upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-08 02:26:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
77659 commits 868 branches 1195 tags 6.6 GiB
Commit graph

938 commits

Author SHA1 Message Date
Joas Schilling
07449847e1
fix(appmanager): Fix tainted file path when loading appinfos 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-10-14 14:33:19 +02:00
Arthur Schiwon
12d39e818d
fix(Auth): ignore missing token when trying to set password-unconfirmable 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-10-01 12:24:20 +02:00
Ferdinand Thiessen
eb69e89fa5
chore: Drop unused legacy OC_Files 
It is replaced with the Sabre `ZipFolderPlugin` and apps should use the `OCP\AppFramework\Http\StreamResponse`.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-28 13:18:40 +02:00
Julius Knorr
606241caeb
chore(legacy): Introduce public version ct plass and drop version methods from OC_Util 
Signed-off-by: Julius Knorr <jus@bitgrid.net>
 2024-09-20 14:53:34 +02:00
Ferdinand Thiessen
a8f46af20f
chore: Add proper deprecation dates where missing 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-20 00:46:03 +02:00
Ferdinand Thiessen
7ae7f7fd12
chore: Remove old travis related stuff 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 20:16:29 +02:00
provokateurin
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +02:00
Ferdinand Thiessen
f1dfd6ba71
refactor(OC_Template): Remove deprecated ILogger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
74923d174b
refactor(OC_Files): Remove deprecated ILogger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
8b79283c6b
refactor(OC_Util): Remove deprecated ILogger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
0d31976690
refactor(OC_Hook): Remove deprecated ILogger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
69abd8851b
refactor(OC_App): Remove ILogger usage 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:35:21 +02:00
Ferdinand Thiessen
f5b73d2c77
fix: Remove legacy settings forms 
`OC_App::getForms` was always returning an empty array,
because there were no setter for `adminForms` or `personalForms` anymore.
So removed all that legacy settings forms logic.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-17 14:54:39 +02:00
provokateurin
dc13f9cc1e
fix(Files): Handle getOwner() returning false 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-17 10:10:50 +02:00
Ferdinand Thiessen
c2443ad1f2
chore: Replace DI alias with real class 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-17 02:27:31 +02:00
Côme Chilliet
e54eef5ae3
fix: Do not try to set HTTP response code on already closed connection 
This avoids a PHP warning in the logs about trying to set the response
 code while the output already started. It’s useless to try to print an
 error page anyway in this situation because the connection was closed
 already.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-14 14:20:49 +02:00
Côme Chilliet
76f2bc0bfc
fix: Replace OC_App::getAllApps with a method in AppManager 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-13 10:08:44 +02:00
Côme Chilliet
7ed583cb8e
chore: Migrate cleanAppId and getAppPath calls to IAppManager from OC_App 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-13 10:08:43 +02:00
Côme Chilliet
ea32d17d88 fix: Move OC_API into \OC\ApiHelper in standard namespace 
It’s only used by ocs/v1.php

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-09 10:46:29 +02:00
Côme Chilliet
47d2cb7479 fix: Move \OC_Image to \OC\Image with the other internal classes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-08-29 17:06:32 +02:00
Richard Steinmetz
cd928ed4ed
fix: gracefully handle unexpected exif orientation types 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2024-08-27 09:32:04 +02:00
Daniel Kesselberg
af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +02:00
Ferdinand Thiessen
2916e5df7e
feat: Provide CSP nonce as <meta> element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:32:44 +02:00
Ferdinand Thiessen
0563757ea4 fix(SetupCheck): Properly check public access to data directory 
When checking for public (web) access to the data directory the status is not enough
as you might have a webserver that forwards to e.g. a login page.
So instead check that the content of the file matches.

For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content
to allow checking.

¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-08 22:08:42 +02:00
John Molakvoæ
8a5bc4778b
Merge pull request #38364 from joshtrichards/jr-preview-libgd-webp-animation-bypass 2024-08-06 17:56:14 +02:00
Ferdinand Thiessen
9716b0d735 refactor: Migrate some legacy and core functions to IFilenameValidator 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-19 19:41:46 +02:00
John Molakvoæ
d237fd0e78
Merge pull request #46342 from nextcloud/fix-getimagesize 2024-07-16 21:47:35 +02:00
Ferdinand Thiessen
f4ede27cdb
refactor: Remove deprecated Util function for filename validation to FilenameValidator 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-16 12:49:10 +02:00
Josh Richards
c0e1503ce1 fix(previews): Stop returning true when getimagesize() fails 
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
 2024-07-15 21:06:49 -04:00
Daniel Kesselberg
6983310ec0 docs: correct return type for findAppInDirectories 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-07-11 23:13:08 +02:00
Arthur Schiwon
895ed634af
fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION 
The scope design requires scopes to be either not specified, or
specified explicitely. Therefore, when setting the
skip-password-validation scope for user authentication from mechanisms
like SAML, we also have to set the filesystem scope, otherwise they will
lack access to the filesystem.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-24 13:51:15 +02:00
Robin Appelman
957a00b9de chore: remove chunking-v1 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-06-19 16:57:42 +02:00
Julius Härtl
ea9f2361ae
perf: Avoid reusing previous migration steps 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-06-18 11:55:08 +02:00
Arthur Schiwon
98b5cdc43d
Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-sso 
fix(Session): avoid password confirmation on SSO
 2024-06-07 11:25:36 +02:00
Arthur Schiwon
f6d6efef3a
refactor(Token): introduce scope constants 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:14 +02:00
Arthur Schiwon
340939e688
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +02:00
John Molakvoæ
7f745a1ed0
Merge branch 'master' into refactor/OC-Server-getSecureRandom 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-05-30 19:13:53 +02:00
John Molakvoæ
4d9199fb88
Merge branch 'master' into refactor/OC-Server-getL10NFactory 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-05-30 17:52:14 +02:00
John Molakvoæ
258bb03cf5
Merge branch 'master' into refactor/OC-Server-getSecureRandom 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-05-30 14:24:22 +02:00
John Molakvoæ
91227c908b
Merge branch 'master' into refactor/OC-Server-getHTTPClientService 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-05-30 14:21:45 +02:00
John Molakvoæ
99af78cd66
Merge branch 'master' into refactor/OC-Server-getL10NFactory 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-05-30 14:19:51 +02:00
Josh Richards
046fe8d404
fix(previews): Don't crash on animated WEBP images 
Fixes #30029 and #37263

libgd handles animated WEBP images poorly and generates a meaningless error message as a result. We were returning a 500 error for these preview requests (web) and a fatal error at the command-line (occ). Now we bypass libgd if the we detect an animated WEBP image (and simply don't generate the preview). No more 500 error. Should fix occ too.

Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2024-05-30 07:48:17 +02:00
Andy Scherzinger
dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +02:00
Ferdinand Thiessen
538a04968a
fix(tests): Adjust theming test for new splitted background and primary colors 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-05-21 20:36:26 +02:00
Ferdinand Thiessen
8028784976
fix: cleanup theming app code 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-05-21 20:36:26 +02:00
Côme Chilliet
a9f7131575
fix: Move OC_EventSource to OC namespace 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-05-16 17:28:54 +02:00
Simon L.
620d10c842 feat(exception-template): allow to link to specific documentation for how to retreive server log 
Signed-off-by: Simon L <szaimen@e.mail.de>
 2024-05-14 15:37:38 +02:00
provokateurin
ce53a7ad81
fix(OC_Image): Set correct return type for exif_imagetype stub 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-06 13:34:27 +02:00
Côme Chilliet
ed4603c5aa
fix: Fix small psalm errors in legacy 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-30 09:38:47 +02:00
Côme Chilliet
5d1ca7e25a
fix: Drop workarounds for unsupported obsolete PHP versions 
Also improved error handling in Installer.php to be type safe.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-22 16:55:42 +02:00