upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-16 20:19:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 16
81571 commits 1016 branches 1221 tags 8.7 GiB
Commit graph

1156 commits

Author SHA1 Message Date
Salvatore Martire
d997b1f7b0 fix(pagination): render multistatus to XML before caching 
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
 2025-11-04 09:53:04 +00:00
Louis Chemineau
860d84123f fix(contacts): Do not expose SAB in /contactsmenu 
When hitting the `/contactsmenu/contacts` endpoint with the `dav.system_addressbook_exposed` config switch set to `"no"`, the system address book content is still listed in the response.

This ensure that we do not expose unexpectedly the system address book.

Signed-off-by: Louis Chmn <louis@chmn.me>
 2025-10-12 16:26:09 +02:00
Richard Steinmetz
7bfa81216d fix(caldav): encoding inconsistencies in event search provider 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-10-08 10:56:22 +00:00
SebastianKrupinski
e25d0dbf2d fix: aliases and capitalization of emails 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2025-09-16 22:05:47 +02:00
SebastianKrupinski
4aba03f319 fix: do not ignore move command object target uri 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2025-08-27 19:14:17 +02:00
Arusekk
47576d10da
fix(caldav): show confidential event if writable 
If a party can edit the calendar/event, just display it instead of
hiding the details and risking overwrites.
This might be considered a change impacting privacy,
but it actually improves semantics.

Relevant test updates included, improving assertion correctness.

I think all the relevant use cases are solved by this.

Closes https://github.com/nextcloud/server/issues/5551
Closes https://github.com/nextcloud/calendar/issues/4044
Closes https://github.com/nextcloud/server/issues/11214

Signed-off-by: Arusekk <floss@arusekk.pl>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-08-27 09:56:47 +02:00
Richard Steinmetz
06ab1f2d14 fix(carddav): IAddressBook::getKey() should return a string 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-08-26 12:21:17 +00:00
Richard Steinmetz
c9b2c81474
fix(caldav): encode calendar URLs properly when formatting search results 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-08-19 12:10:31 +02:00
Daniel Kesselberg
481aaf11fc fix(carddav): return correct sync token for non-truncated requests 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2025-08-14 11:17:27 +02:00
Hamza Mahjoubi
84c0e1be9a feat(cardav): support result truncation for addressbook federation 
Signed-off-by: Hamza Mahjoubi <hamzamahjoubi221@gmail.com>
 2025-08-14 11:17:26 +02:00
Christoph Wurst
2a49b910fd fix(dav): calculate permissions based on addressbook principal 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2025-08-06 21:37:34 +00:00
Julius Knorr
a9b4a6b269
perf(dav): Preload dav search with tags/favorites 
Signed-off-by: Julius Knorr <jus@bitgrid.net>
 2025-07-02 21:52:12 +02:00
Andy Scherzinger
76b73436ba
Merge pull request #53036 from nextcloud/backport/53029/stable31 
[stable31] fix(caldav): don't send invitations to circles
 2025-05-25 22:51:59 +02:00
Louis Chemineau
7a0261878a fix: Move CSRF check from base to PublicAuth for public.php 
This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment.

Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF.  So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin.

We also add a redirect to be helpful to the user.

**Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view.

Fix #52482

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-05-22 08:30:36 +00:00
Richard Steinmetz
d9eff389a7 fix(caldav): don't send invitations to circles 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-05-21 14:16:07 +00:00
Daniel Kesselberg
eab2c5cbee fix(caldav): prevent unshare entry creation for owner unsharing 
- Introduces a `unshare` method in `CalDavBackend` to handle user unshares.
- Implements check to determine if unshare entry is needed based on group/circle membership.
- Ensures `updateShares` is only used when the calendar owner manages shares.
- Resolves issue where unsharing a calendar as owner created an unshare entry in `oc_dav_shares`.

Related PRs:
- https://github.com/nextcloud/server/pull/43117
- https://github.com/nextcloud/server/pull/47737

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2025-05-19 14:35:04 +02:00
Richard Steinmetz
3bb440a73e fix(dav): move orphan cleaning logic to a chunked background job 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-05-06 13:05:26 +00:00
skjnldsv
1486243604 fix(dav): check the owner displayName scope before giving attribute 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>

[skip ci]
 2025-04-30 12:38:16 +02:00
Richard Steinmetz
1653cd2dea
fix(oauth2): retain support for legacy ownCloud clients 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-04-02 12:05:18 +02:00
Edward Ly
5f15089a05
feat(dav)!: migrate OCA calendar object events to OCP 
Signed-off-by: Edward Ly <contact@edward.ly>
 2025-03-31 10:26:23 -07:00
Christoph Wurst
1f1945640d fix(dav): Create SAB at installation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2025-03-30 14:04:45 +02:00
skjnldsv
2b4fed3340 fix(dav): filter user files when updating tags 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2025-03-25 12:30:03 +00:00
Daniel Kesselberg
ca63574674 fix: skip caching lastSeenQuotaUsage for remote shares 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2025-03-20 00:54:46 +01:00
Hamza Mahjoubi
7e6801a9af fix(cardav): only show useres from enabled addressBooks in contacts menu 
Signed-off-by: Hamza Mahjoubi <hamzamahjoubi221@gmail.com>
 2025-03-19 23:46:57 +01:00
Raimund Schlüßler
94d95a68f7 fix(TasksSearchProviderTest): adjust deep link to Tasks app 
Signed-off-by: Raimund Schlüßler <raimund.schluessler@mailbox.org>
 2025-01-24 23:46:13 +01:00
Richard Steinmetz
f0702ad89f
Merge pull request #50034 from nextcloud/rename-deleted-default-calendar-in-trashbin 
fix(caldav): rename default calendar to keep it in the trashbin instead of purging it
 2025-01-11 16:33:44 +01:00
Sebastian Krupinski
3ab0d672b1
Merge pull request #49852 from nextcloud/fix/issue-49756-translations 
fix: change translation logic to handle plurals better
 2025-01-07 08:49:03 +00:00
Robin Appelman
757076af29
fix: explicitly ignore nested mounts when transfering ownership 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-01-06 14:45:35 +01:00
Thomas Citharel
ef0e2213ea
fix(caldav): rename default calendar to keep it in the trashbin instead of purging it 
When doing a PROPFIND on default-calendar-url, if the current default calendar (fallbacking on personal uri)
is in the trashbin, it's being purged so that it's recreated.

This leads to loss of data.

We can simply rename the calendar URI and add a unique suffix so that it doesn't conflict with the new calendar
being created.
Shares are fine because they reference the resourceid and not the calendar URI.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2025-01-06 11:45:05 +01:00
SebastianKrupinski
a912556a89 fix: change translation logic to handle plurals better 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2025-01-06 10:21:19 +01:00
Joas Schilling
f9ee3505a0
Merge pull request #49731 from nextcloud/bugfix/noid/allow-to-get-permissions-of-a-principal 
fix(calendar): Fix getting the permissions of the user
 2024-12-16 15:02:51 +01:00
Joas Schilling
fddbc54003
test: Adjust tests to proof exclusion of other principal permissions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-12-16 08:36:25 +01:00
Sebastian Krupinski
dd89911b31
Merge pull request #49528 from nextcloud/fix/issue-47879-property-serialization 
fix: replace null character when serializing
 2024-12-13 20:20:42 -05:00
SebastianKrupinski
0628eb62f3 fix: return 204 instead of 404 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-12-13 11:47:18 -05:00
SebastianKrupinski
c1dd8ddf59 fix: replace null character when serializing 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-12-13 11:46:26 -05:00
Julius Knorr
cba556d641
Merge pull request #48612 from nextcloud/fix/activity-log-for-favorites-in-dav 
add activity logging for favorites in dav
 2024-12-12 15:18:47 +01:00
SebastianKrupinski
04cb122af2 fix: disable both iTip and iMip messages 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-12-10 12:39:49 -05:00
SebastianKrupinski
a92547888c fix: add support for Microsoft time zones 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-12-09 12:39:37 -05:00
skjnldsv
0c7e259151 feat(systemtags): allow setting color with occ 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-12-06 10:19:42 +01:00
skjnldsv
adf8a454dd feat(systemtags): add color support backend 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-12-06 10:19:42 +01:00
Robin Appelman
e4d0882b31
fix: improve assembly stream 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-12-05 14:12:36 +01:00
grnd-alt
2d02d83597 fix(dav): add activity logging for favorites in dav 
Signed-off-by: grnd-alt <salimbelakkaf@outlook.de>
 2024-12-03 20:56:36 +01:00
Marcel Müller
303a21fc9d chore(absence): Add capability for absence replacement support 
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
 2024-12-01 23:15:32 +01:00
Marcel Müller
66d4f0e4c0 chore(absence): Add capability for absence api 
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
 2024-12-01 23:15:32 +01:00
skjnldsv
8c0f8db6ca feat(config): add maximum.supported.desktop.version 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-11-27 11:39:49 +01:00
Daniel Kesselberg
6b383faf41
Revert "fix(dav): Always respond custom error page on exceptions" 
This reverts commit 9992e7d439.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-11-22 11:55:25 +01:00
Thomas Citharel
d3068f5db5
feat(dav): increase default calendar subscription refresh rate to one day 
With the performance benefits from #43541 it makes sense

Reference https://github.com/nextcloud/server/issues/46171#issuecomment-2487910923

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2024-11-20 10:07:29 +01:00
Richard Steinmetz
d61d62b64f
Merge pull request #48833 from nextcloud/fix/issue-48732-exdate-rdate-property-instances 
fix: RDATE and EXDATE property instances
 2024-11-15 07:49:13 +01:00
SebastianKrupinski
fbd8afb405 fix: use invokePrivate for test 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-11-14 10:46:47 -05:00
SebastianKrupinski
3e870695bc feat: mail provider settings 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-11-12 13:19:35 -05:00