Louis Chemineau 009d0c550c fix: Move CSRF check from base to PublicAuth for public.php ... This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment. Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF. So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin. We also add a redirect to be helpful to the user. **Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view. Fix #52482 Signed-off-by: Louis Chemineau <louis@chmn.me>		2025-05-21 16:01:36 +02:00
..
composer	chore(AppFramework): Remove unused RouteConfig class and migrate tests to RouteParser	2025-05-15 13:57:14 +02:00
l10n	fix(l10n): Update translations from Transifex	2025-05-16 00:22:51 +00:00
private	chore: move implementation to non-deprecated OCP\Util from OC_Helper	2025-05-16 10:56:58 +02:00
public	Merge pull request #52885 from nextcloud/fix/docblock-color	2025-05-16 12:41:51 +02:00
unstable	fix(lexicon): syntax	2025-01-14 10:38:15 -01:00
autoloader.php	feat: Improve init a bit, and add more profiling steps	2025-05-13 16:08:49 +02:00
base.php	fix: Move CSRF check from base to PublicAuth for public.php	2025-05-21 16:01:36 +02:00
versioncheck.php	feat(PHP): Allow PHP 8.4	2024-11-08 12:59:12 +01:00