Lukas Reschke
3aaa2307e9
Improve phan config
...
* exclude routes
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-26 11:51:05 +02:00
Morris Jobke
1bc192fbd4
Merge pull request #9203 from nextcloud/declare-func-as-safe
...
Declare func() as safe method in phan
2018-04-17 13:45:27 +02:00
Morris Jobke
1f06bc246c
Declare func() as safe method in phan
...
We added a special `func()` method to the query builder, which is a plain text function by definition. It uses the string and does no escaping on purpose. It has the potential for an injection but requiring to add the "supress warning" to all surrounding code makes it harder to spot actual problems, that this plugin want to find. So it's better to only need to check the func() and not all the surrounding code as well.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-17 10:58:00 +02:00
John Molakvoæ (skjnldsv)
3e5ea9b0a9
Return proper boolean user enabled state api
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-04-16 15:17:02 +02:00
Morris Jobke
2c15f4003e
Add auth token to github requests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-11 15:15:49 +02:00
Daniel Calviño Sánchez
1d7bf328f8
Make possible to provide "--tags=XXX" parameter to Behat
...
"--tags=XXX" limits the features or scenarios to be run to those
matching the tag filter expression.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:31 +02:00
Daniel Calviño Sánchez
65bc12960f
Add integration tests for zip32/zip64 boundaries of number of files
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:31 +02:00
Daniel Calviño Sánchez
6ee5469a03
Add integration tests for downloading basic zip files
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:31 +02:00
Daniel Calviño Sánchez
5a7986c25d
Fix use of data directory in integration tests
...
The data directory is not necessarily located at "../..". The proper
directory is now got by running "php console.php config:system:get
datadirectory".
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:30 +02:00
John Molakvoæ (skjnldsv)
762002ec2e
Fixed tests
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-04-05 17:11:41 +02:00
Morris Jobke
612e875f60
Merge pull request #8355 from nextcloud/fix-comments-num-index
...
Fix comments (and systemtags) when involving users with numerical ids
2018-02-26 17:12:57 +01:00
Morris Jobke
24f96513fd
Merge pull request #8259 from nextcloud/guzzle6
...
update guzzlehttp/guzzle to 6.3.0
2018-02-14 22:26:19 +01:00
Arthur Schiwon
011dab246d
tests for systemtags related to numeric user ids
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-14 17:02:35 +01:00
Arthur Schiwon
a5a0a938f2
test creating comments with numeric user ids
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-14 14:39:10 +01:00
Robin Appelman
a815185bb4
fix redundant namespace
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-02-12 15:41:23 +01:00
Robin Appelman
359ccbc023
Adjust integration tests to new guzzle
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-02-09 17:13:30 +01:00
Morris Jobke
23f9ef54e3
Remove old perl script to update l10n files
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-08 18:21:14 +01:00
Roeland Jago Douma
c715045749
Fix CI after Code of Conduct merge
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-10 11:03:12 +01:00
Morris Jobke
876238ce8b
Merge pull request #7533 from nextcloud/oc-28545-handle-oc-total-length-in-new-chunking
...
[oc] Handle OC-Total-Length in new chunking
2018-01-03 16:18:24 +01:00
Thomas Müller
74df27b7a7
Add integration tests for length header on new chunking
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-15 14:46:44 +01:00
Daniel Calviño Sánchez
173f28a09d
Add unit tests for the navigation bar slide gesture
...
The slide gesture is enabled or disabled depending on the width of the
browser window. In order to easily control that width the karma-viewport
plugin is now used in the unit tests.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-14 19:17:40 +01:00
Robin Appelman
74b5ce8fd4
Some tests for the remote cloud api
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-12-08 16:34:33 +01:00
Morris Jobke
4b73ddc9ce
Merge pull request #6437 from nextcloud/support-mail-send-in-share
...
Add support for `\OCP\Share\IShare::getMailSend` back
2017-11-27 11:29:38 +01:00
Morris Jobke
a51a8fbcaf
Federation actually sends an email via Share 2.0
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 10:54:40 +01:00
Morris Jobke
c930f70b52
Harden phan checks to catch more errors
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 07:53:56 +01:00
Björn Schießle
f347e2e4a6
Merge pull request #7047 from nextcloud/add-support-for-files-with-no-permissions
...
Add support for files with no permissions
2017-11-20 16:15:52 +01:00
Julius Härtl
7006b739b0
Remove brackets for invalid mail addresses when updating the license header
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-11-07 10:50:42 +01:00
Morris Jobke
31c5c2a592
Change @georgehrke's email
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
Morris Jobke
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Daniel Calviño Sánchez
555d582f35
Return whether the file is readable or not in the DAV permissions
...
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-02 19:37:00 +01:00
Roeland Jago Douma
2f36744aff
Update phan config
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:14 +02:00
Roeland Jago Douma
ab20a64ed4
DAV Autoloader
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:11 +02:00
Roeland Jago Douma
112b0d57a8
Comments Autoloader
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:11 +02:00
Roeland Jago Douma
ce7c9dfe8a
Admin Audit autoloader
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:09 +02:00
Roeland Jago Douma
ff9f325677
Ignore composer stuff in phan
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-17 22:22:36 +02:00
Roeland Jago Douma
5d7d96dc45
Update autoload checker
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-17 21:55:06 +02:00
Roeland Jago Douma
17bd2fb268
Phan is moved to a new repo
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-16 16:23:55 +02:00
Robin Appelman
f0c7b8f264
show diff in autoload checker
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-18 17:20:08 +02:00
Joas Schilling
242c9ee06c
No more root file
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-25 12:47:39 +02:00
Roeland Jago Douma
02b9388fc6
Move image-optimization.sh to build dir
...
* We should not ship this!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-24 08:08:18 +02:00
Lukas Reschke
3d2600b039
Add Phan plugin to check for SQL injections
...
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.
As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.
The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Lukas Reschke
591aaa4154
Add workaround for https://github.com/etsy/phan/issues/1033
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 11:08:43 +02:00
Lukas Reschke
d8ec399454
Run phan over code base
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 10:28:11 +02:00
Morris Jobke
844e7b03b4
Add test to check if new files are added to the root of the repository
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-12 11:52:42 +02:00
Lukas Reschke
633396001f
Prevent sending second WWW-Authenticate header
...
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.
Fixes https://github.com/nextcloud/server/issues/5088
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-13 13:54:52 +02:00
Lukas Reschke
b8de3f40ee
Bearer comes first on the new endpoint
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:57:07 +02:00
Lukas Reschke
639ba526d0
Adjust realm from SabreDAV to Nextcloud
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:38:55 +02:00
Lukas Reschke
f93db724d7
Make legacy DAV backend use the BearerAuth backend as well
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:19:39 +02:00
Lukas Reschke
538112181f
Add additional test for accessing DAV using Bearer Auth
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:11 +02:00
Lukas Reschke
f2a01e1b08
Use a standardized Bearer now
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:10 +02:00