* Fixed failing test which was ignoring a required (not null) column
* restored test to original, catching DriverException which also catches ConstraintViolationException
* catch ConstraintViolationException again
* removed unnecessary field from this test
* clobfield should be nullable
* clobfield now is nullable
* removed autoincrement since whenever this strategy is enabled, oracle would not throw constraint violation exceptions (needed for setValues), which mysql still does
* this field does not auto increment anymore
* mark integerfield as primary, since it is not getting marked as such through auto increment anymore,
integerfield default always has been 0 instead of null
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Usually Backbone collections cannot be created and just simply exists.
But in the Webdav world they need to be creatable.
This enhancement makes it possible to use a Backbone Model to represent
such collections and when creating it, it will use MKCOL instead of PUT.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Whenever a user was deleted for encryption where the keys are stored in
the home, we can ignore user existence exceptions because it means the
keys are already gone.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The background job that scans storages must skip failed storages to
avoid potential exceptions, especially when the failed storage comes
from a shared storage where the source is not accessible.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Many API callers will call unlink even for directories and it can mess
up with some wrappers like the encryption wrapper
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.
This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
