Whilst we currently state that SSRF is generally outside of our threat model, this is something where we should invest to improve this.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Since version 1.8.0 of Mink "Mink::getSession()" no longer starts the
session automatically (see https://github.com/minkphp/Mink/pull/705), so
it now needs to be explicitly started.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Since version 1.4.0 the Selenium driver for Mink uses again the element
on which the value was set (see
https://github.com/minkphp/MinkSelenium2Driver/pull/286). When creating
a new folder or renaming one sending a new line ("\r") caused the
element on which the value was set to be removed, so the element was no
longer attached to the DOM when the driver tried to use it again, and
thus a "StaleElementReference" exception was thrown.
Due to this now it is needed to explicitly click the confirm button when
creating a new folder. In the case of the renaming, on the other hand,
nothing else besides not sending the new line is needed, as the Selenium
driver now unfocuses the element (that is why it uses again the element
after setting the value) which triggers the renaming.
Besides that, the Selenium driver for Mink uses a library to simulate
certain events, bitovi/syn. In version 1.4.0 that library was updated to
version 0.0.3, which seems to somehow break pressing the "escape" key.
Due to this now the sharing menu has to be closed by pressing "enter" on
the share menu button instead.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The PHPUnit update also required an update of "symfony/yaml", so besides
the changes needed for PHPUnit the "behat.yml" file also had to be
adjusted.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When avatar scope is private, the PlaceholderAvatar is used to deliver a
placeholder avatar based on the user's initials.
This was implemented as a separate class for now to avoid messing with
the existing UserAvatar implementation and its generated vs
non-generated logic.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Use new scope values in settings page.
Adjust all consumers to use the new constants.
Map old scope values to new ones in account property getter.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Added new v2-private account manager scope that restricts the scope
further by excluding public link access.
Avatars with v2-private account scope are now showing the guest avatar
instead of the real avatar.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Remove "ocs-provider" test folder reference as it doesn't exist any
more.
Added back "Test" test subdir and fixed the tests inside.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
It seems Phpunit < 9 was case insensitive.
Fixed the phpunit config to target the correct name for the "Core" test
directory.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>