upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-15 15:13:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
66331 commits 770 branches 1186 tags 6.6 GiB
Commit graph

454 commits

Author SHA1 Message Date
Julius Härtl
90d2cb09b1
Merge pull request #36396 from nextcloud/fix/cors 2023-02-17 09:42:08 +01:00
Ferdinand Thiessen
f655f83c84 fix(CORS): CORS should only be bypassed on PublicPage if not logged in to prevent CSRF attack vectors 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-16 22:55:18 +01:00
Julius Härtl
a705132c8d
Merge pull request #36656 from nextcloud/route-instrumentation 2023-02-14 10:12:19 +01:00
Julius Härtl
610a203d31
Merge pull request #36525 from nextcloud/fix/noid/params-put 
fix: Only get params from PUT content if possible
 2023-02-13 10:25:52 +01:00
Robin Appelman
b68be79464 more routing performance instrumentation 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-10 11:12:26 +01:00
Robin Appelman
fe78ef7a38 instrumentation for app booting 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-09 17:41:43 +01:00
Robin Appelman
08e7b20c43 add more performance instrumentation for app registering 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-09 17:41:43 +01:00
Ferdinand Thiessen
ba8a50c059 fix: Throw NotFoundExceptionInterface to fulfill PSR container interface if class not found 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-06 14:16:35 +01:00
Julius Härtl
dc3916e27c
fix: Only get params from PUT content if possible 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-03 22:30:04 +01:00
Louis Chemineau
4ab3c16403 Pluggable share provider 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2023-02-02 15:41:26 +01:00
Christoph Wurst
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Christoph Wurst
8d9af3e262
feat(app-framework): Add support for global middlewares 
This allows apps to register middlewares that always register, not just
for the app's own requests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-26 11:54:28 +01:00
Christoph Wurst
907ff68bfc
perf(app-framework): Make the app middleware registration lazy 
Before this patch, app middlewares were registered on the dispatcher for
every app loaded in a Nextcloud process. With the patch, only
middlewares belonging to the same app of a dispatcher instance are
loaded.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-25 09:27:24 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Côme Chilliet
2a5e18b67a
Fix types in OCS json answer (status code is an int) 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Côme Chilliet
f2cdc4f47d
Fix crash in OCS when getting info about an application 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Côme Chilliet
0c466b7ff5
Attempt at reducing psalm errors 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Christoph Wurst
20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +01:00
Joas Schilling
0af4e9d4fe
Merge pull request #34172 from audriga/add-scim-json-support 
Add support for application/scim+json
 2022-12-20 08:58:33 +01:00
Côme Chilliet
cf508c1e47 Use strict typing in base.php 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:40 +00:00
Stanimir Bozhilov
7dcd6eb561
Merge branch 'master' into add-scim-json-support 
Signed-off-by: Stanimir Bozhilov <stanimir.bozhilov.1998@gmail.com>
 2022-12-19 09:07:38 +01:00
Vincent Petry
7adfdf5248
Merge pull request #35537 from nextcloud/fix/dependency-injection-error 
Improve dependency injection error message
 2022-12-16 16:49:23 +01:00
Vincent Petry
ae6fe874ed
Merge pull request #35780 from nextcloud/fix/http-dispatcher-double-parameter-cast 
Fix missing cast of double controller parameters
 2022-12-16 16:18:35 +01:00
Christoph Wurst
b6dd1a1d7b
fix(app framework): Fix missing cast of double controller parameters 
``settype`` allows 'double' as alias of 'float'.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 09:33:52 +01:00
Artur Neumann
81f2857f34
check if params given to API are really an array 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2022-12-15 13:45:22 +05:45
Stanimir Bozhilov
b44befa881 Move JSON content type regex to IRequest and make it a const 2022-12-08 15:11:23 +01:00
Julius Härtl
f0a0bfaaee
Move to str_starts_with 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:06 +01:00
Julius Härtl
3899de12b7
Skip querying the app container for server namespace 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:05 +01:00
Julius Härtl
d7ecbe32d2
Avoid container dance for appName 
Sicne the appName is always passed for the DIContainer we can avoid
using the container query logic and instead store and use a property

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:04 +01:00
Julien Veyssier
4a3f3beb0b
use bruteforce protection on all methods wrapped by PublicShareMiddleware 
if an invalid token is provided or when share password is wrong

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2022-12-07 13:24:50 +01:00
Carl Schwan
2a864ec13c Improve dependency injection error message 
Change from display the name of the parameter to the type of the
parameter. This is that in most cases is usefull.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-12-01 12:46:01 +01:00
Christoph Wurst
41b2466d35
Clean up and deprecate app container aliases 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-11-02 19:42:09 +01:00
Julius Härtl
cea2f79bbd
Improve container return type annotations 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-14 10:45:16 +02:00
Stanimir Bozhilov
46c10c77e1 Fix the JSON content type regex to match all MIME types 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-26 11:51:44 +02:00
Stanimir Bozhilov
d80f8f6c82 Type hint JSON content type regex and use preg_match less 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-22 11:25:39 +02:00
Stanimir Bozhilov
f286a9d6ac Use regex for all JSON-related content types 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-21 16:36:01 +02:00
Stanimir Bozhilov
0ace70488a Treat application/json and application/scim+json in same if-block 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-21 15:31:50 +02:00
Jonas Rittershofer
c8b7a233a5 Allow CSRF on CORS routes 
Co-authored-by: Julius Härtl <jus@bitgrid.net>
Co-authored-by: Andreas Brinner <andreas@everlanes.net>
Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
 2022-09-21 10:42:00 +00:00
Stanimir Bozhilov
f0dbe1148a Add support for application/scim+json content type 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-20 16:18:52 +02:00
Julius Härtl
68d0038eb0
Move registration to IBootstrap 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:06 +02:00
Julius Härtl
9b4b72826a
Reopen sessions if we need to write to them instead of keeping them open 
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-17 12:10:26 +02:00
Carl Schwan
f8b13ecd60
Merge pull request #32363 from nextcloud/cleanup/remove-long-deprecated-classes 
Remove OCP\App and OCP\BackgroundJob
 2022-08-08 17:05:11 +02:00
Vincent Petry
cbd5cef2cc
Merge pull request #33398 from nextcloud/enh/noid/sensitive-methods-apps 
allow apps to specify methods carrying sensitive parameters
 2022-08-05 14:09:55 +02:00
Simon Leiner
09362eaeaa
Support specifying IPv6 proxies in CIDR notation 
Previously, it was not possible to use CIDR notation for IPv6 proxies
in the trusted_proxies parameter of config.php [1]. This patch adds
support for that.

[1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies

Signed-off-by: Simon Leiner <simon@leiner.me>
 2022-08-02 17:36:47 +02:00
Carl Schwan
458c2fa297
Remove OCP\App and OCP\BackgroundJob 
Both deprecated since NC 23

IAppManager is the replacement for OCP\App unfortunately it can't be
dependency injected in classes used by the installed otherwise the
database connection is initialised too early

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-08-01 09:46:40 +02:00
Arthur Schiwon
2a6f46e689
allow apps to specify methods carrying sensitive parameters 
… in order to remove them from logging.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-28 23:30:17 +02:00
luz paz
368f83095d Fix typos in lib/private subdirectory 
Found via `codespell -q 3 -S l10n -L jus ./lib/private`

Signed-off-by: luz paz <luzpaz@github.com>
 2022-07-27 08:52:17 -04:00
Arthur Schiwon
523572fcea
load widgets only of enabled apps 
- per design, all enabled apps have their registration run
- limitations, e.g. enabled by group, are not considered in that state,
  because we do not have a session (and might need apps?)
- before instantiation of widget it has to be checked whether the providing
  app is actually enabled for the logged in user.
- a public interface is being changed, but it is not meant to be
  implemented or used outside of the core handling. Therefore save to
  backport.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-06-22 21:58:13 +02:00
Carl Schwan
b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00
Côme Chilliet
de5b7f260f
Trying without the use 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-04-26 11:10:00 +02:00