Roeland Jago Douma
58345e02d2
Basic CSP no longer deprecated
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-08 10:37:48 +01:00
Roeland Jago Douma
579822b6a5
Add report-uri to CSP
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 13:38:32 +02:00
Roeland Jago Douma
5b61ef9213
Disallow unsafe-eval by default
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-14 20:45:34 +02:00
Joas Schilling
840dd4b39c
Allow to inject/mock new \DateTime()
similar to time()
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 15:38:31 +02:00
Morris Jobke
e45248c17a
Merge pull request #10967 from nextcloud/zipresponse
...
Add zip response
2018-10-02 23:34:30 +02:00
Morris Jobke
bcbffdb644
Add PHPDoc
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-02 22:35:31 +02:00
Roeland Jago Douma
7d9052d4b9
fixup! Add fix response
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 08:17:27 +02:00
Roeland Jago Douma
a891f42a5d
fixup! Add fix response
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 08:16:28 +02:00
Jakob Sack
a9fa220e68
Add fix response
...
implements #7589
2018-10-02 08:13:39 +02:00
Christoph Wurst
3f594fc1b7
Document possibly thrown excption of QBMapper::insertOrUpdate
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-02 08:09:28 +02:00
Christoph Wurst
40fdff5b80
Add QBMapper::insertOrUpdate()
...
This allows elegant upserts where the entity ID is provided (e.g. by an
external system) and when that data is fed into our database multiple
times.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-02 08:09:27 +02:00
Roeland Jago Douma
8354c50911
Deprecate the childSrc functions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Roeland Jago Douma
c8fe4b4fc8
Add workerSrc to CSP
...
Fixes #11035
Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Roeland Jago Douma
c21cee248c
Disallow eval on the StrictEvalCSP
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-07-11 21:12:36 +02:00
Roeland Jago Douma
5455045a9b
Fix direct access to authen page
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:57:13 +02:00
Roeland Jago Douma
6de656e435
Update token on regeneration for public login
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:38 +02:00
Roeland Jago Douma
1bb8bc8ff9
Add AuthPublicShareControllerTest
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:38 +02:00
Roeland Jago Douma
61e445da88
Add PublicShareControllerTests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:38 +02:00
Roeland Jago Douma
31392c2443
Move public auth page over
...
Now this is in core so the basics (that 99% of the app will want to
use) looks always the same.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
Roeland Jago Douma
f36ef8ca80
Add the new PublicShareController and PublicShareMiddleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:35 +02:00
Roeland Jago Douma
b38fa573e1
Add stricter CSPs
...
* Deprecate our default CSP
* Add strict CSP that is always our strictest setting
* Add strict eval CSP (disable unsafe-eval)
* Add strict inline CSP (disables inline styles)
This is just to move forward and have a incremental improvement of our
CSP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-13 14:47:57 +02:00
Roeland Jago Douma
a34495933e
Move caching logic to response
...
This avoids having to do it at all the places we want cached responses.
We can't inject the ITimeFactor without breaking public API.
However we can perfectly overwrite the service (resulting in the same
testable effect).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-04 08:48:54 +02:00
Roeland Jago Douma
ed7b4839d9
The column is not user input so suppress the phan warning
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-14 14:46:33 +02:00
Roeland Jago Douma
74d7f6d4ca
Add a QueryBuilder Mapper
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-10 19:47:43 +02:00
Julius Härtl
6ded1c46b7
Add since tags
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 13:18:17 +02:00
Julius Härtl
2e60f91ab1
Move external share saving to template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 13:11:55 +02:00
Julius Härtl
30e76f9f14
Add footer to public page template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 12:22:01 +02:00
Julius Härtl
eb19899f8e
Move common menu templates to public API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 11:09:19 +02:00
Roeland Jago Douma
129a608ebe
OCP\AppFramework\App strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-09 08:42:03 +01:00
Julius Härtl
36563d4a4b
Remove setters
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
9cf49873fa
Rework array handling to avoid phan error
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
2b6c00fc0f
Add id to list element
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
7cd0340366
Sort menu by priority
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
038aad73c7
Add missing phpdoc for public API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
4f83462f67
Add phpdoc, typehints and sanitize HTML
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Julius Härtl
4f78980fad
Add menu item abstraction
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Julius Härtl
0655df09d6
Pass template parameters to parent template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Roeland Jago Douma
fb41a93a95
Merge pull request #8473 from nextcloud/strict_cmr
...
Strict OCP\AppFramework\Utility\IControllerMethodReflector
2018-02-21 22:56:40 +01:00
Roeland Jago Douma
aa060f5332
Strict OCP\AppFramework\Utility\IControllerMethodReflector
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 19:55:49 +01:00
Roeland Jago Douma
5825c27a12
Make sure that render always returns a string
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 13:28:40 +01:00
Joas Schilling
7bc9a69c3f
Remove deprecated core API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-15 17:54:50 +01:00
Roeland Jago Douma
d44de92c31
Merge pull request #7838 from nextcloud/timefactory_strict
...
Make the ITimeFactory strict + return types
2018-01-15 09:27:37 +01:00
Roeland Jago Douma
7ffd62bf95
Make the ITimeFactory strict + return types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:55:40 +01:00
Roeland Jago Douma
704133d732
Remove deprecated functions from DI Container
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 19:29:52 +01:00
Roeland Jago Douma
f55732a18f
Merge pull request #7075 from nextcloud/remove-unused-variables
...
Remove unused variables
2017-11-07 16:18:40 +01:00
Morris Jobke
4866314ce0
Run updated license header updater
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-07 13:47:42 +01:00
Morris Jobke
31c5c2a592
Change @georgehrke's email
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
Morris Jobke
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Morris Jobke
5445b1ff17
Remove unused variables
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 09:43:45 +01:00
Julius Härtl
4cfa1c66b8
Doc: Fix phpDoc issues
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-10-23 23:23:56 +02:00