upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
87736 commits 985 branches 1211 tags 9.7 GiB
Commit graph

10 commits

Author SHA1 Message Date
Carl Schwan
11cf69d8ba
fix(psalm): Fix static analysis issues in apps/*/tests 
There are still 1200 more to fix before we can enable static analysis
for the tests.

Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-01-16 12:00:51 +01:00
Ferdinand Thiessen
d6d6747a73 refactor: apply rector rules for PHPUnit 10 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-10-27 21:56:04 +01:00
skjnldsv
9c98b722f4 fix(dav): allow multiple link shares token in session 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2025-10-23 13:10:39 +02:00
Robin Appelman
aa15f9d16d
chore: run rector 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-07-01 22:45:52 +02:00
Joas Schilling
76e6ab1dff
test: Migrate remaining DAV tests to PHPUnit 10 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-28 09:25:47 +02:00
Louis Chemineau
009d0c550c
fix: Move CSRF check from base to PublicAuth for public.php 
This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment.

Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF.  So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin.

We also add a redirect to be helpful to the user.

**Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view.

Fix #52482

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-05-21 16:01:36 +02:00
Côme Chilliet
1580c8612b
chore(apps): Apply new rector configuration to autouse classes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-10-15 10:40:25 +02:00
Andy Scherzinger
56d4f3aa2d
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-28 14:41:28 +02:00
John Molakvoæ
18399fc1cf
fix: improve typing and use \OCP\Server::get 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-01-09 10:56:34 +01:00
John Molakvoæ
82b5a19a35
fix: public dav and files_sharing testing fixes 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-01-09 10:56:14 +01:00