Merge pull request #60158 from nextcloud/backport/60148/stable32

[stable32] fix(core): use btoa() instead of window.Buffer.from() for base64 encoding
2026-05-28 04:32:30 -04:00 · 2026-05-06 12:59:35 +02:00 · 2026-05-06 12:59:35 +02:00 · 5f3889390f
commit 5f3889390f
parent 5402f92654 24efb2099d
11 changed files with 129 additions and 24 deletions
--- a/core/src/services/BrowsersListService.js
+++ b/core/src/services/BrowsersListService.js
@ -9,5 +9,6 @@ import browserslist from 'browserslist'
 import browserslistConfig from '@nextcloud/browserslist-config'

 // Generate a regex that matches user agents to detect incompatible browsers
-export const supportedBrowsersRegExp = new RegExp(getUserAgentRegex({ allowHigherVersions: true, browsers: browserslistConfig }).source + '|AscDesktopEditor')
+// Electron is added explicitly as it is used by Cypress tests and desktop app integrations
+export const supportedBrowsersRegExp = new RegExp(getUserAgentRegex({ allowHigherVersions: true, browsers: browserslistConfig }).source + '|AscDesktopEditor|Electron')
 export const supportedBrowsers = browserslist(browserslistConfig)
--- a/core/src/tests/utils/RedirectUnsupportedBrowsers.spec.ts
+++ b/core/src/tests/utils/RedirectUnsupportedBrowsers.spec.ts
@ -0,0 +1,114 @@
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { testSupportedBrowser } from '../../utils/RedirectUnsupportedBrowsers.js'
+
+// Mock the router so generateUrl returns a predictable path
+vi.mock('@nextcloud/router', () => ({
+	generateUrl: (path: string) => `/index.php${path}`,
+}))
+
+// Mock the logger to suppress output
+vi.mock('../../logger.js', () => ({
+	default: { debug: vi.fn() },
+}))
+
+const browserStorage = vi.hoisted(() => ({ getItem: vi.fn(() => null) }))
+vi.mock('../../services/BrowserStorageService.js', () => ({ default: browserStorage }))
+
+const supportedUA = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36'
+const unsupportedUA = 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)'
+
+describe('testSupportedBrowser', () => {
+	let originalLocation: Location
+
+	beforeEach(() => {
+		originalLocation = window.location
+
+		// Reset the override flag
+		browserStorage.getItem.mockReturnValue(null)
+
+		// Default to a path that isn't the unsupported-browser page
+		Object.defineProperty(window, 'location', {
+			configurable: true,
+			writable: true,
+			value: {
+				href: 'http://localhost/apps/files',
+				origin: 'http://localhost',
+				pathname: '/apps/files',
+				reload: vi.fn(),
+			},
+		})
+
+		vi.spyOn(window.history, 'pushState').mockImplementation(() => {})
+	})
+
+	afterEach(() => {
+		Object.defineProperty(window, 'location', {
+			configurable: true,
+			writable: true,
+			value: originalLocation,
+		})
+		vi.restoreAllMocks()
+	})
+
+	it('does nothing for a supported browser', () => {
+		Object.defineProperty(window.navigator, 'userAgent', { configurable: true, value: supportedUA })
+
+		testSupportedBrowser()
+
+		expect(window.history.pushState).not.toHaveBeenCalled()
+		expect(window.location.reload).not.toHaveBeenCalled()
+	})
+
+	it('redirects an unsupported browser to the warning page', () => {
+		Object.defineProperty(window.navigator, 'userAgent', { configurable: true, value: unsupportedUA })
+
+		testSupportedBrowser()
+
+		expect(window.history.pushState).toHaveBeenCalledOnce()
+		const [, , url] = (window.history.pushState as ReturnType<typeof vi.fn>).mock.calls[0]
+		expect(url).toMatch(/^\/index\.php\/unsupported\?redirect_url=/)
+		expect(window.location.reload).toHaveBeenCalledOnce()
+	})
+
+	it('encodes the redirect URL with btoa, not window.Buffer', () => {
+		Object.defineProperty(window.navigator, 'userAgent', { configurable: true, value: unsupportedUA })
+
+		testSupportedBrowser()
+
+		const [, , url] = (window.history.pushState as ReturnType<typeof vi.fn>).mock.calls[0]
+		const encoded = new URL(`http://localhost${url}`).searchParams.get('redirect_url')
+		expect(encoded).toBe(btoa('/apps/files'))
+	})
+
+	it('does not throw regardless of override flag state', () => {
+		// isBrowserOverridden is read at module-load time so the mock won't flip it
+		// retroactively — but we can at least assert the function never throws,
+		// which is the regression guard for the window.Buffer removal.
+		Object.defineProperty(window.navigator, 'userAgent', { configurable: true, value: unsupportedUA })
+		expect(() => testSupportedBrowser()).not.toThrow()
+	})
+
+	it('does not redirect when already on the unsupported-browser page', () => {
+		Object.defineProperty(window.navigator, 'userAgent', { configurable: true, value: unsupportedUA })
+		Object.defineProperty(window, 'location', {
+			configurable: true,
+			writable: true,
+			value: {
+				href: 'http://localhost/index.php/unsupported',
+				origin: 'http://localhost',
+				pathname: '/index.php/unsupported',
+				reload: vi.fn(),
+			},
+		})
+
+		testSupportedBrowser()
+
+		expect(window.history.pushState).not.toHaveBeenCalled()
+		expect(window.location.reload).not.toHaveBeenCalled()
+	})
+})
--- a/core/src/utils/RedirectUnsupportedBrowsers.js
+++ b/core/src/utils/RedirectUnsupportedBrowsers.js
@ -33,7 +33,7 @@ export const testSupportedBrowser = function() {
 	// redirect to the unsupported warning page
 	if (window.location.pathname.indexOf(redirectPath) === -1) {
 		const redirectUrl = window.location.href.replace(window.location.origin, '')
-		const base64Param = Buffer.from(redirectUrl).toString('base64')
+		const base64Param = btoa(redirectUrl)
 		history.pushState(null, null, `${redirectPath}?redirect_url=${base64Param}`)
 		window.location.reload()
 	}
--- a/dist/7883-7883.js
+++ b/dist/7883-7883.js
--- a/dist/7883-7883.js.license
+++ b/dist/7883-7883.js.license
@ -2,18 +2,15 @@ SPDX-License-Identifier: MIT
 SPDX-License-Identifier: ISC
 SPDX-License-Identifier: GPL-3.0-or-later
 SPDX-License-Identifier: CC-BY-4.0
-SPDX-License-Identifier: BSD-3-Clause
 SPDX-License-Identifier: Apache-2.0
 SPDX-License-Identifier: AGPL-3.0-or-later
 SPDX-FileCopyrightText: dangreen
 SPDX-FileCopyrightText: baseline-browser-mapping developers
-SPDX-FileCopyrightText: T. Jameson Little <t.jameson.little@gmail.com>
 SPDX-FileCopyrightText: Sergey Rubanov <chi187@gmail.com>
 SPDX-FileCopyrightText: Roman Shtylman <shtylman@gmail.com>
 SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
 SPDX-FileCopyrightText: Kilian Valkhof
 SPDX-FileCopyrightText: GitHub Inc.
-SPDX-FileCopyrightText: Feross Aboukhadijeh
 SPDX-FileCopyrightText: Dmitry Soshnikov
 SPDX-FileCopyrightText: Ben Briggs
 SPDX-FileCopyrightText: Andrey Sitnik <andrey@sitnik.ru>
@ -41,9 +38,6 @@ This file is generated from multiple sources. Included packages:
 - @nextcloud/router
 	- version: 3.1.0
 	- license: GPL-3.0-or-later
- base64-js
-	- version: 1.5.1
-	- license: MIT
 - baseline-browser-mapping
 	- version: 2.9.9
 	- license: Apache-2.0
@ -59,12 +53,6 @@ This file is generated from multiple sources. Included packages:
 - electron-to-chromium
 	- version: 1.5.267
 	- license: ISC
- ieee754
-	- version: 1.2.1
-	- license: BSD-3-Clause
- buffer
-	- version: 6.0.3
-	- license: MIT
 - node-releases
 	- version: 2.0.27
 	- license: MIT
--- a/dist/7883-7883.js.map
+++ b/dist/7883-7883.js.map
--- a/dist/core-unsupported-browser-redirect.js
+++ b/dist/core-unsupported-browser-redirect.js
@ -1,2 +1,2 @@
-(()=>{"use strict";var e,r,t,o={47210(e,r,t){var o=t(21777);t.nc=(0,o.aV)(),window.TESTING||OC?.config?.no_unsupported_browser_warning||window.addEventListener("DOMContentLoaded",async function(){const{testSupportedBrowser:e}=await Promise.all([t.e(4208),t.e(7883)]).then(t.bind(t,77883));e()})}},n={};function a(e){var r=n[e];if(void 0!==r)return r.exports;var t=n[e]={id:e,loaded:!1,exports:{}};return o[e].call(t.exports,t,t.exports,a),t.loaded=!0,t.exports}a.m=o,e=[],a.O=(r,t,o,n)=>{if(!t){var i=1/0;for(s=0;s<e.length;s++){for(var[t,o,n]=e[s],l=!0,d=0;d<t.length;d++)(!1&n||i>=n)&&Object.keys(a.O).every(e=>a.O[e](t[d]))?t.splice(d--,1):(l=!1,n<i&&(i=n));if(l){e.splice(s--,1);var c=o();void 0!==c&&(r=c)}}return r}n=n||0;for(var s=e.length;s>0&&e[s-1][2]>n;s--)e[s]=e[s-1];e[s]=[t,o,n]},a.n=e=>{var r=e&&e.__esModule?()=>e.default:()=>e;return a.d(r,{a:r}),r},a.d=(e,r)=>{for(var t in r)a.o(r,t)&&!a.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:r[t]})},a.f={},a.e=e=>Promise.all(Object.keys(a.f).reduce((r,t)=>(a.f[t](e,r),r),[])),a.u=e=>e+"-"+e+".js?v=f0b15d22d89c4648c25b",a.o=(e,r)=>Object.prototype.hasOwnProperty.call(e,r),r={},t="nextcloud:",a.l=(e,o,n,i)=>{if(r[e])r[e].push(o);else{var l,d;if(void 0!==n)for(var c=document.getElementsByTagName("script"),s=0;s<c.length;s++){var u=c[s];if(u.getAttribute("src")==e||u.getAttribute("data-webpack")==t+n){l=u;break}}l||(d=!0,(l=document.createElement("script")).charset="utf-8",a.nc&&l.setAttribute("nonce",a.nc),l.setAttribute("data-webpack",t+n),l.src=e),r[e]=[o];var p=(t,o)=>{l.onerror=l.onload=null,clearTimeout(f);var n=r[e];if(delete r[e],l.parentNode&&l.parentNode.removeChild(l),n&&n.forEach(e=>e(o)),t)return t(o)},f=setTimeout(p.bind(null,void 0,{type:"timeout",target:l}),12e4);l.onerror=p.bind(null,l.onerror),l.onload=p.bind(null,l.onload),d&&document.head.appendChild(l)}},a.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.nmd=e=>(e.paths=[],e.children||(e.children=[]),e),a.j=3604,(()=>{var e;globalThis.importScripts&&(e=globalThis.location+"");var r=globalThis.document;if(!e&&r&&(r.currentScript&&"SCRIPT"===r.currentScript.tagName.toUpperCase()&&(e=r.currentScript.src),!e)){var t=r.getElementsByTagName("script");if(t.length)for(var o=t.length-1;o>-1&&(!e||!/^http(s?):/.test(e));)e=t[o--].src}if(!e)throw new Error("Automatic publicPath is not supported in this browser");e=e.replace(/^blob:/,"").replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/"),a.p=e})(),(()=>{a.b="undefined"!=typeof document&&document.baseURI||self.location.href;var e={3604:0};a.f.j=(r,t)=>{var o=a.o(e,r)?e[r]:void 0;if(0!==o)if(o)t.push(o[2]);else{var n=new Promise((t,n)=>o=e[r]=[t,n]);t.push(o[2]=n);var i=a.p+a.u(r),l=new Error;a.l(i,t=>{if(a.o(e,r)&&(0!==(o=e[r])&&(e[r]=void 0),o)){var n=t&&("load"===t.type?"missing":t.type),i=t&&t.target&&t.target.src;l.message="Loading chunk "+r+" failed.\n("+n+": "+i+")",l.name="ChunkLoadError",l.type=n,l.request=i,o[1](l)}},"chunk-"+r,r)}},a.O.j=r=>0===e[r];var r=(r,t)=>{var o,n,[i,l,d]=t,c=0;if(i.some(r=>0!==e[r])){for(o in l)a.o(l,o)&&(a.m[o]=l[o]);if(d)var s=d(a)}for(r&&r(t);c<i.length;c++)n=i[c],a.o(e,n)&&e[n]&&e[n][0](),e[n]=0;return a.O(s)},t=globalThis.webpackChunknextcloud=globalThis.webpackChunknextcloud||[];t.forEach(r.bind(null,0)),t.push=r.bind(null,t.push.bind(t))})(),a.nc=void 0;var i=a.O(void 0,[4208],()=>a(47210));i=a.O(i)})();
-//# sourceMappingURL=core-unsupported-browser-redirect.js.map?v=6acb671a13676e115e9a
+(()=>{"use strict";var e,r,t,o={47210(e,r,t){var o=t(21777);t.nc=(0,o.aV)(),window.TESTING||OC?.config?.no_unsupported_browser_warning||window.addEventListener("DOMContentLoaded",async function(){const{testSupportedBrowser:e}=await Promise.all([t.e(4208),t.e(7883)]).then(t.bind(t,77883));e()})}},a={};function n(e){var r=a[e];if(void 0!==r)return r.exports;var t=a[e]={id:e,loaded:!1,exports:{}};return o[e].call(t.exports,t,t.exports,n),t.loaded=!0,t.exports}n.m=o,e=[],n.O=(r,t,o,a)=>{if(!t){var i=1/0;for(s=0;s<e.length;s++){for(var[t,o,a]=e[s],l=!0,d=0;d<t.length;d++)(!1&a||i>=a)&&Object.keys(n.O).every(e=>n.O[e](t[d]))?t.splice(d--,1):(l=!1,a<i&&(i=a));if(l){e.splice(s--,1);var c=o();void 0!==c&&(r=c)}}return r}a=a||0;for(var s=e.length;s>0&&e[s-1][2]>a;s--)e[s]=e[s-1];e[s]=[t,o,a]},n.n=e=>{var r=e&&e.__esModule?()=>e.default:()=>e;return n.d(r,{a:r}),r},n.d=(e,r)=>{for(var t in r)n.o(r,t)&&!n.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:r[t]})},n.f={},n.e=e=>Promise.all(Object.keys(n.f).reduce((r,t)=>(n.f[t](e,r),r),[])),n.u=e=>e+"-"+e+".js?v=ddafd3acd8a3363b54cf",n.o=(e,r)=>Object.prototype.hasOwnProperty.call(e,r),r={},t="nextcloud:",n.l=(e,o,a,i)=>{if(r[e])r[e].push(o);else{var l,d;if(void 0!==a)for(var c=document.getElementsByTagName("script"),s=0;s<c.length;s++){var u=c[s];if(u.getAttribute("src")==e||u.getAttribute("data-webpack")==t+a){l=u;break}}l||(d=!0,(l=document.createElement("script")).charset="utf-8",n.nc&&l.setAttribute("nonce",n.nc),l.setAttribute("data-webpack",t+a),l.src=e),r[e]=[o];var p=(t,o)=>{l.onerror=l.onload=null,clearTimeout(f);var a=r[e];if(delete r[e],l.parentNode&&l.parentNode.removeChild(l),a&&a.forEach(e=>e(o)),t)return t(o)},f=setTimeout(p.bind(null,void 0,{type:"timeout",target:l}),12e4);l.onerror=p.bind(null,l.onerror),l.onload=p.bind(null,l.onload),d&&document.head.appendChild(l)}},n.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.nmd=e=>(e.paths=[],e.children||(e.children=[]),e),n.j=3604,(()=>{var e;globalThis.importScripts&&(e=globalThis.location+"");var r=globalThis.document;if(!e&&r&&(r.currentScript&&"SCRIPT"===r.currentScript.tagName.toUpperCase()&&(e=r.currentScript.src),!e)){var t=r.getElementsByTagName("script");if(t.length)for(var o=t.length-1;o>-1&&(!e||!/^http(s?):/.test(e));)e=t[o--].src}if(!e)throw new Error("Automatic publicPath is not supported in this browser");e=e.replace(/^blob:/,"").replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/"),n.p=e})(),(()=>{n.b="undefined"!=typeof document&&document.baseURI||self.location.href;var e={3604:0};n.f.j=(r,t)=>{var o=n.o(e,r)?e[r]:void 0;if(0!==o)if(o)t.push(o[2]);else{var a=new Promise((t,a)=>o=e[r]=[t,a]);t.push(o[2]=a);var i=n.p+n.u(r),l=new Error;n.l(i,t=>{if(n.o(e,r)&&(0!==(o=e[r])&&(e[r]=void 0),o)){var a=t&&("load"===t.type?"missing":t.type),i=t&&t.target&&t.target.src;l.message="Loading chunk "+r+" failed.\n("+a+": "+i+")",l.name="ChunkLoadError",l.type=a,l.request=i,o[1](l)}},"chunk-"+r,r)}},n.O.j=r=>0===e[r];var r=(r,t)=>{var o,a,[i,l,d]=t,c=0;if(i.some(r=>0!==e[r])){for(o in l)n.o(l,o)&&(n.m[o]=l[o]);if(d)var s=d(n)}for(r&&r(t);c<i.length;c++)a=i[c],n.o(e,a)&&e[a]&&e[a][0](),e[a]=0;return n.O(s)},t=globalThis.webpackChunknextcloud=globalThis.webpackChunknextcloud||[];t.forEach(r.bind(null,0)),t.push=r.bind(null,t.push.bind(t))})(),n.nc=void 0;var i=n.O(void 0,[4208],()=>n(47210));i=n.O(i)})();
+//# sourceMappingURL=core-unsupported-browser-redirect.js.map?v=975a2f5512e93a165a9d
--- a/dist/core-unsupported-browser-redirect.js.map
+++ b/dist/core-unsupported-browser-redirect.js.map
--- a/dist/core-unsupported-browser.js
+++ b/dist/core-unsupported-browser.js
--- a/dist/core-unsupported-browser.js.map
+++ b/dist/core-unsupported-browser.js.map
--- a/tests/lib/TextProcessing/TextProcessingTest.php
+++ b/tests/lib/TextProcessing/TextProcessingTest.php
@ -160,10 +160,12 @@ class TextProcessingTest extends \Test\TestCase {
 		$this->taskMapper
 			->expects($this->any())
 			->method('deleteOlderThan')
-			->willReturnCallback(function (int $timeout): void {
+			->willReturnCallback(function (int $timeout): int {
+				$before = count($this->tasksDb);
 				$this->tasksDb = array_filter($this->tasksDb, function (array $task) use ($timeout) {
 					return $task['last_updated'] >= $this->currentTime->getTimestamp() - $timeout;
 				});
+				return $before - count($this->tasksDb);
 			});

 		$this->jobList = $this->createPartialMock(DummyJobList::class, ['add']);