upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-12 10:10:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 20
80180 commits 1040 branches 1221 tags 8.4 GiB
Commit graph

957 commits

Author SHA1 Message Date
Côme Chilliet
6efd9b7511
fix: add more details in documented alternatives 
Co-authored-by: Louis <louis@chmn.me>
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
 2025-04-08 17:56:14 +02:00
Côme Chilliet
b20f74a95b chore(legacy): Flag methods as deprecated, with appropriate replacement 
when possible.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-04-07 17:05:54 +02:00
Côme Chilliet
09dcc87f05 chore(legacy): Remove unused protected method in OC_Util 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-04-07 17:05:54 +02:00
Côme Chilliet
fd59e02a24 chore(legacy): Officially deprecate OC_Util and remove non-static methods 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-04-07 17:05:54 +02:00
Côme Chilliet
e467ea1c6a
chore(legacy): Remove deprecated OC_Util::addScript and functions depending on it 
Deprecated since 24, currently unused.
Sadly not all related functions were officially marked as deprecated,
 but all of them were unused.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-04-01 15:24:24 +02:00
Côme Chilliet
c7037d7b38
fix: Move getAppInstalledVersions to AppConfig so that it can be used earlier 
Call it from OC_App to make sure there is only one request to DB.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-25 16:20:21 +01:00
Côme Chilliet
32c1e3e677 feat: Add a replacement for OC_App::getAppVersions is IAppManager 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-25 14:12:17 +01:00
Côme Chilliet
aac391d466 chore: Move template functions out of legacy folder 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-20 10:54:50 +01:00
Côme Chilliet
a83cae1a0e fix: Remove multiple require_once calls for template functions 
Only require them when include the template file instead

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-20 10:54:50 +01:00
Daniel Kesselberg
db86cf8db1 fix: skip caching lastSeenQuotaUsage for remote shares 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2025-03-14 10:24:34 +01:00
Côme Chilliet
2cd90f8281 fix: Replace all usage of OC_Template by the new API 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-06 15:49:25 +01:00
Côme Chilliet
f19ddd5525 fix: Add missing ITemplate interface and clean code in Template class 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-06 15:49:25 +01:00
Côme Chilliet
71dc34c03c fix: Deprecate OC_Template, add proper template manager instead 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-06 15:49:25 +01:00
Ferdinand Thiessen
c82337f3b9
fix: incorrect types detected by updated stubs 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-02-27 19:07:39 +01:00
Côme Chilliet
640dbd0b5e
fix: Fix false-positive psalm taint errors when outputting plain text 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:26:23 +01:00
Côme Chilliet
fec865cc29
chore: Correctly flag json encoding methods as escaping html and quotes 
Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we
 only use it in JSON output anyway.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:24:07 +01:00
Côme Chilliet
f758f565d4
fix: Replace getInstalledApps calls with getEnabledApps 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-13 10:19:20 +01:00
Joas Schilling
34592df186
fix(util): Correctly create Reflection of method for PHP 8.3+ 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-11-08 12:59:15 +01:00
provokateurin
77114fb327
fix(OpenAPI): Adjust array syntax to avoid ambiguities 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-11-05 09:58:11 +01:00
Joas Schilling
07449847e1
fix(appmanager): Fix tainted file path when loading appinfos 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-10-14 14:33:19 +02:00
Arthur Schiwon
12d39e818d
fix(Auth): ignore missing token when trying to set password-unconfirmable 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-10-01 12:24:20 +02:00
Ferdinand Thiessen
eb69e89fa5
chore: Drop unused legacy OC_Files 
It is replaced with the Sabre `ZipFolderPlugin` and apps should use the `OCP\AppFramework\Http\StreamResponse`.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-28 13:18:40 +02:00
Julius Knorr
606241caeb
chore(legacy): Introduce public version ct plass and drop version methods from OC_Util 
Signed-off-by: Julius Knorr <jus@bitgrid.net>
 2024-09-20 14:53:34 +02:00
Ferdinand Thiessen
a8f46af20f
chore: Add proper deprecation dates where missing 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-20 00:46:03 +02:00
Ferdinand Thiessen
7ae7f7fd12
chore: Remove old travis related stuff 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 20:16:29 +02:00
provokateurin
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +02:00
Ferdinand Thiessen
f1dfd6ba71
refactor(OC_Template): Remove deprecated ILogger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
74923d174b
refactor(OC_Files): Remove deprecated ILogger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
8b79283c6b
refactor(OC_Util): Remove deprecated ILogger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
0d31976690
refactor(OC_Hook): Remove deprecated ILogger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
69abd8851b
refactor(OC_App): Remove ILogger usage 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
f5b73d2c77
fix: Remove legacy settings forms 
`OC_App::getForms` was always returning an empty array,
because there were no setter for `adminForms` or `personalForms` anymore.
So removed all that legacy settings forms logic.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-17 14:54:39 +02:00
provokateurin
dc13f9cc1e
fix(Files): Handle getOwner() returning false 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-17 10:10:50 +02:00
Ferdinand Thiessen
c2443ad1f2
chore: Replace DI alias with real class 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-17 02:27:31 +02:00
Côme Chilliet
e54eef5ae3
fix: Do not try to set HTTP response code on already closed connection 
This avoids a PHP warning in the logs about trying to set the response
 code while the output already started. It’s useless to try to print an
 error page anyway in this situation because the connection was closed
 already.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-14 14:20:49 +02:00
Côme Chilliet
76f2bc0bfc
fix: Replace OC_App::getAllApps with a method in AppManager 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-13 10:08:44 +02:00
Côme Chilliet
7ed583cb8e
chore: Migrate cleanAppId and getAppPath calls to IAppManager from OC_App 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-13 10:08:43 +02:00
Côme Chilliet
ea32d17d88 fix: Move OC_API into \OC\ApiHelper in standard namespace 
It’s only used by ocs/v1.php

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-09 10:46:29 +02:00
Côme Chilliet
47d2cb7479 fix: Move \OC_Image to \OC\Image with the other internal classes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-08-29 17:06:32 +02:00
Richard Steinmetz
cd928ed4ed
fix: gracefully handle unexpected exif orientation types 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2024-08-27 09:32:04 +02:00
Daniel Kesselberg
af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +02:00
Ferdinand Thiessen
2916e5df7e
feat: Provide CSP nonce as <meta> element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:32:44 +02:00
Ferdinand Thiessen
0563757ea4 fix(SetupCheck): Properly check public access to data directory 
When checking for public (web) access to the data directory the status is not enough
as you might have a webserver that forwards to e.g. a login page.
So instead check that the content of the file matches.

For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content
to allow checking.

¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-08 22:08:42 +02:00
John Molakvoæ
8a5bc4778b
Merge pull request #38364 from joshtrichards/jr-preview-libgd-webp-animation-bypass 2024-08-06 17:56:14 +02:00
Ferdinand Thiessen
9716b0d735 refactor: Migrate some legacy and core functions to IFilenameValidator 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-19 19:41:46 +02:00
John Molakvoæ
d237fd0e78
Merge pull request #46342 from nextcloud/fix-getimagesize 2024-07-16 21:47:35 +02:00
Ferdinand Thiessen
f4ede27cdb
refactor: Remove deprecated Util function for filename validation to FilenameValidator 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-16 12:49:10 +02:00
Josh Richards
c0e1503ce1 fix(previews): Stop returning true when getimagesize() fails 
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
 2024-07-15 21:06:49 -04:00
Daniel Kesselberg
6983310ec0 docs: correct return type for findAppInDirectories 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-07-11 23:13:08 +02:00
Arthur Schiwon
895ed634af
fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION 
The scope design requires scopes to be either not specified, or
specified explicitely. Therefore, when setting the
skip-password-validation scope for user authentication from mechanisms
like SAML, we also have to set the filesystem scope, otherwise they will
lack access to the filesystem.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-24 13:51:15 +02:00