Currently if the following situation happens
Server generates preview
Server has command removed which allows a preview to be shown
Client asks for preview, gets a 404 error when preview exists
(Mime checked before preview)
This happens more often with documents, or video as the commands are not
native PHP, they require a binary on the server.
After the fix the following would happen
Server generates preview
Server has command removed which allows a preview to be shown
Client asks for preview, gets preview which has been generated
(Mime checked after preview)
This would also allow offline generation (for example a docker image
containing the extra binaries), allowing a reduction in attack surface
of the instance serving the preview data.
Signed-off-by: Scott Dutton <scott@exussum.co.uk>
in some cases `loadApp` is called more then once which is currently causing apps to be "booted" multiple times which can lead to unexepected behaviour with things like registering hooks
Signed-off-by: Robin Appelman <robin@icewind.nl>
* introduces a new IRootMountProvider to register mount points inside the root storage
* adds a AppdataPreviewObjectStoreStorage to handle the split between preview folders and bucket number
Ref #22033
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* `php occ preview:repair` - a preview migration tool that moves existing previews into the new location introduced with #19214
* moves `appdata_INSTANCEID/previews/FILEID` to `appdata_INSTANCEID/previews/0/5/8/4/c/e/5/FILEID`
* migration tool can be stopped during migration via `CTRL+C` - it then finishes the current folder (with the previews of one file) and stops gracefully
* if a PHP memory limit is set in the `php.ini` then it will stop automatically once it has less than 25 MiB memory left (this is to avoid hard crashes in the middle of a migration)
* the tool can be used during operation - possible drawbacks:
* there is the chance of a race condition that a new preview is generated in the moment the folder is already migrated away - so the old folder with the newly cached preview is deleted and one cached preview needs to be re-generated
* there is the chance of a race condition during access of a preview while it is migrated to the other folder - then no preview can be shown and results in a 404 (as of now this is an accepted risk)
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Ref #14552
This adds a BeforeUserRemovedEvent to the LDAP backend because it was missing. It's not really before, but we don't have the before state.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
having the "cache rename" after the "storage move" caused the target
to get the fileid from the source file, without taking care that the object
is stored under the original file id.
By doing the "cache rename" first, we trigger the "update existing file"
logic while moving the file to the object store and the object gets stored for the
correct file id
Signed-off-by: Robin Appelman <robin@icewind.nl>
The interface method has already been deprecated, but if some code uses
the concrete type instead, the deprecation is not shown (by phpstorm),
so I think it's better to have this method tagged as well.
The "fix" for this deprecation is to simply use `get` instead of
`query`. Right now this will work 100% the same, but the goal is to slim
down the interface and only use what PSR-11 offers.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Else people might have the feeling this is also doing 2FA. And since it
is only prefered it can be ignored and hacked around.
Once we have proper 2FA with webauthn in one go this probably needs to
be revisted.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The logger service was always intended to follow the PSR-3 interface.
It's time to embrace this and switch over to the "official" API,
hence this custom interface can be slowly phased out.
With Nextcloud 20 the logger also got support for
* App id filled out automatically
* Exceptions handling (as replacement for logException)
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Just like for ILogger we should have a version that has the app ID
pre-set for the context (unless overwritten) so that each log entry can
be traced back to the app that produced it.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Service locators are an anti pattern. These getters just make it more
appealing to do the wrong thing. If you want to locate a service the bad
way, just use the `get` method on a container – it will do the same in
also one line of code.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This type is not known on the public API, yet we should make sure that
any usage of this class is noticed and migrated as soon as possible.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
"Exception: substr() expects parameter 3 to be int, bool given" can occur on Line 378 $mimePart = substr($icon, 0, strpos($icon, '-'));
This happens, when '-' is not found and strpos returns false instead of an int.
When this occurs, e.g., Activity hangs.
Signed-off-by: lui87kw <lukas.ifflaender@uni-wuerzburg.de>
* We can't just register an alias as the services need the appId to be
injected. if we just register an alias this blows up since the main
container doesn't have the appId.
* Moved the Authtokens over to show the PoC works
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Keep the registration context
* Expose the context object for other components
* Ensure registration is only run once
Search providers are migrated for demonstration.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
the php ftp streamwrapper doesn't handle hashes correctly and will break when it tries to enter a path containing a hash.
By filtering out paths containing a hash we can at least stop the external storage from breaking completely
Signed-off-by: Robin Appelman <robin@icewind.nl>
This will allow to do lazy registration here which should allow for
loading less (or at least only when needed!).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
If we use the owners mount point this results in null. And then the rest
of the checks get called with null. Which doesn't work.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This translation was done in each call. Over and over and over again.
All while it was probably not used in 99.99999% of the cases. A small
gain. But still.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
this allows an admin to configure the max trashbin size instead of always relying on the users quota.
The trashbin size can be configured using the `occ trash:size` command and can be set both globally and per-user
Signed-off-by: Robin Appelman <robin@icewind.nl>
This is not required and doesn't allow us to be properly lazy. On top of
it this doesnt allow us to cache the routes (since closures/objects
can't be cached).
This is the first small step into cleaning up the routing we have
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header.
in other areas OC::$WEBROOT is always used together with an /
The old sharing mechanism isn't working anymore, because it was replaced by Share 2.0. Also it was nowhere used so this removes the code paths and reduces complexity.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This is like what we have to DI and classes, but for callables.
The motivating factor is to get rid of *service locators* in the `boot`
method of apps as a new pattern is about to emerge where we have lots of
`query` calls on the app or server container in order to fetch some
services.
With this little helper it's possible to call another (public) method
and magically have everything injected.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>