Commit Graph

18588 Commits

Author SHA1 Message Date
Nextcloud bot 7ceb98f63b
[tx-robot] updated from transifex 2020-12-01 02:19:46 +00:00
Christoph Wurst 9a3cc099db
Merge pull request #24414 from nextcloud/techdebt/remove-update-php
Remove the deprecated update.php
2020-11-30 12:11:03 +01:00
Morris Jobke 83a75c670b
Replace static call to Share::unshare with ShareManager->deleteShare in tests
And then cleanup all the code that is dead then...

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-30 09:51:18 +01:00
Morris Jobke 6564a95160
Remove now unused methods in Share.php due to the reduced code complexity in Share::getItems
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-29 23:28:16 +01:00
Morris Jobke 10e5ae5e18
Remove unused method Share Helper::generateTarget
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-29 22:52:52 +01:00
Morris Jobke a125d8aaa1
Reduce code complexity in Share::getItems by tracing all remaining callers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-29 22:30:09 +01:00
Morris Jobke 596df8fc6f
Remove unused Share::getItemSharedWithBySource()
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-29 22:24:12 +01:00
Christoph Wurst fd649afb1f
Remove the deprecated update.php
* It was documented as deprecated.
* The app code checker warned about it
* It's been three years

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-27 13:02:59 +01:00
Christoph Wurst 7dd39a91ee
Remove dead method \OC\Updater::checkAppUpgrade
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-26 14:48:41 +01:00
Christoph Wurst 54e3beba16
Merge pull request #24319 from nextcloud/techdebt/noid/streamline-user-creation-and-deletion-events
Streamline user creation and deletion events
2020-11-26 14:09:54 +01:00
Roeland Jago Douma 2172432420
Merge pull request #23912 from nextcloud/objectstore-copy
use in objectstore copy
2020-11-25 16:09:26 +01:00
Arthur Schiwon 9cfa8a6c44
send expected format of cloud id
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-11-24 23:14:43 +01:00
blizzz 5d03b5c5dd
Merge pull request #24162 from nextcloud/fix/noid/fedshares-displaynamez
set the display name of federated sharees from addressbook
2020-11-24 17:23:37 +01:00
blizzz 6156a49f6e
Merge pull request #24341 from nextcloud/fix/sharing-enforce-expire-checkbox
Fix the config key on the sharing expire checkbox
2020-11-24 15:49:49 +01:00
Robin Appelman 9d4848e863
use in objectstore copy
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-11-24 15:16:58 +01:00
Christoph Wurst 2526c5e042
Fix the config key on the sharing expire checkbox
We don't use `shareapi_internal_enforce_expire_date` anywhere.
`shareapi_enforce_internal_expire_date` is the one we want.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-24 14:17:41 +01:00
Roeland Jago Douma d4fd61b7c6
Merge pull request #24324 from nextcloud/td/psalm/backgroundjob_job
Fix the OCP\BackgroundJob\Job to make it compatible with  its interface
2020-11-24 13:16:12 +01:00
Arthur Schiwon 16a78f535a
set the display name of federated sharees from addressbook
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-11-24 11:30:11 +01:00
Roeland Jago Douma c2c539a754
Merge pull request #24323 from nextcloud/fix/comments-tab-missing
Fix reverse registration and missing comments tab
2020-11-24 09:34:50 +01:00
Roeland Jago Douma 82d3f50b78
Fix the OCP\BackgroundJob\Job to make it compatible with its interface
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-24 09:33:49 +01:00
Roeland Jago Douma 8ac9767881
Merge pull request #24312 from nextcloud/bugfix/noid/fix-router-alias
Add proper alias for internal router class
2020-11-24 08:43:29 +01:00
Christoph Wurst decc5c844b
Fix reverse registration and missing comments tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-24 08:28:19 +01:00
Julius Härtl d9708ebece
Add proper alias for internal router class
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-24 08:01:39 +01:00
Morris Jobke f4c1512bb7
Fix typo in @deprecated PHPDoc tag
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-24 00:13:09 +01:00
Morris Jobke 9bf76d2bad
Streamline user creation and deletion events
CreateUserEvent was the only one that didn't matched the naming scheme of BeforePASTTENSEEvent and PASTTENSEEvent. The event wasn't used at all so this just removes it again as there is BeforeUserCreatedEvent that is also available since 18.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-23 23:59:52 +01:00
Lukas Reschke a5d4d3d4cc
Add IRequest taint sources
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-22 23:04:43 +01:00
Morris Jobke 9a0428835f
Merge pull request #24267 from nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent
Auto-wire remaining encryption app services that depend on View
2020-11-22 22:33:53 +01:00
Roeland Jago Douma 032de4f333
Merge pull request #24269 from nextcloud/taint-specialize
Mark getAppPath as specialized taint
2020-11-22 13:39:46 +01:00
Lukas Reschke d25ca1976b Mark getAppPath as specialized taint
Should remove some false positives.

https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 01:15:15 +00:00
Lukas Reschke 98ddfdd1e8 Mark cleanAppId as sanitizer for include
Should remove a bunch of false positive code scanning results.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 00:57:25 +00:00
Morris Jobke e606c0eef4
Allow View to be used via DI
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-21 00:18:59 +01:00
Morris Jobke db3a3bee37
Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-app
Auto-wire as much as possible in the encryption app
2020-11-21 00:04:54 +01:00
Morris Jobke 6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis
Add Psalm Security Analysis
2020-11-21 00:04:37 +01:00
Morris Jobke 5be18215fb
Auto-wire as much as possible in the encryption app
Also cleans up only non-classname services in the server container

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-20 23:13:22 +01:00
Lukas Reschke 47ac8e0028
Add Psalm Taint Flow Analysis
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/

Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
Carlos Ferreira a42eb05a35
Simple typo in comments 2020-11-20 20:01:28 +01:00
Morris Jobke 691409cdec
Merge pull request #24062 from nextcloud/revert-24060-revert-24039-faster-installation
Revert "Revert "Installation goes brrrr""
2020-11-20 15:02:51 +01:00
Roeland Jago Douma b71803802c
Harden EncryptionLegacyCipher a bit
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 09:52:55 +01:00
Morris Jobke 1b613c84e9
Merge pull request #24007 from nextcloud/select-distinct-multiple
allow selecting multiple columns with SELECT DISTINCT
2020-11-19 22:39:01 +01:00
Morris Jobke c2510ecae9
Merge pull request #24103 from nextcloud/bugfix/noid/groupfolder-share-object-storage
Only check path for being accessible when the storage is a object home
2020-11-19 22:37:28 +01:00
Morris Jobke 650ffc587f
Merge pull request #24164 from nextcloud/fix/lazy-app-registration
Allow lazy app registration
2020-11-19 22:35:09 +01:00
Roeland Jago Douma 1e111b2ad2
Fix DataResponse typehints
We use this already in several places where we just pass strings or
numbers.
This all works because we just convert it to a json response in the end.
So better to have the typehints reflect this.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-19 20:34:42 +01:00
Roeland Jago Douma d602aa1825
Merge pull request #24135 from medical-cloud/fix/23357-nextcloud-logo-in-email-notifications-is-misaligned-in-version-20
Fix nextcloud logo in email notifications misalignment
2020-11-19 10:48:18 +01:00
Christoph Wurst ecbc7f62be
Merge pull request #24207 from nextcloud/bugfix/noid/missing-level-psrlogged
missing level in ScopedPsrLogger
2020-11-19 08:38:05 +01:00
Nextcloud bot c773cee305
[tx-robot] updated from transifex 2020-11-19 02:20:10 +00:00
medcloud 87ec4a0da3 Fix #23357
Signed-off-by: medcloud <42641918+medcloud@users.noreply.github.com>
2020-11-18 22:29:02 +01:00
Maxence Lange a0d9b15a80 missing level
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2020-11-18 18:30:07 -01:00
Roeland Jago Douma 66013f906d
Merge pull request #24189 from nextcloud/enh/csp/frame-ancestors
Set frame-ancestors to none if none are filled
2020-11-18 11:29:28 +01:00
Roeland Jago Douma 9163790b7c
Set frame-ancestors to none if none are filled
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-18 10:13:36 +01:00
Christoph Wurst 3cf39c573f
Allow lazy app registration
During app installation we run migration steps. Those steps may use
services the app registers or classes from composer. Hence we have to
make sure the app runs through the registration.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-18 08:48:45 +01:00