upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-16 20:19:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 16
83872 commits 1016 branches 1221 tags 8.7 GiB
Commit graph

395 commits

Author SHA1 Message Date
Christopher Ng
8bbd326143 feat: Allow passing additional encode flags for json response 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2024-08-01 09:14:44 -07:00
Christopher Ng
b859260423 feat: Increase max depth of encoded json 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2024-08-01 09:14:44 -07:00
provokateurin
c57c3c1573
refactor(core): Replace security annotations with respective attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-26 07:30:45 +02:00
SebastianKrupinski
fc0b694d37 feat: mail provider backend 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-07-23 16:20:36 -04:00
Alexander Piskun
b7af6ec200
feat: allow for ExApps to call Admin endpoints marked with specific attr 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2024-07-18 15:11:39 +03:00
skjnldsv
a65cdd1e70 fix: ARateLimit documentation 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-07-12 20:14:30 +02:00
provokateurin
355ef202e4
feat(OpenAPI): Add ex_app scope 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-02 09:12:48 +02:00
provokateurin
5aefdc399e
feat(AppFramework): Add ExAppRequired attribute 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-01 14:41:20 +02:00
Julius Härtl
2fb0ca9cf7 feat: Add yieldEntities wrapper for entity mapping in QBMapper 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-06-24 09:15:58 +02:00
Andy Scherzinger
dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +02:00
provokateurin
adc7ae866a
fix(IRegistrationContext): Add missing TaskProcessing methods 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 09:54:16 +02:00
Côme Chilliet
5d1ca7e25a
fix: Drop workarounds for unsupported obsolete PHP versions 
Also improved error handling in Installer.php to be type safe.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-22 16:55:42 +02:00
Ferdinand Thiessen
3aa9c53a87
Merge pull request #44644 from nextcloud/enh/noid/returns-formated-app-values 
fix(appconfig): format app values
 2024-04-17 17:11:36 +02:00
provokateurin
db77eab677
fix(AppFramework): Fix error message about 204 not allowing custom headers 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-04-08 16:08:44 +02:00
Maxence Lange
97e59b12a1 fix(appconfig): only convert single entry on searchValues() 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-04-05 17:49:34 -01:00
Côme Chilliet
ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +02:00
jld3103
4ac2375ca2
feat: Add declarative settings 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-12 13:56:54 +02:00
Julius Härtl
78ba1b0712
fix: Allow nonce in csp header also if no other reasons are given 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-08 12:11:46 +01:00
Julius Härtl
c7813bfdaf
feat: Implement team provider api 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-05 08:13:58 +01:00
provokateurin
df6175ccb1
feat(AppFramework): Add Route attribute 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-21 12:07:50 +01:00
Joas Schilling
42be7a5d74
fix(OCP): Add since tag for all constants 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-02-14 20:50:08 +01:00
Côme Chilliet
c0ce272e9c chore: Migrate away from OC::$server->getLogger 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-13 17:32:30 +01:00
Anna Larch
6434ce96c9 Add timezone getter to ITimeFactory 
Signed-off-by: Anna Larch <anna@nextcloud.com>
 2024-02-13 13:29:06 +01:00
Maxence Lange
51fa22dc26 fix psalm 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-31 21:13:32 -01:00
Maxence Lange
86835ee899 sync with new OCP\IAppConfig 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-31 21:13:32 -01:00
John Molakvoæ
82b5a19a35
fix: public dav and files_sharing testing fixes 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-01-09 10:56:14 +01:00
Joas Schilling
f6b6776c93
fix(API): Use a distinct exception so apps can react to it and customize the return 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-28 06:11:57 +01:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Ferdinand Thiessen
ecf9f0a872
fix(CSP): Only add strict-dynamic when using nonces 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 22:01:02 +01:00
Ferdinand Thiessen
e231abd9bf
fix!(ContentSecurityPolicy): Make strict-dynamic enabled by default on script-src-elem 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 14:42:36 +01:00
Ferdinand Thiessen
7df9eb3351 feat(ContentSecurityPolicy): Allow to set strict-dynamic on script-src-elem only 
This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`.
The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 11:12:57 +01:00
Joas Schilling
ffc1bb774b
feat(openapi): Add OpenAPI attribute to allow multiple scopes and overwriting tags 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-03 09:25:11 +01:00
Joas Schilling
2b7f78fc2e
Merge pull request #40326 from nextcloud/enh/text-to-image-api 
Implement TextToImage OCP API
 2023-10-26 15:53:30 +02:00
Marcel Klehr
8339b5b128 fix: Minor copypasta 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-23 15:00:40 +02:00
Marcel Klehr
cee5aa84f0 fix(Text2Image): Fix psalm errors 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-20 14:56:24 +02:00
Côme Chilliet
1202171b32
Fix docblock and types for new public API 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-19 11:43:59 +02:00
Carl Schwan
eb1d612d96
Add api to register setup checks 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2023-10-19 11:43:58 +02:00
Ferdinand Thiessen
154a9989a7
Merge pull request #39852 from nextcloud/pragmaHeader 
Stop sending deprecated Pragma header
 2023-10-18 03:30:21 +02:00
Côme Chilliet
8212feefb9
Merge pull request #40367 from nextcloud/fix/user_ldap-update-groups-on-login 
Fire group membership events from LDAP at login
 2023-10-16 10:01:55 +02:00
Côme Chilliet
500374a8e7
Fix registerEventListener signature 
It seems now psalm correctly supports this.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-12 10:13:43 +02:00
Joas Schilling
0a4fbaddc7
Fix version number in ITimeFactory after it was delayed 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-10-11 12:14:41 +02:00
Git'Fellow
066f6ef16c Stop sending deprecated Pragma header 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-08-28 15:11:22 +02:00
Anna Larch
66c1aa4a3c fix(utility): De- deprecate getDateTime as now() only returns immutable objects 
This will mean lots of code like
```$dateTime = (new DateTime())->setTimestamp(ITimeFactory::now()->getTimestamp()```
if a regular DateTime object is needed

Signed-off-by: Anna Larch <anna@nextcloud.com>
 2023-08-25 08:55:44 +02:00
Robin Appelman
ccf57e0715 add separate event for rendering login page template 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-08-17 10:57:56 +02:00
Daniel Calviño Sánchez
41f2d912d2 Allow "wasm-unsafe-eval" in CSP 
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).

Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.

To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2023-08-10 02:38:41 +02:00
Joas Schilling
1b387bb341
fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +02:00
Marcel Klehr
7c80d66ee5
Merge pull request #38854 from nextcloud/enh/llm-api 2023-07-21 11:20:31 +02:00
Marcel Klehr
ffe27ce14c Massive refactoring: Turn LanguageModel OCP API into TextProcessing API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-14 16:00:31 +02:00
jld3103
2d6a62ccee
Add IgnoreOpenAPI attribute 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-10 14:25:22 +02:00
Marcel Klehr
069962d04f Since 27.1.0 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:46:34 +02:00
Marcel Klehr
fb55afc9ff Update lib/public/AppFramework/Bootstrap/IRegistrationContext.php 
Co-authored-by: Daniel <mail@danielkesselberg.de>
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +02:00
Marcel Klehr
795b097122 LLM OCP API: Implement ocs API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +02:00
Christoph Wurst
14719110b9 chore: Replace \OC::$server->query with \OCP\Server::get in /lib 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-07-06 15:21:22 +02:00
Louis Chemineau
407c361b91 Add OCSPreconditionFailedException 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2023-07-05 20:01:45 +02:00
jld3103
b0001c6010
Add template types to responses 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-06-30 09:33:29 +02:00
Christoph Wurst
08a3f37695
chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-06-12 10:03:59 +02:00
Git'Fellow
5b5895a130 Drop meta robots tag 
Revert mistake

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-06-09 18:06:37 +02:00
Faraz Samapoor
bf38c0a3d1 Refactors "strpos" calls in lib/public to improve code readability. 
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
 2023-06-05 11:14:52 +02:00
Joas Schilling
5b2d5767e1
fix(docs): Fix language and copy-paste class name in docs of CSP 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-30 13:39:33 +02:00
Julius Härtl
050c6d53b3
enh: Provide atomicRetry method to retry transactions if possible 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-05-16 08:13:20 +02:00
Simon L
d55a7c619d Fix typos in lib/public subdirectory 
Found via `codespell -q 3 -S l10n -L jus ./lib/public`

Signed-off-by: luz paz <luzpaz@github.com>

Update lib/public/Accounts/IAccount.php

Signed-off-by: luz paz <luzpaz@github.com>

Signed-off-by: Simon L <szaimen@e.mail.de>
Co-Authored-By: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
 2023-05-10 11:56:34 +02:00
Daniel Kesselberg
eecdb62e92
fix: add workaround for oci and limit queries 
DBAL uses a helper column "doctrine_rownum" for top-n queries

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2023-05-02 14:26:28 +02:00
Joas Schilling
ecb8b55c5c
feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402
feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Joas Schilling
fd473f89e8
Merge pull request #37674 from nextcloud/feature/speech-to-text 
feat(SpeechToText): Add SpeechToText OCP provider API
 2023-04-19 16:29:44 +02:00
Christoph Wurst
2c0cfd3772
feat(app-framework): Add native argument types for middleware 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-18 17:15:05 +02:00
Ferdinand Thiessen
bdbff2181e fix: Allow to catch IMapperException by implementing Throwable 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-04-17 16:05:10 +00:00
Marcel Klehr
317521b607 feat(SpeechToText): Add SpeechToText provider API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-04-11 14:59:57 +02:00
jld3103
b153340b62
Add type hints for mappers 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-04-07 09:49:42 +02:00
Joas Schilling
e839eb9b5c
feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
c297f8ee96
feat(appframework): Make ITimeFactory extend \PSR\Clock\ClockInterface 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-03 15:37:13 +01:00
Julius Härtl
3e63298381
feat(translations): Add translation provider API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-27 16:52:03 +01:00
MichaIng
5f90b8eb11
Change X-Robots-Tag header from "none" to "noindex, nofollow" 
While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines.

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names
https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list
https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240

Signed-off-by: MichaIng <micha@dietpi.com>
 2023-02-15 20:16:51 +01:00
Joas Schilling
6f3ce5c319
Also copy bruteforce meta data when converting DataResponse to JSONResponse 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-14 16:00:10 +01:00
Ferdinand Thiessen
ba8a50c059 fix: Throw NotFoundExceptionInterface to fulfill PSR container interface if class not found 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-06 14:16:35 +01:00
Louis Chemineau
4ab3c16403 Pluggable share provider 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2023-02-02 15:41:26 +01:00
Christoph Wurst
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Christoph Wurst
ad00a149ea
Merge pull request #36310 from nextcloud/feat/app-framework/global-middlewares 
feat(app-framework): Add support for global middlewares
 2023-01-26 15:17:38 +01:00
Christoph Wurst
8d9af3e262
feat(app-framework): Add support for global middlewares 
This allows apps to register middlewares that always register, not just
for the app's own requests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-26 11:54:28 +01:00
Christoph Wurst
6d7339b0ff
fix(app-framework): Specify return type of Middleware::beforeController 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-25 09:30:58 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Côme Chilliet
e91457d9cd
Improve typing in Entity.php 
Removing @method in Entity brings even more errors.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Roeland Jago Douma
60ee874485
Remove long depreated AppFramework/Db/Mapper 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2022-10-10 08:18:32 +02:00
Joas Schilling
82b98b4b9b
Fix typo in deprecated 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-10-04 11:42:24 +02:00
Jonas Rittershofer
c8b7a233a5 Allow CSRF on CORS routes 
Co-authored-by: Julius Härtl <jus@bitgrid.net>
Co-authored-by: Andreas Brinner <andreas@everlanes.net>
Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
 2022-09-21 10:42:00 +00:00
Joas Schilling
df57b51c8b
Fix psalm parameter type 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-09-15 11:28:40 +02:00
Daniel
c55ae98a3f
Add description for public and immutable 
Co-authored-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Daniel <mail@danielkesselberg.de>
 2022-09-03 15:58:18 +02:00
Daniel Kesselberg
855ef21883
Update docblock for cacheFor 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-09-03 15:28:23 +02:00
Julius Härtl
68d0038eb0
Move registration to IBootstrap 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:06 +02:00
Arthur Schiwon
2a6f46e689
allow apps to specify methods carrying sensitive parameters 
… in order to remove them from logging.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-28 23:30:17 +02:00
Thomas Citharel
1d30fb7852
Fix reading blob data as resource 
PostgreSQL returns data as resource when using IQueryBuilder::PARAM_LOB
(which is used for QBMapper).

Previously we just converted this resource using settype, which produced
things like "Resource id #14" instead of the actual resource data.

Now we read the stream correctly if the returned data is a resource

See context at #22472

Fixes #22439

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-07-25 09:45:47 +02:00
blizzz
df89e7fd39
Merge pull request #32485 from nextcloud/debt/noid/psalm-streamer-fh 
[Psalm] Fix docblock for addFileFromStream
 2022-05-31 14:22:05 +02:00
Julius Härtl
3901a93c72
Use JSON_THROW_ON_ERROR instead of custom error handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-05-30 19:17:49 +02:00
Daniel Kesselberg
be99ea969e
Fix type for resource 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-05-24 22:05:59 +02:00
Joas Schilling
ad908cd87a
Make appName of TemplateResponse accessible in BeforeTemplateRenderedEvent 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-20 15:03:40 +02:00
Daniel Kesselberg
7cd356ee7d
Fix psalm warning for zip response due wrong type 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-05-13 15:50:26 +02:00
Christoph Wurst
1cd05a06fa
Always free the DB result in QBMapper::findEntities 
Without this patch it only happened if the code ran through without any
errors. Now the result is also freed in the case of an error.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-05-12 09:51:37 +02:00
Carl Schwan
da64a3a7e8
Merge pull request #31900 from nextcloud/feat/server-container-public 
Add a public replacement for OC::$server->get
 2022-05-10 23:23:06 +02:00
Carl Schwan
f945c0cbc6 Add a public replacement for OC::$server->get 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-10 18:51:12 +02:00
Vincent Petry
7718c9776c
Merge pull request #32113 from nextcloud/bugfix/noid/fix-csp-merging-bools 
Add CSP policy merge priority for booleans
 2022-05-05 17:26:48 +02:00