This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.
As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.
The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update sabre/dav to 3.2.0
* Adjust code to work with sabre/dav 3.2.0 and it's dependencies
* Adding own CalDAV plugin to fix calendar home property
* Test if there is a user logged in when listing files home
* Update sabre version used by integration tests
* Disable unauthenticated DAV access
This is needed to make Sabre 3.2 behave like we did before.
Eventually we should integrate better with the ACL plugin which itself
should implement an auth failure when appropriate.
=====
* Fixed so cherry-pick was succesfull
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* add uri to AddressBookImpl array
* Introduce ImageExportPlugin for CardDav
* add plugin to v1 routes
* replace binary contact photo with link
* update tests
* Adding unit tests
Lukas Reschke
Georg Ehrke
Roeland Jago Douma
Morris Jobke
Roeland Jago Douma
Thomas Citharel
Joas Schilling
John Molakvoæ (skjnldsv)
Thomas Müller
Robin Appelman
Bjoern Schiessle
Lukas Reschke
Joas Schilling