upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-20 22:00:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 39
77659 commits 847 branches 1195 tags 7.2 GiB
Commit graph

362 commits

Author SHA1 Message Date
Marcel Klehr
8339b5b128 fix: Minor copypasta 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-23 15:00:40 +02:00
Marcel Klehr
cee5aa84f0 fix(Text2Image): Fix psalm errors 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-20 14:56:24 +02:00
Côme Chilliet
1202171b32
Fix docblock and types for new public API 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-19 11:43:59 +02:00
Carl Schwan
eb1d612d96
Add api to register setup checks 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2023-10-19 11:43:58 +02:00
Ferdinand Thiessen
154a9989a7
Merge pull request #39852 from nextcloud/pragmaHeader 
Stop sending deprecated Pragma header
 2023-10-18 03:30:21 +02:00
Côme Chilliet
8212feefb9
Merge pull request #40367 from nextcloud/fix/user_ldap-update-groups-on-login 
Fire group membership events from LDAP at login
 2023-10-16 10:01:55 +02:00
Côme Chilliet
500374a8e7
Fix registerEventListener signature 
It seems now psalm correctly supports this.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-12 10:13:43 +02:00
Joas Schilling
0a4fbaddc7
Fix version number in ITimeFactory after it was delayed 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-10-11 12:14:41 +02:00
Git'Fellow
066f6ef16c Stop sending deprecated Pragma header 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-08-28 15:11:22 +02:00
Anna Larch
66c1aa4a3c fix(utility): De- deprecate getDateTime as now() only returns immutable objects 
This will mean lots of code like
```$dateTime = (new DateTime())->setTimestamp(ITimeFactory::now()->getTimestamp()```
if a regular DateTime object is needed

Signed-off-by: Anna Larch <anna@nextcloud.com>
 2023-08-25 08:55:44 +02:00
Robin Appelman
ccf57e0715 add separate event for rendering login page template 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-08-17 10:57:56 +02:00
Daniel Calviño Sánchez
41f2d912d2 Allow "wasm-unsafe-eval" in CSP 
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).

Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.

To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2023-08-10 02:38:41 +02:00
Joas Schilling
1b387bb341
fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +02:00
Marcel Klehr
7c80d66ee5
Merge pull request #38854 from nextcloud/enh/llm-api 2023-07-21 11:20:31 +02:00
Marcel Klehr
ffe27ce14c Massive refactoring: Turn LanguageModel OCP API into TextProcessing API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-14 16:00:31 +02:00
jld3103
2d6a62ccee
Add IgnoreOpenAPI attribute 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-10 14:25:22 +02:00
Marcel Klehr
069962d04f Since 27.1.0 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:46:34 +02:00
Marcel Klehr
fb55afc9ff Update lib/public/AppFramework/Bootstrap/IRegistrationContext.php 
Co-authored-by: Daniel <mail@danielkesselberg.de>
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +02:00
Marcel Klehr
795b097122 LLM OCP API: Implement ocs API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +02:00
Christoph Wurst
14719110b9 chore: Replace \OC::$server->query with \OCP\Server::get in /lib 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-07-06 15:21:22 +02:00
Louis Chemineau
407c361b91 Add OCSPreconditionFailedException 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2023-07-05 20:01:45 +02:00
jld3103
b0001c6010
Add template types to responses 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-06-30 09:33:29 +02:00
Christoph Wurst
08a3f37695
chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-06-12 10:03:59 +02:00
Git'Fellow
5b5895a130 Drop meta robots tag 
Revert mistake

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-06-09 18:06:37 +02:00
Faraz Samapoor
bf38c0a3d1 Refactors "strpos" calls in lib/public to improve code readability. 
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
 2023-06-05 11:14:52 +02:00
Joas Schilling
5b2d5767e1
fix(docs): Fix language and copy-paste class name in docs of CSP 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-30 13:39:33 +02:00
Julius Härtl
050c6d53b3
enh: Provide atomicRetry method to retry transactions if possible 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-05-16 08:13:20 +02:00
Simon L
d55a7c619d Fix typos in lib/public subdirectory 
Found via `codespell -q 3 -S l10n -L jus ./lib/public`

Signed-off-by: luz paz <luzpaz@github.com>

Update lib/public/Accounts/IAccount.php

Signed-off-by: luz paz <luzpaz@github.com>

Signed-off-by: Simon L <szaimen@e.mail.de>
Co-Authored-By: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
 2023-05-10 11:56:34 +02:00
Daniel Kesselberg
eecdb62e92
fix: add workaround for oci and limit queries 
DBAL uses a helper column "doctrine_rownum" for top-n queries

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2023-05-02 14:26:28 +02:00
Joas Schilling
ecb8b55c5c
feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402
feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Joas Schilling
fd473f89e8
Merge pull request #37674 from nextcloud/feature/speech-to-text 
feat(SpeechToText): Add SpeechToText OCP provider API
 2023-04-19 16:29:44 +02:00
Christoph Wurst
2c0cfd3772
feat(app-framework): Add native argument types for middleware 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-18 17:15:05 +02:00
Ferdinand Thiessen
bdbff2181e fix: Allow to catch IMapperException by implementing Throwable 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-04-17 16:05:10 +00:00
Marcel Klehr
317521b607 feat(SpeechToText): Add SpeechToText provider API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-04-11 14:59:57 +02:00
jld3103
b153340b62
Add type hints for mappers 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-04-07 09:49:42 +02:00
Joas Schilling
e839eb9b5c
feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
c297f8ee96
feat(appframework): Make ITimeFactory extend \PSR\Clock\ClockInterface 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-03 15:37:13 +01:00
Julius Härtl
3e63298381
feat(translations): Add translation provider API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-27 16:52:03 +01:00
MichaIng
5f90b8eb11
Change X-Robots-Tag header from "none" to "noindex, nofollow" 
While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines.

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names
https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list
https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240

Signed-off-by: MichaIng <micha@dietpi.com>
 2023-02-15 20:16:51 +01:00
Joas Schilling
6f3ce5c319
Also copy bruteforce meta data when converting DataResponse to JSONResponse 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-14 16:00:10 +01:00
Ferdinand Thiessen
ba8a50c059 fix: Throw NotFoundExceptionInterface to fulfill PSR container interface if class not found 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-06 14:16:35 +01:00
Louis Chemineau
4ab3c16403 Pluggable share provider 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2023-02-02 15:41:26 +01:00
Christoph Wurst
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Christoph Wurst
ad00a149ea
Merge pull request #36310 from nextcloud/feat/app-framework/global-middlewares 
feat(app-framework): Add support for global middlewares
 2023-01-26 15:17:38 +01:00
Christoph Wurst
8d9af3e262
feat(app-framework): Add support for global middlewares 
This allows apps to register middlewares that always register, not just
for the app's own requests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-26 11:54:28 +01:00
Christoph Wurst
6d7339b0ff
fix(app-framework): Specify return type of Middleware::beforeController 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-25 09:30:58 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Côme Chilliet
e91457d9cd
Improve typing in Entity.php 
Removing @method in Entity brings even more errors.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Roeland Jago Douma
60ee874485
Remove long depreated AppFramework/Db/Mapper 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2022-10-10 08:18:32 +02:00
Joas Schilling
82b98b4b9b
Fix typo in deprecated 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-10-04 11:42:24 +02:00
Jonas Rittershofer
c8b7a233a5 Allow CSRF on CORS routes 
Co-authored-by: Julius Härtl <jus@bitgrid.net>
Co-authored-by: Andreas Brinner <andreas@everlanes.net>
Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
 2022-09-21 10:42:00 +00:00
Joas Schilling
df57b51c8b
Fix psalm parameter type 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-09-15 11:28:40 +02:00
Daniel
c55ae98a3f
Add description for public and immutable 
Co-authored-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Daniel <mail@danielkesselberg.de>
 2022-09-03 15:58:18 +02:00
Daniel Kesselberg
855ef21883
Update docblock for cacheFor 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-09-03 15:28:23 +02:00
Julius Härtl
68d0038eb0
Move registration to IBootstrap 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:06 +02:00
Arthur Schiwon
2a6f46e689
allow apps to specify methods carrying sensitive parameters 
… in order to remove them from logging.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-28 23:30:17 +02:00
Thomas Citharel
1d30fb7852
Fix reading blob data as resource 
PostgreSQL returns data as resource when using IQueryBuilder::PARAM_LOB
(which is used for QBMapper).

Previously we just converted this resource using settype, which produced
things like "Resource id #14" instead of the actual resource data.

Now we read the stream correctly if the returned data is a resource

See context at #22472

Fixes #22439

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-07-25 09:45:47 +02:00
blizzz
df89e7fd39
Merge pull request #32485 from nextcloud/debt/noid/psalm-streamer-fh 
[Psalm] Fix docblock for addFileFromStream
 2022-05-31 14:22:05 +02:00
Julius Härtl
3901a93c72
Use JSON_THROW_ON_ERROR instead of custom error handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-05-30 19:17:49 +02:00
Daniel Kesselberg
be99ea969e
Fix type for resource 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-05-24 22:05:59 +02:00
Joas Schilling
ad908cd87a
Make appName of TemplateResponse accessible in BeforeTemplateRenderedEvent 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-20 15:03:40 +02:00
Daniel Kesselberg
7cd356ee7d
Fix psalm warning for zip response due wrong type 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-05-13 15:50:26 +02:00
Christoph Wurst
1cd05a06fa
Always free the DB result in QBMapper::findEntities 
Without this patch it only happened if the code ran through without any
errors. Now the result is also freed in the case of an error.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-05-12 09:51:37 +02:00
Carl Schwan
da64a3a7e8
Merge pull request #31900 from nextcloud/feat/server-container-public 
Add a public replacement for OC::$server->get
 2022-05-10 23:23:06 +02:00
Carl Schwan
f945c0cbc6 Add a public replacement for OC::$server->get 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-10 18:51:12 +02:00
Vincent Petry
7718c9776c
Merge pull request #32113 from nextcloud/bugfix/noid/fix-csp-merging-bools 
Add CSP policy merge priority for booleans
 2022-05-05 17:26:48 +02:00
Carl Schwan
7817845538 Add a metadata service to store file metadata 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-04-13 14:06:29 +02:00
Cyrille Bollu
c6a5c07041 Adds a "Request password" button to the public share authentication page for shares 
of type TYPE_EMAIL, when the "video verification" checkbox isn't checked. Users accessing
non-anonymous public shares (TYPE_EMAIL shares) can now request a temporary password themselves.

- Creates a migration step for the files_sharing app to add the 'password_expiration_time'
  attribute to the oc_shares table.
- Makes share temporary passwords' expiration time configurable via a system value.
- Adds a system config value to allow permanent share passwords

-Fixes a typo in a comment in apps/files_sharing/src/components/SharingEntryLink.vue

See https://github.com/nextcloud/server/issues/31005

Signed-off-by: Cyrille Bollu <cyrpub@bollu.be>
 2022-04-11 21:58:24 +02:00
Vincent Petry
18c013d8fc
Add CSP policy merge priority for booleans 
When two booleans conflict when merging CSP policies, true will win.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2022-04-01 13:56:34 +02:00
Julius Härtl
bd03dd37be
Allow to set a strict-dynamic CSP through the API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-03-09 15:10:27 +01:00
Carl Schwan
ac4978e715
Merge pull request #31141 from nextcloud/fix/better-cache-policy 
Improve caching policy use immutable when loading versionned assets
 2022-02-17 16:58:35 +01:00
Christoph Wurst
cb252c5591
Add Transactional trait for atomic DB operations 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-02-17 09:58:41 +01:00
Carl Schwan
7dddbd0c35 Improve caching policy 
* Cache css with version in url. This makes most js and css requests to
  be cached by the browser

* Force caching previews, the etag is in the url so that if the propfind
  gives a new etag, we will refresh it otherwise it's no use to try to
  fetch the new etag and do tons of DB queries

Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-16 11:35:57 +01:00
Christopher Ng
e3244361ba Allow registration of migrators 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-02-11 23:34:25 +00:00
Christoph Wurst
9a656e5b35
Move calendar resource/room backend registration to IBootstrap 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-02-07 12:51:42 +01:00
Christoph Wurst
2c356d0852
Add a Talk API for OCP 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-02-04 08:53:18 +01:00
Robin Appelman
c712987878
send request id in response header 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-02-01 14:24:01 +01:00
Carl Schwan
f778cbe7b9
Fix registerEventListener issues 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-27 11:12:45 +01:00
Christoph Wurst
3e078ffa1b
Deprecate entity slugs 
They are only used a single time in the whole Nextcloud Github
organization. We can inline the code there and slim down the public API.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-12-14 09:50:29 +01:00
Côme Chilliet
113756db30
Fix ArrayAccess and JsonSerializable return types 
First round of modifications for PHP 8.1

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:28:56 +01:00
Christoph Wurst
b193f854d1
Register missing DAV app calendar provider 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-10-28 18:33:13 +02:00
Christopher Ng
9f8eae3f50 Use more explicit naming for profile link action 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-10-25 22:20:19 +00:00
Roeland Jago Douma
8bc25e3324
Move preview provider registration to bootstrap 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-10-21 10:35:18 +02:00
Christopher Ng
309354852f Profile backend 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-10-19 04:59:35 +00:00
Anna Larch
a58d1e6b06
Add Public Calendar Provider 
Signed-off-by: Anna Larch <anna@nextcloud.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-10-14 08:22:24 +02:00
Daniel Rudolf
aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-08-04 18:52:55 +02:00
Carl Schwan
28970563a2
Remove some mentions of ownCloud from our api documentation 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-07-29 15:56:30 +02:00
Daniel Rudolf
a43de10d1e
Add RedirectToDefaultAppResponse::__construct() annotations 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:35:09 +02:00
Daniel Rudolf
e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +02:00
Daniel Rudolf
2c7186a15f
Remove \OC::$server->getURLGenerator() usage 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:12:15 +02:00
Daniel Rudolf
12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +02:00
Pytal
9ed379da22
Merge pull request #27635 from nextcloud/fix/datetime-constants 
Fix usage of DateTime constants
 2021-06-23 09:56:28 -07:00
Christoph Wurst
6d5cfe0c66
Move DateTime::RFC2822 to DateTimeInterface::2822 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-06-23 15:30:43 +02:00
Lukas Reschke
25ab4059c6 Add security.txt 
Ref https://securitytxt.org

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-06-23 13:58:47 +02:00
Christoph Wurst
e49f1e4319
Phase out the controller reflector 
1) PHP8 attributes will soon replace phpdoc annotations
2) Most of the class was never meant to be used by an app but internally

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-06-17 18:21:19 +02:00
Morris Jobke
2ae60b42ab
Merge pull request #26494 from rigrig/fix-php8-deprecations 
Fix some php 8 warnings
 2021-06-07 23:30:59 +02:00
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Lukas Reschke
377514aad1 Escape filename in Content-Disposition 
We should escape all occurences of ' and \ in here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-06-02 19:22:17 +02:00
Richard de Boer
a0d265b0b1 Fix a usort comparison function returning a boolean instead of an integer 
PHP 8 shows deprecation warnings about this, see #25806

Signed-off-by: Richard de Boer <git@tubul.net>
 2021-05-29 14:14:52 +02:00