Not AllowedException
when theming is off

Signed-off-by: Guillaume Compagnon <gcompagnon@outlook.com>

	modified:   lib/private/TemplateLayout.php
2019-08-20 17:11:40 +02:00
Julius Härtl d3d37aa19d
Explicit cast for ProviderV1Adapter
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-20 15:47:59 +02:00
Joas Schilling 17096adff9
Correctly remove apps without any releases
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-20 14:47:46 +02:00
Joas Schilling 323642454a
Undefined variable response when server is no nextcloud anymore
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-20 12:54:58 +02:00
Joas Schilling 650e4f9f4c
Merge pull request #16793 from nextcloud/bugfix/noid/filter-more-configs
Filter more configs
2019-08-20 09:01:20 +02:00
Roeland Jago Douma 1614dee6dc
Codechecker: removed unused use
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-19 19:41:46 +02:00
Joas Schilling b6c78eb9d4
Filter more configs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-19 16:32:20 +02:00
Joas Schilling 810ee7d811
Make the auto-disabled list more broad
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-15 11:12:45 +02:00
Georg Ehrke f6c3424039
Fix tracking of auto disabled apps in Updater
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-15 11:12:43 +02:00
Roeland Jago Douma d14aed1048
Merge pull request #15946 from martink-p/bugxfix/9792/encrypted-external-webdav
Update Encryption.php
2019-08-15 10:22:50 +02:00
Roeland Jago Douma f7152cccb2
Merge pull request #16572 from nextcloud/fix/15613/bring-back-psql9-compat
instead of upsert query, fallback to default on PSQL <= 9.4
2019-08-14 10:10:37 +02:00
blizzz 2ac01c0203
Merge pull request #16725 from nextcloud/bugfix/noid/syslog-di
Fix loading of the syslog logging class
2019-08-14 09:46:48 +02:00
Arthur Schiwon d0409548c6
instead of upsert, fallback to default query on PgSQL <= 9.4
because there is no upsert yet

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-14 09:05:11 +02:00
Julius Härtl 2efb9a7d90
Make sure SystemConfig class can be injected and syslog_tag is fetched properly
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-13 16:26:18 +02:00
Roeland Jago Douma 145eee91fe
Get the proper UID
Some user backends (like the database backend) allow us to obtain a user
case insensitive. However the UID itself is case sensitive.

Example:
* create a user User1
* login as User1
  - This results the data/User1 folder to be created etc
* now have some code somewhere that obtains the userFolder (from
IRootFolder) but pas in 'uSER1' as uid
  - The code will check if that is a valid user. And in this case it is
  since User1 and uSER1 both map to the same user
  - However the the UID in the user object is used for the folder a new
  folder fill be create data/uSER1

With this PR this is avoided now. Since we obtain the real UID casing in
the backend before creating the user object.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-13 09:33:46 +02:00
Roeland Jago Douma f465f9d4b9
Merge pull request #16721 from nextcloud/fix/16644
Correctly handle emtpy string in proxyuserpwd config
2019-08-11 22:46:01 +02:00
Roeland Jago Douma 9d6eb2daf7
Merge pull request #16179 from J0WI/mv-frameoptions
Add X-Frame-Options header to .htaccess
2019-08-11 21:30:51 +02:00
Scott Shambarger edf946dfc7
Correctly handle emtpy string in proxyuserpwd config
As documented, the default value for config value proxyuserpwd is ''.
However, that value results in the error:
 "cURL error 5: Unsupported proxy syntax in '@'".
This patch handles the values of '' and null (the default in the code)
the same for config values proxyuserpwd and proxy.

Signed-off-by: Scott Shambarger <devel@shambarger.net>
2019-08-11 21:07:30 +02:00
J0WI 1b074f48d8
Remove duplicated spaces
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI 3f2932c75a
Sort headers
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI 76cbd7db6e
Add X-Frame-Options header to .htaccess
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:49 +02:00
Roeland Jago Douma b8c5008acf
Add feature policy header
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma 5d94590cee
Have the OCSBaseResponse call the parent constructor
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-08 09:52:20 +02:00
Roeland Jago Douma b42b26eceb
Merge pull request #15187 from vitormattos/bugfix-create-database-user
Bugfix: user is not allowed
2019-08-08 09:03:48 +02:00
Roeland Jago Douma 650927a822
Properly return an int in the getId function of the cache
fixes #16684

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-07 20:38:42 +02:00
Roeland Jago Douma 2e2d1b6b5c
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare
Fix permission check on incoming federated shares
2019-08-01 10:55:35 +02:00
Roeland Jago Douma f94ee72507
Add form-action CSP element
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Julius Härtl 22b81ac1e4
Fix permission check on incoming federated shares
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 12:59:51 +02:00
Roeland Jago Douma 417fbb5d60
setting unsafe-eval is deprecated
This will be removed in a future version of Nextcloud.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-30 16:27:38 +02:00
Joas Schilling d4eb8481fa
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare
Remove unused OC\Share\Share::checkPasswordProtectedShare
2019-07-30 09:58:38 +02:00
Roeland Jago Douma 135209f24e
Merge pull request #16579 from nextcloud/enh/PostLoginEvent
Add proper PostLoginEvent
2019-07-30 08:54:10 +02:00
Morris Jobke e21f440990
Merge pull request #16502 from nextcloud/bugfix/16474
Check the if we can actually access the storage cache for recent files
2019-07-29 16:59:26 +02:00
Roeland Jago Douma ba60fafb9a
Add proper PostLoginEvent
This can be used by othr mechanisms to listen for this event in a lazy
fashion.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-29 16:31:40 +02:00
Morris Jobke 98237d2a00
Remove unused OC\Share\Share::checkPasswordProtectedShare
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 15:23:21 +02:00
Morris Jobke e45fb5fa3e
Fix typo in comment
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 14:55:43 +02:00
Roeland Jago Douma 51197ac622
Merge pull request #16582 from nextcloud/enh/split_up_security_middleware
Split up security middleware
2019-07-29 12:13:55 +02:00
Roeland Jago Douma fb78cd3ed8
Merge pull request #16570 from nextcloud/enh/supress_touch_error
Supress warnings touch can generate
2019-07-29 10:39:46 +02:00
Roeland Jago Douma 37a4282c7a
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +02:00
Roeland Jago Douma 9ef23e2362
Merge pull request #16558 from nextcloud/enh/less_verbose_locked_logging
Do not log all locked exceptions
2019-07-27 10:39:11 +02:00
Roeland Jago Douma 1cc8a2f5d2
Supress warnings touch can generate
We already catch the result value. Having the warning being logged
explicitly doesn't help and polutes the log.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 17:26:59 +02:00
Morris Jobke 2e803dc3d3
Merge pull request #16555 from nextcloud/fix/16529/mask-keys
use a pattern to identify sensitive config keys
2019-07-26 15:15:56 +02:00
Roeland Jago Douma cdc43cd39b
Merge pull request #16456 from nextcloud/dep/searchByTag
Remove deprecated searchByTag
2019-07-26 15:07:04 +02:00
Roeland Jago Douma 4cc41cb4c7
Do not log all locked exceptions
This can happen for valid reasons (multiple users writing at the same
time) with for example the text app. Apps should properly handle it. No
reason to log it by default.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 14:55:13 +02:00