When the "hide download" property of a share is set the public share
page will not show the download button nor the menu with the download,
direct link and "Add to your Nextcloud" actions; the "downloadURL"
hidden field will not be included either in the generated HTML.
Despite that, note that the "downloadURL" parameter is still set and
passed to the template, as this could be needed anyway to generate
previews (for example, of audio files).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixes#11030
For https://github.com/orgs/nextcloud/projects/18
This template is now compiled so this no longer has to happen in the
browser. Another step towards a stricter CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Before the public share authentication page is rendered now an event to
load additional scripts is dispatched. Thanks to this any app can load
its own scripts that, when run on the browser, adjust as needed the page
generated by the server.
Note, however, that during the handling of the event apps are only able
to add scripts or styles to be loaded; they can not render arbitrary
content on the page, or change how the content is rendered by the
original template; all those changes have to be done by the scripts at
run-time.
This implies that the scripts of the apps can use only those parameters,
like the token of the share, added to the page when it is generated by
the "publicshareauth" template. Due to this, and given that the event is
being introduced to be used by Talk to inject the UI needed to request
the password for a share, the token of the share is now provided in the
generated page, just like done in the public share page.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Now this is in core so the basics (that 99% of the app will want to
use) looks always the same.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Sometimes when we force a session regeneration we want to update the
current token for this session.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Some providers had issues when using the preview link (since it was
double encoded).
Now we actually serve the max size preview so it looks better
The image isn't cropped anymore so supporting platforms can just embed
the whole image.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When sharing a folder via Facebook, WhatsApp or any other platform that makes use of OpenGraph, the display title was "Nextcloud - a safe home for all your data" and the description was the actual name of the folder. This should not be the case, so the display title has been changed to display the folder name and the description now displays the former OpenGraph title.
Signed-off-by: Sascha Sambale <mastixmc@gmail.com>
Fixing whitespaces and empty line.
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* currently there are two ways to access default values:
OCP\Defaults or OC_Defaults (which is extended by
OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
it hard to work on theme values
* this extended the public interface with the missing
methods and uses them everywhere to only rely on the
public interface
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The link in the image_src link (used for previews on Social Media such as Facebook) was still using the old route. This changes it to use the new route.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
The web UI now uses for PUT uploads which aren't restricted by PHP's
upload_max_filesize and post_max_size
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>