nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00

Author	SHA1	Message	Date
Richard Steinmetz	8dc30e4f65	Merge pull request #54485 from nextcloud/fix/caldav-acl fix: exclude \Sabre\DAVACL\Plugin from prop find monitoring	2025-08-18 18:05:02 +02:00
Ferdinand Thiessen	cd550d57ef	Merge pull request #54402 from nextcloud/fix/streamer-mtime-zip fix(Streamer): use localtime for ZIP files	2025-08-18 14:39:37 +02:00
Richard Steinmetz	51f0aa5be2	fix: exclude \Sabre\DAVACL\Plugin from prop find monitoring Fixes creating events with attendees on the same server. Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-08-18 13:27:56 +02:00
Salvatore Martire	75d9aaa3b5	Merge pull request #54318 from nextcloud/feat/54115/emitPreloadCollectionEvent Emits a `preloadCollection` event in the DAV server, so that plugins can listen to it and preload DAV properties for files inside a collection, to avoid the N+1 issue that would follow if loading properties on a per-file basis.	2025-08-15 11:06:48 +02:00
Salvatore Martire	4a0a00a5a2	perf(shares): avoid array_merge in loops Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>	2025-08-15 10:46:43 +02:00
Salvatore Martire	bdcd583045	feat: make use of `preloadCollection` in core apps Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>	2025-08-15 10:46:43 +02:00
Salvatore Martire	9bbebd6034	feat: emit `preloadCollection` event in DAV This allows plugins to preload the content of a Collection to speed-up subsequent per-node PROPFINDs and reduce database load. Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>	2025-08-15 10:46:43 +02:00
Carl Schwan	46f0c6ebb5	perf(caldav): Cache calendars in CustomPropertiesBackend We already do that for files, we are now also doing for calendars. With relatively small amount of calendars, I managed to reduce the number of DB requests by 35% and from 23 DB requests touching the oc_properties table to only 3. Signed-off-by: Carl Schwan <carl.schwan@nextclound.com>	2025-08-15 09:57:58 +02:00
Ferdinand Thiessen	ba00416040	refactor(Streamer): inject `IDateTimeZone` as constructor arg Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-08-14 17:19:28 +02:00
Salvatore Martire	ec176a933a	feat(dav): report inefficient DAV plugins in logs Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>	2025-08-13 19:46:18 +02:00
Ferdinand Thiessen	32703d0500	fix(ZipFolderPlugin): set mtime of directories in archive Directories should also have the correct mtime set and not the current time. For this the `Streamer` class needs to support passing a time attribute for creating folders, the underlying library already supports this. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-08-13 10:23:47 +02:00
nextcloud-command	f5a5b005b6	chore: Update minimum supported desktop version Signed-off-by: GitHub <noreply@github.com>	2025-08-11 00:34:04 +00:00
Robin Appelman	398b106f0c	fix: validate written size for s3 multipart uploads Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-08-05 19:17:58 +02:00
Jyrki Gadinger	45c8664b00	fix: hide guests group from overall principals Follow-up for #52914 and #53369 Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>	2025-07-31 11:24:23 +02:00
provokateurin	5bd626bd40	chore: Fix all method calls with too many arguments Signed-off-by: provokateurin <kate@provokateurin.de>	2025-07-22 12:34:49 +02:00
John Molakvoæ	2b50d9b2c5	Revert "perf(base): Stop setting up the FS for every basic auth request"	2025-07-11 17:07:44 +02:00
provokateurin	689a853dc6	fix(dav): Initialize the FS for the user right after authenticating Signed-off-by: provokateurin <kate@provokateurin.de>	2025-07-08 11:38:58 +02:00
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	2025-07-01 16:26:50 +02:00
Julius Knorr	82e299401e	perf(dav): Preload dav search with tags/favorites Signed-off-by: Julius Knorr <jus@bitgrid.net>	2025-06-27 20:42:07 +02:00
Maxence Lange	58c089e6f4	fix(dav): catch exception on non local account Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2025-06-25 14:35:02 +02:00
Robin Appelman	b9b8db6176	fix: log error when writing stream to dav file Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-05-30 13:16:46 +02:00
Louis	a48bc55e2a	Merge pull request #52810 from nextcloud/artonge/feat/do_not_require_samesite_strict_cookie_on_public.php	2025-05-22 10:30:16 +02:00
Louis Chemineau	009d0c550c	fix: Move CSRF check from base to PublicAuth for public.php This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment. Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF. So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin. We also add a redirect to be helpful to the user. Warning: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view. Fix #52482 Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-05-21 16:01:36 +02:00
Ferdinand Thiessen	01db539d0a	chore: move streamCopy implementation from `OC_Helper` to `OCP\Files` The function was already there but called the legacy version. So moved the implementation and migrated all usages of it. Sadly the interface was slightly different so adjusted it to be compatible with both legacy and the OCP one. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-05-16 13:03:05 +02:00
provokateurin	78a175fc74	refactor: Apply rector refactorings Signed-off-by: provokateurin <kate@provokateurin.de>	2025-05-14 15:29:02 +02:00
John Molakvoæ (skjnldsv)	b286bca485	fix(dav): remove unnecessary plugin getHTTPMethods Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2025-05-13 16:03:20 +02:00
John Molakvoæ (skjnldsv)	4495794a0b	feat(dav): allow uploading folders to public shares Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2025-05-13 16:03:20 +02:00
Daniel	1c2b4f2a41	Merge pull request #52586 from nextcloud/bugfix/noid/remove-sleep-from-throttler fix(throttler): Always use the sleepDelayOrThrowOnMax instead of deprecated sleepDelay	2025-05-06 19:22:53 +02:00
provokateurin	46f5b07322	feat(dav): Enable chunked upload for public shares Signed-off-by: provokateurin <kate@provokateurin.de>	2025-05-05 13:23:11 +02:00
provokateurin	7f0953d520	refactor(dav): Replace baseuri manipulation with RootCollection for public shares Signed-off-by: provokateurin <kate@provokateurin.de>	2025-05-05 13:23:11 +02:00
provokateurin	e90e3a70fa	feat(dav): Allow share principals Signed-off-by: provokateurin <kate@provokateurin.de>	2025-05-05 13:23:10 +02:00
Joas Schilling	7964f338dc	fix(throttler): Remove the sleep from the throttler that throws The sleep is not adding benefit when it's being aborted with 429 in other cases anyway. Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-05-02 11:27:29 +02:00
skjnldsv	58aaddeca5	fix(dav): check the owner displayName scope before giving attribute Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-04-30 08:37:08 +02:00
Ferdinand Thiessen	b4255a9652	fix(dav): allow uploading of files with long filenames A filename must be less or equal 255 characters, but when adding the `.part` and `.ocfiletransfer` extensions we might overflow this limit. So we should also use filename hashes for uploading when the file has a long filename, similar like when we are uploading to the user storage directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-04-22 11:09:25 +02:00
Ferdinand Thiessen	6141ab1da6	refactor(dav): simplify length header handling Reduce nesting and drop duplicated sections. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-04-22 11:09:05 +02:00
Ferdinand Thiessen	ba3c504812	feat(files_sharing): add WebDAV property for the `hide-download` state of shares Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-04-16 20:38:20 +02:00
Ferdinand Thiessen	fdc0b1ecf4	Merge pull request #51845 from nextcloud/zip-download-no-sabre-response fix: don't have sabre/dav send it's own reponse if we already send the zip response	2025-04-01 19:26:04 +02:00
Robin Appelman	2b0116f0eb	fix: don't have sabre/dav send it's own reponse if we already send the zip response Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-04-01 17:29:58 +02:00
Richard Steinmetz	246da73a36	fix(oauth2): retain support for legacy ownCloud clients Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-04-01 11:25:52 +02:00
Marcel Klehr	14cd98c989	fix(dav): Give proper HTTP status code on MKCOL when quota exceeded Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2025-03-31 10:49:11 +02:00
Ferdinand Thiessen	fa63e646d4	fix(dav): do not require CSRF for safe and indempotent HTTP methods Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-03-13 12:04:30 +01:00
Louis Chemineau	c2f2f21673	feat: Support deleting metadata from WebDAV The `$value` will be `null` if the update is wrapped inside a `<d:remove>...</d:remove>` block. Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-04 12:34:11 +01:00
Ferdinand Thiessen	845693582f	fix(dav): Handle end of stream in `File::put` If the stream is aborted and the callback wrapper returns false (or null as it happened in some cases), we should not try to write to the storage but abort the operation. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-02-18 16:41:10 +01:00
Côme Chilliet	64863c9d46	chore: Apply new rector configuration to apps folder Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-13 11:46:42 +01:00
Côme Chilliet	ed5b7ae161	chore: re-apply current rector configuration to apps folder Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-13 11:45:33 +01:00
Côme Chilliet	a3685551f7	fix: Replace isInstalled calls with isEnabledForAnyone or isEnabledForUser Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-13 10:19:19 +01:00
Robin Appelman	4978cd3c21	fix: use relative paths for upload locks Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-02-11 14:38:27 +01:00
Daniel Kesselberg	99ae669e39	fix: Replace the TypeError to prevent exposing the installation path Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2025-02-11 14:38:26 +01:00
Robin Appelman	9193cd664e	fix: block moving files to it's own parent with dav Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-01-03 15:30:20 +01:00
Git'Fellow	36d6b0f1e6	refactor: Use Http framework where possible Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2024-12-14 11:23:29 +01:00

1 2 3 4 5 ...

596 commits