Commit Graph

50491 Commits

Author SHA1 Message Date
Roeland Jago Douma 1d8b09aa86
Merge pull request #16616 from nextcloud/dep/setEvalScript
setting unsafe-eval is deprecated
2019-07-31 11:01:38 +02:00
Julius Härtl 47a0254bb3
Validate urls in theming settings and properly handle error messages
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 10:20:57 +02:00
Julius Härtl 3b0d13944a
Move actual password reset to vue
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 09:19:07 +02:00
Nextcloud bot 3f8f0f7609
[tx-robot] updated from transifex 2019-07-31 02:16:00 +00:00
Roeland Jago Douma 21477bca77
Unify share fetching
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-30 22:59:22 +02:00
Roeland Jago Douma 2a45763440
Use proper ShareeList
This makes the XML parsing more sane ;)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-30 22:51:08 +02:00
Roeland Jago Douma 06a9ade582
Use proper caching
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-30 22:35:44 +02:00
Roeland Jago Douma 417fbb5d60
setting unsafe-eval is deprecated
This will be removed in a future version of Nextcloud.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-30 16:27:38 +02:00
Joas Schilling d4eb8481fa
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare
Remove unused OC\Share\Share::checkPasswordProtectedShare
2019-07-30 09:58:38 +02:00
Roeland Jago Douma 53330ce1fc
Merge pull request #16599 from nextcloud/fix/xss/on-favorite-file
Fix/xss/on favorite file
2019-07-30 09:51:45 +02:00
Roeland Jago Douma a3bf8ac339
Merge pull request #16593 from nextcloud/fix/noid/more-precise-error-message
More precise error message when expected filesize does not match
2019-07-30 08:55:28 +02:00
Roeland Jago Douma 135209f24e
Merge pull request #16579 from nextcloud/enh/PostLoginEvent
Add proper PostLoginEvent
2019-07-30 08:54:10 +02:00
Roeland Jago Douma fc497eb871
Merge pull request #16596 from nextcloud/bugfix/noid/vtooltip-defaults
Set proper defaults for v-tooltip usages
2019-07-30 08:43:10 +02:00
Roeland Jago Douma e341e6946b
Merge pull request #16595 from nextcloud/tech-debt/noid/no-need-to-document-the-obvious
Do not document the obvious
2019-07-30 08:42:31 +02:00
Nextcloud bot 74eb2894a7
[tx-robot] updated from transifex 2019-07-30 02:14:45 +00:00
Julius Härtl 09b5df42ab
Bump bundles
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-29 20:38:23 +02:00
Julius Härtl 3d6e49aa6c
Force defaultHtml setting of v-tooltip to be disabled
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-29 20:38:22 +02:00
Max Fichtelmann 4977f235f6 prevent potential XSS via unchecked use innerHTML
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
2019-07-29 18:16:37 +02:00
Max Fichtelmann 1d29636008 fix XSS when adding a file with a malicious name to favorites
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
2019-07-29 18:16:37 +02:00
Morris Jobke e21f440990
Merge pull request #16502 from nextcloud/bugfix/16474
Check the if we can actually access the storage cache for recent files
2019-07-29 16:59:26 +02:00
Morris Jobke 8d8766d5a7
Merge pull request #16591 from nextcloud/fix/noid/typo-in-comment
Fix typo in comment
2019-07-29 16:54:29 +02:00
Roeland Jago Douma 0ea7fbae54
Update tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-29 16:31:40 +02:00
Roeland Jago Douma ba60fafb9a
Add proper PostLoginEvent
This can be used by othr mechanisms to listen for this event in a lazy
fashion.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-29 16:31:40 +02:00
Morris Jobke 5f6c7ba9a8
Do not document the obvious
This removes PHPDoc that is already available as source code type hints.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 15:25:54 +02:00
Morris Jobke 98237d2a00
Remove unused OC\Share\Share::checkPasswordProtectedShare
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 15:23:21 +02:00
Morris Jobke 13fd89575d
More precise error message when expected filesize does not match - could be on reading or writing side
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 15:03:01 +02:00
Morris Jobke e45fb5fa3e
Fix typo in comment
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 14:55:43 +02:00
Robin Appelman fafce34aa0
dont try to copy trash items to user if the user has not enough free space
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-07-29 14:05:49 +02:00
Roeland Jago Douma 51197ac622
Merge pull request #16582 from nextcloud/enh/split_up_security_middleware
Split up security middleware
2019-07-29 12:13:55 +02:00
Morris Jobke ec7e837d6a
Merge pull request #16563 from nextcloud/enh/lostcontroller/better_exceptions
Use proper exception in lostController
2019-07-29 10:42:36 +02:00
Roeland Jago Douma 173d95c904
Merge pull request #16581 from nextcloud/dep/strict_csps_can_go
No need to have these classes we tighten the default CSP from time to time
2019-07-29 10:40:38 +02:00
Roeland Jago Douma fb78cd3ed8
Merge pull request #16570 from nextcloud/enh/supress_touch_error
Supress warnings touch can generate
2019-07-29 10:39:46 +02:00
Morris Jobke ef86346886
Merge pull request #16571 from nextcloud/enh/update_preview_controller
Update PreviewController
2019-07-29 10:35:08 +02:00
Nextcloud bot 57f2ea22c7
[tx-robot] updated from transifex 2019-07-29 02:14:59 +00:00
Roeland Jago Douma d6bb26140d
Merge pull request #16573 from nextcloud/fix-default-timeouts-in-oc-notification
Fix default timeouts in OC.Notification
2019-07-28 20:57:31 +02:00
Roeland Jago Douma 99081daa4c
Merge pull request #16583 from nextcloud/dependabot/npm_and_yarn/webpack-4.38.0
Bump webpack from 4.36.1 to 4.38.0
2019-07-28 10:49:02 +02:00
Nextcloud bot b481750d00
[tx-robot] updated from transifex 2019-07-28 02:15:26 +00:00
dependabot-preview[bot] 774da99d94
Bump webpack from 4.36.1 to 4.38.0
Bumps [webpack](https://github.com/webpack/webpack) from 4.36.1 to 4.38.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.36.1...v4.38.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-28 01:13:42 +00:00
Roeland Jago Douma b6dd2ebd39
Use proper exception in lostController
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.

This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 20:12:16 +02:00
Roeland Jago Douma 37a4282c7a
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +02:00
Roeland Jago Douma cd243b0876
No need to have these classes we tighten the default CSP from time to
time

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 14:59:48 +02:00
Roeland Jago Douma 1ec98af3e0
Merge pull request #16560 from nextcloud/bugfix/noid/fix_cutype_reporting
fix calendar-user-type reporting
2019-07-27 12:23:25 +02:00
Roeland Jago Douma 9ef23e2362
Merge pull request #16558 from nextcloud/enh/less_verbose_locked_logging
Do not log all locked exceptions
2019-07-27 10:39:11 +02:00
Nextcloud bot 2827b0ba31
[tx-robot] updated from transifex 2019-07-27 02:14:37 +00:00
Daniel Calviño Sánchez abd5d10253 Add unit tests for "OC.Notification.hide()"
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-07-26 18:46:59 +02:00
Daniel Calviño Sánchez 03f2e8a10e Fix default timeouts in OC.Notification
When no timeout was given "show()" used the default timeout of
"OCP.Toast", which is 7 seconds instead of indefinitely as stated in the
documentation of "show()". "showHtml()" should also indefinitely show
the notification if no timeout is given, but due to the strict
comparison the notification was indefinitely shown only when a timeout
of 0 was explicitly given. Now both methods show the notification
indefinitely (or until it is explicitly hidden) when no timeout is
given.

The unit tests did not catch this error because "showHtml()" had no
tests (as before the move to Toastify it was called from "show()" and
thus implicitly tested), and because "show()" verified that "hide()" was
not called after some time; "hide()" is no longer called from "show()"
since "OCP.Toast" is used internally, so the test always passed even if
the notification was indeed hidden. Now the test is based on whether the
element is found or not, and explicit tests were added too for
"showHtml()".

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-07-26 18:46:59 +02:00
Daniel Calviño Sánchez 14006b548e Fix mixed test for "show" and "showTemporary"
"showTemporary()" when a timeout was given was being tested along with
the "show()" tests; now there are two separate tests when a timeout is
given, one for "showTemporary()" and one for "show()".

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-07-26 18:46:58 +02:00
Daniel Calviño Sánchez 2b1c80ea3f Check number of elements instead of if the jQuery object is defined
Tje jQuery object created through "$('#testArea .toastify')" will be
always defined even if no elements were found, so the check does not
really work; instead, it should be checked the number of elements found.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-07-26 18:46:51 +02:00
Roeland Jago Douma a2a53848b0
Update PreviewController
The constructor is called with the userId. However if a user is not
logged in this is null. Which means that we get an exception instead of
this being handled gracefully in the middleware.

There are cleaner solutions. But this is the solution that is the
easiest to apply without lots of work and risk of breaking things
(handling the logged in middleware before initializing the controller
etc).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 17:37:11 +02:00
Roeland Jago Douma 1cc8a2f5d2
Supress warnings touch can generate
We already catch the result value. Having the warning being logged
explicitly doesn't help and polutes the log.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 17:26:59 +02:00