J0WI
1b074f48d8
Remove duplicated spaces
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI
3f2932c75a
Sort headers
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI
76cbd7db6e
Add X-Frame-Options header to .htaccess
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:49 +02:00
Roeland Jago Douma
b8c5008acf
Add feature policy header
...
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma
5d94590cee
Have the OCSBaseResponse call the parent constructor
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-08 09:52:20 +02:00
Roeland Jago Douma
b42b26eceb
Merge pull request #15187 from vitormattos/bugfix-create-database-user
...
Bugfix: user is not allowed
2019-08-08 09:03:48 +02:00
Roeland Jago Douma
650927a822
Properly return an int in the getId function of the cache
...
fixes #16684
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-07 20:38:42 +02:00
Roeland Jago Douma
2e2d1b6b5c
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare
...
Fix permission check on incoming federated shares
2019-08-01 10:55:35 +02:00
Roeland Jago Douma
f94ee72507
Add form-action CSP element
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Julius Härtl
22b81ac1e4
Fix permission check on incoming federated shares
...
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 12:59:51 +02:00
Roeland Jago Douma
417fbb5d60
setting unsafe-eval is deprecated
...
This will be removed in a future version of Nextcloud.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-30 16:27:38 +02:00
Joas Schilling
d4eb8481fa
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare
...
Remove unused OC\Share\Share::checkPasswordProtectedShare
2019-07-30 09:58:38 +02:00
Roeland Jago Douma
135209f24e
Merge pull request #16579 from nextcloud/enh/PostLoginEvent
...
Add proper PostLoginEvent
2019-07-30 08:54:10 +02:00
Morris Jobke
e21f440990
Merge pull request #16502 from nextcloud/bugfix/16474
...
Check the if we can actually access the storage cache for recent files
2019-07-29 16:59:26 +02:00
Roeland Jago Douma
ba60fafb9a
Add proper PostLoginEvent
...
This can be used by othr mechanisms to listen for this event in a lazy
fashion.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-29 16:31:40 +02:00
Morris Jobke
98237d2a00
Remove unused OC\Share\Share::checkPasswordProtectedShare
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 15:23:21 +02:00
Morris Jobke
e45fb5fa3e
Fix typo in comment
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 14:55:43 +02:00
Roeland Jago Douma
51197ac622
Merge pull request #16582 from nextcloud/enh/split_up_security_middleware
...
Split up security middleware
2019-07-29 12:13:55 +02:00
Roeland Jago Douma
fb78cd3ed8
Merge pull request #16570 from nextcloud/enh/supress_touch_error
...
Supress warnings touch can generate
2019-07-29 10:39:46 +02:00
Roeland Jago Douma
37a4282c7a
Split up security middleware
...
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.
I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +02:00
Roeland Jago Douma
9ef23e2362
Merge pull request #16558 from nextcloud/enh/less_verbose_locked_logging
...
Do not log all locked exceptions
2019-07-27 10:39:11 +02:00
Roeland Jago Douma
1cc8a2f5d2
Supress warnings touch can generate
...
We already catch the result value. Having the warning being logged
explicitly doesn't help and polutes the log.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 17:26:59 +02:00
Morris Jobke
2e803dc3d3
Merge pull request #16555 from nextcloud/fix/16529/mask-keys
...
use a pattern to identify sensitive config keys
2019-07-26 15:15:56 +02:00
Roeland Jago Douma
cdc43cd39b
Merge pull request #16456 from nextcloud/dep/searchByTag
...
Remove deprecated searchByTag
2019-07-26 15:07:04 +02:00
Roeland Jago Douma
4cc41cb4c7
Do not log all locked exceptions
...
This can happen for valid reasons (multiple users writing at the same
time) with for example the text app. Apps should properly handle it. No
reason to log it by default.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 14:55:13 +02:00
Arthur Schiwon
78201bcb72
treat sensitive config keys by pattern
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-26 13:31:14 +02:00
Roeland Jago Douma
323f40a493
Merge pull request #16461 from nextcloud/fix/noid/pgsql-version
...
fixes the check for postgresql
2019-07-26 12:32:04 +02:00
Roeland Jago Douma
0487144b26
Remove deprecated searchByTag
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 12:29:19 +02:00
Julius Härtl
e43b341b04
Add additional check for read permissions
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-24 14:01:24 +02:00
Julius Härtl
3674f6fa2d
Check the if we can actually access the storage cache for recent files
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-24 14:01:24 +02:00
Joas Schilling
7d3a349d8f
PHPStorm code cleanup
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-24 10:39:57 +02:00
Joas Schilling
3b334169a8
Get the topmost parent for the parent instead of doing endless recursion
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-24 10:39:22 +02:00
Morris Jobke
d5b524ae07
Merge pull request #16492 from nextcloud/enh/exclude-rnd-files
...
Exclude .rnd files from integrity check
2019-07-23 14:57:55 +02:00
Morris Jobke
3a6d8174a9
Merge pull request #16450 from nextcloud/tech-debt/noid/cleanup-unused-OC_API-methods
...
Removes unused OC_API::register
2019-07-22 16:04:01 +02:00
Morris Jobke
54bcd86db7
Adjust deprecation tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-22 12:06:16 +02:00
Daniel Kesselberg
608f4d3ee9
Pass $configargs to openssl_pkey_export
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-21 22:21:59 +02:00
Daniel Kesselberg
8bed3021bd
Exclude .rnd files from integrity check
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-21 20:29:11 +02:00
Morris Jobke
a085a88205
Merge pull request #14954 from tacruc/searchPatterns
...
Allow to search for real pattern in contacts
2019-07-19 18:03:37 +02:00
Morris Jobke
baff2ccdba
Merge pull request #16452 from nextcloud/bug/noid/error-with-exception-on-ssl-error
...
Error with exception on SSL error
2019-07-18 20:51:30 +02:00
Morris Jobke
4ae17427c5
Error with exception on SSL error
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-18 18:50:44 +02:00
Arthur Schiwon
8b1126e6d2
fixes the check for postgresql
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-18 18:34:10 +02:00
Roeland Jago Douma
057e88e9e7
Merge pull request #16380 from Dreamsorcerer/patch-1
...
Allow use of server var for CSP nonce
2019-07-18 15:33:15 +02:00
Sam Bull
ea935f65fd
Add support for CSP_NONCE server variable
...
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.
Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-18 12:16:29 +02:00
Morris Jobke
55d8c3db3e
Reduce indirection in AppManager
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-18 11:33:58 +02:00
Morris Jobke
605d0874a4
Removes unused OC_API::register
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-18 11:27:09 +02:00
Morris Jobke
48653d1a27
Merge pull request #16440 from marcelklehr/fix/objectstorage-put-contents
...
Fix File#putContents(string) on ObjectStorage
2019-07-17 22:38:41 +02:00
Morris Jobke
5b604eaeab
Merge pull request #15040 from nextcloud/feature/13980/push-for-deleted-notifications
...
Notifications overhaul
2019-07-17 20:22:03 +02:00
Morris Jobke
782554d2ac
Merge pull request #16075 from nextcloud/bugfix/15823/app-restricted-groups
...
Remove deleted groups from app restrictions fixes #15823
2019-07-17 17:36:00 +02:00
Marcel Klehr
d46744e2f1
Fix File#putContents(string) on ObjectStorage
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2019-07-17 14:58:56 +02:00
Morris Jobke
223a91d5ef
Merge pull request #16416 from nextcloud/enh/log-details
...
Move log detail aggregation and reuse it in syslog/systemd logger
2019-07-17 11:43:32 +02:00
Julius Härtl
07bbec3355
Move log detail aggregation to separate class and reuse it in syslog/systemd logger
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-17 08:45:55 +02:00
Morris Jobke
99f2c82222
Properly inject the logger
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-16 22:38:14 +02:00
Roeland Jago Douma
8ca2b31804
Do not keep searching for recent
...
If userA has a lot of recent files. But only shares 1 file with userB
(that has no files at all). We could keep searching until we run out of
recent files for userA.
Now assume the inactive userB has 20 incomming shares like that from
different users. getRecent then basically keeps consuming huge amounts
of resources and with each iteration the load on the DB increases
(because of the offset).
This makes sure we do not get more than 3 times the limit we search for
or more than 5 queries.
This means we might miss some recent entries but we should fix that
separatly. This is just to make sure the load on the DB stays sane.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-16 19:14:55 +02:00
Joas Schilling
594efca1e3
Update since to the correct version
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-16 16:58:38 +02:00
Joas Schilling
565838da9c
Update unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-16 13:32:44 +02:00
Joas Schilling
55f5bc79a1
Keep the old method as a fallback and adjust the tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-16 11:36:32 +02:00
Oliver Salzburg
392a4dd68a
Use specific privileges when creating admin
...
Using the ALL shorthand can cause problems when not all privileges are available to the user.
For example, AWS RDS MariaDB/MySQL will not grant the initial user account on an instance the SUPER privilege.
While the user account is still valid for pretty much any task on the DB instance, it can not use the ALL shorthand when granting privileges to new users.
By supplying a specific set of privileges, we work around this limitation without sacrificing functionality.
Closes #16139
Signed-off-by: Oliver Salzburg <oliver.salzburg@gmail.com>
2019-07-16 10:26:25 +02:00
Roeland Jago Douma
d0e1bcc1d0
Merge pull request #15606 from nextcloud/fix/15605/add-catch-for-runtime-exception
...
Add catch for RuntimeException
2019-07-16 08:05:11 +02:00
Morris Jobke
cbecc1f8cf
Log RuntimeException in CleanupCardDAVPhotoCache
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-15 22:26:08 +02:00
Roeland Jago Douma
a3deb21bf4
Merge pull request #16334 from nextcloud/feature/noid/enterprise-logo
...
Add enterprise logo
2019-07-15 20:31:06 +02:00
Morris Jobke
b732f51c10
Add enterprise logo
...
Also set it as theming logo if the subscription is valid.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-15 16:45:53 +02:00
Joas Schilling
64f67818bc
Fix new core notifier
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-15 15:14:58 +02:00
Joas Schilling
865c12aa0e
Fix detection of Notifiers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-15 15:12:43 +02:00
Joas Schilling
f376b9fea7
Fix creation of the Manager
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-15 15:12:42 +02:00
Joas Schilling
9690b3153a
Change how Notifiers and Apps are registered
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-15 15:12:42 +02:00
Joas Schilling
9b288cda6d
Make all interfaces strict
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-15 15:12:40 +02:00
Morris Jobke
1e5fadcdf1
Merge pull request #16399 from nextcloud/improvement/noid/fulltextsearch-simple-queries
...
[nc17] add SimpleQueries to FullTextSearch
2019-07-15 10:18:04 +02:00
Maxence Lange
cb91b3ce3e
addsubtag should push to array
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-07-14 19:17:55 -01:00
Maxence Lange
1e2518d7f9
new model to manage some simple queries
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
fixing issue in addSubTag()
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
fix const
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
autoload
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Revert "fixing issue in addSubTag()"
This reverts commit a9ab2ab91b98133c69272f27ea1b51594719e241.
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
syntax
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-07-14 19:07:28 -01:00
Roeland Jago Douma
f8aeef7ae9
Lock SCSS so we only run 1 job at a time
...
This is bit hacky but a start to lock the SCSS compiler properly
Retry during 10s then give up
Properly get error message
Do not clear locks and properly debug scss caching
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-12 16:18:02 +02:00
Roeland Jago Douma
c193c0d466
Merge pull request #16331 from nextcloud/feature/noid/talk-guest-mentions
...
Allow guest mentions of talk to be parsed
2019-07-12 10:35:54 +02:00
Roeland Jago Douma
74be0cf982
Merge pull request #16361 from nextcloud/bugfix/noid/drop-foreignkey-on-owncloud-migration
...
Drop foreignkey on owncloud migration
2019-07-11 19:40:04 +02:00
Morris Jobke
79e0b5c4ce
Merge pull request #15514 from nextcloud/feature/noid/add-enterprise-channel
...
Update channels for updater server
2019-07-11 12:42:34 +02:00
Joas Schilling
0d4ca0e754
Drop foreign key before trying to drop the accounts table
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-11 12:14:25 +02:00
Morris Jobke
39c28bd05b
Enterprise update channel
...
Allows to select the enterprise update channel for instances that have a valid subscription.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-10 16:19:34 +02:00
Joas Schilling
77918356d6
Allow guest mentions of talk to be parsed
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-10 15:33:10 +02:00
Roeland Jago Douma
e953205908
Use HTTP1.1 to read S3 objects
...
Some of the READs otherwise use HTTP/1.0 which is not always supported
by all backends. HTTP/1.1 is there since 1999 way longer than S3 so safe
to assume it is always there IMO.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-10 11:42:22 +02:00
Christoph Wurst
d058ef2b6c
Make it possible to wipe all tokens/devices of a user
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-09 13:57:04 +02:00
Christoph Wurst
1c261675ad
Refactor: move remote wipe token logic to RW service
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-09 13:39:27 +02:00
Roeland Jago Douma
761c961b52
Merge pull request #16307 from nextcloud/bugfix/noid/previewv1adapter-isAvailable
...
Fix ProviderV1Adapter isAvailable wrapper
2019-07-09 13:37:07 +02:00
Roeland Jago Douma
027486e27d
Merge pull request #15867 from nextcloud/preview-versioning
...
allow keeping multiple preview "versions" of the same file
2019-07-09 11:06:44 +02:00
Julius Härtl
5030d15e25
Fix ProviderV1Adapter isAvailable wrapper
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-09 11:02:20 +02:00
Roeland Jago Douma
5cef8957b5
Merge pull request #15730 from nextcloud/enh/14179/event_for_csp
...
Add an event to edit the CSP
2019-07-09 10:59:15 +02:00
Robin Appelman
5cb00aba09
allow injecting CsrfTokenManager by class
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-07-09 08:42:49 +02:00
Robin Appelman
5e082f8946
allow keeping multiple preview "versions" of the same file
...
The main use case here is storage provided versioning where we dont have
separate file ids for all the versions, by allowing a prefix for the
version we can store separate previews for all the versions.
Additionally, by keeping all the version previews in the same folder as the
"normal" previews they will be cleaned up properly when the file is deleted
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-07-08 22:04:16 +02:00
Roeland Jago Douma
5ac857bcdc
Add an event to edit the CSP
...
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-08 20:35:15 +02:00
Roeland Jago Douma
3d69f03a6d
Merge pull request #16292 from nextcloud/techdebt/noid/cleanup-outdated-repair-steps
...
Remove one time repair steps that have already run when updating to 17
2019-07-08 20:32:44 +02:00
Morris Jobke
53d2d95478
Remove one time repair steps that have already run when updating to 17
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-08 14:47:26 +02:00
Morris Jobke
13c7810306
Try to delete the cypress folder of the viewer app
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-08 14:35:27 +02:00
John Molakvoæ
5a03189ce7
Mimetype list integrity check should not fail if it's changed ( #15810 )
...
Mimetype list integrity check should not fail if it's changed
2019-07-07 20:01:58 +02:00
John Molakvoæ
b32afe26bb
Allow IProviderV2 for previews as well ( #16209 )
...
Allow IProviderV2 for previews as well
2019-07-07 19:59:31 +02:00
John Molakvoæ (skjnldsv)
4505afe184
Allow IProviderV2 for previews as well
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-07-05 13:57:46 +02:00
Xheni Myrtaj
ea2d75c2b4
Remove empty lines
...
Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
2019-07-04 09:38:30 +01:00
Xheni Myrtaj
9211e34aec
Added Tests for modified mimetypelist
...
Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
2019-07-04 09:35:36 +01:00
Julius Härtl
857fae288c
Always set the display name for user shares
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-03 21:34:18 +02:00
Joas Schilling
85a80b05ac
Unify the permission checking in one place only
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-03 16:34:00 +02:00
Joas Schilling
e4addbae3e
Better check reshare permissions when creating a share
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-03 14:00:13 +02:00
Christoph Wurst
c50fe2a9c9
Send emails when remote wipe starts/finishes
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-02 21:59:23 +02:00
Georg Ehrke
9f7fca49bb
Merge pull request #15775 from nextcloud/refactor/decouple-remote-wipe-notifications
...
Decouple remote wipe notifcation channels with events
2019-07-02 08:58:21 +00:00
Joas Schilling
c15c2e440f
Allow apps to overwrite the maximum length when reading from database
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-01 15:48:26 +02:00