cb057829f7
Update license headers for 19
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-29 11:57:22 +02:00
734c62bee0
Format code according to PSR2
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:56:50 +02:00
28f8eb5dba
Add visibility to all constants
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
caff1023ea
Format control structures, classes, methods and function
...
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
14c996d982
Use elseif instead of else if
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
3a415e4139
Remove space between switch case and colon
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:17:53 +02:00
85e369cddb
Fix multiline comments
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +02:00
8331d8296b
Make getServerHost more robust to faulty user input
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-01-16 11:26:29 +01:00
d393b1612b
Modify regex to match some other chromium browsers
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-27 17:24:52 +01:00
5bf3d1bb38
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
a055d8ddf9
Always return overwritehost if configured
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-28 15:02:33 +01:00
fdf4e1ebb2
Remove duplicate code
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-08 00:46:50 +02:00
bf167ad3ac
Remove duplicate functionality
...
This functionality implemented in the next line:
$requestUri = preg_replace('%/{2,}%', '/', $requestUri);
2019-01-20 13:29:58 +04:00
514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-17 15:54:45 +01:00
dccfe4bf84
Merge pull request #12036 from olivermg/master
...
Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
2018-10-30 10:49:08 +01:00
401ca28f07
Adding handling of CIDR notation to trusted_proxies for IPv4
...
Signed-off-by: Oliver Wegner <void1976@gmail.com>
2018-10-30 09:15:42 +01:00
986f4df2a5
Add REMOTE_ADDR to getHeader
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-25 22:26:49 +02:00
c0a283fefb
ensure we always return an array from `Request::getParams`
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-08-28 18:11:42 +02:00
043a824e6a
Fix comments
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
0ee45d3d20
Fix proper types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
a229095af1
Make Request strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
4ef302c0be
Request->getHeader() should always return a string
...
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.
Found while enabling the strict_typing for lib/private for the PHP7+ migration.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-17 09:51:31 +01:00
ca70694502
Also check for empty content lenth
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 21:48:59 +01:00
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-24 21:07:16 +02:00
9717cdfb9e
If there is no content don't error
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:51:13 +02:00
ede15f0988
Fix L10N::t
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
bdc7bb1f26
Add IPv6 to “localhost” regex ( #440 )
...
Signed-off-by: Oliver Hanraths <olli@coderkun.de>
2017-05-14 21:29:03 +02:00
695696a4a6
Use constants
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:04:32 -05:00
38e5135cb9
Reorder the entries of the log for easier reading
2017-04-12 13:03:19 +02:00
2a9192334e
Don't try to parse empty body if there is no body
...
Fixes #3890
If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.
See RFC 2616 Section 4.3
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 08:22:33 +02:00
8626ccab1c
dont require strict same site cookies for ocs requests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-09 16:48:48 +01:00
33fb86f68b
Fix detection of the new iOS app
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 10:10:21 +01:00
5e728d0eda
oc_token should be nc_token
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-02-02 21:56:44 +01:00
a05b8b7953
Harden cookies more appropriate
...
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.
See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.
Fixes https://github.com/nextcloud/server/issues/1412
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
c20ab0049f
Identify Chromium as Chrome
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-26 12:07:10 +02:00
f9cea0b582
Merge pull request #797 from nextcloud/only-match-for-auth-cookie
...
Match only for actual session cookie
2016-08-31 15:59:16 +02:00
d50e7ee36c
Remove reading PATH_INFO from server variable
...
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.
Fixes https://github.com/nextcloud/server/issues/983
2016-08-19 14:48:13 +02:00
8f3dc0ba43
Remove IE_8 user agent string
2016-08-16 21:01:32 +02:00
b53ea18ea5
Match only for actual session cookie
...
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
2016-08-09 19:23:08 +02:00
0215b004da
Update with robin
2016-07-21 18:13:58 +02:00
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
a299fa38a9
[master] Port Same-Site Cookies to master
...
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
b1d652e8b0
Copy the regexes to the public interface
2016-07-18 15:11:44 +02:00
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
eb11ed1851
Make ownCloud work again in php 7.0.6
...
See https://bugs.php.net/bug.php?id=72117
2016-04-28 12:23:17 +02:00
1d33a5ef13
Move \OC\AppFramework to PSR-4
...
* Also moved the autoloader setup a bit up since we need it in initpaths
2016-04-22 15:28:09 +02:00
Christoph Wurst
Daniel Kesselberg
Julius Härtl
b108@volgograd
Roeland Jago Douma
Morris Jobke
Oliver Wegner
Robin Appelman
coderkun
Joas Schilling
Juan Pablo Villafáñez
Lukas Reschke
Lukas Reschke
Roeland Jago Douma