Commit graph

993 commits

Author SHA1 Message Date
Morris Jobke
eb51f06a3b
Use ::class statement instead of string
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-29 12:03:47 +01:00
Morris Jobke
a661f043e1
Remove unneeded semicolon and parentheses
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
Morris Jobke
97c216ea06
Merge pull request #8071 from nextcloud/remove-silly-code
Cleanup unused code
2018-01-26 15:47:06 +01:00
Morris Jobke
c67736a542
Merge pull request #7707 from nextcloud/bugfix/noid/birthdaycalendar-different-uids
generate different UIDs for Birthday, Anniversary and Death event
2018-01-26 15:46:46 +01:00
Morris Jobke
c005fc6755
Cleanup unused code
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 15:25:19 +01:00
Morris Jobke
c1e4f9f305
Use type casting instead of *val() method
It should be up to 6x faster

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 11:35:42 +01:00
Joas Schilling
c2b1bd92d6
Merge pull request #8063 from nextcloud/inline-value
Return value immediately instead of assigning to a one-time variable
2018-01-26 10:15:39 +01:00
Roeland Jago Douma
ec1d94c629
Merge pull request #8052 from nextcloud/fix-array-methods
Fix array method usages with a proper call
2018-01-26 09:53:13 +01:00
Morris Jobke
0a56d2185e
Return value immediately instead of assigning to a one-time variable
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 00:02:03 +01:00
Morris Jobke
4dbee99b7b
Remove useless return statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-25 22:50:40 +01:00
Morris Jobke
7800a9bc24
Fix array method usages with a proper call
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-25 22:20:10 +01:00
blizzz
c7d9e5fd63
Merge pull request #7354 from nextcloud/refacor-update-page-print
Refactor method to check if update is needed
2018-01-22 22:50:05 +01:00
Morris Jobke
24c58d39f4
Merge pull request #7909 from nextcloud/fix-migration-type-hints
Fix the type hints of migrations and correctly inject the wrapped sch…
2018-01-17 13:47:58 +01:00
Joas Schilling
4a5282ba21
Fix the type hints of migrations and correctly inject the wrapped schema into migrations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-17 11:37:36 +01:00
Roeland Jago Douma
8614eb91db
Fix avatarHome
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-16 15:37:47 +01:00
Joas Schilling
91d3677446
Make sure the arrays are arrays
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-12 14:08:00 +01:00
Roeland Jago Douma
e5cc8ebe7a
Return proper principal on the uploads collection listing
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-10 08:35:20 +01:00
Georg Ehrke
1b8fc260c6
generate different UIDs for Birthday, Anniversary and Death event
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-01-04 20:15:24 +01:00
Morris Jobke
876238ce8b
Merge pull request #7533 from nextcloud/oc-28545-handle-oc-total-length-in-new-chunking
[oc] Handle OC-Total-Length in new chunking
2018-01-03 16:18:24 +01:00
Morris Jobke
0b4d18673e
Do not log user errors as log level 4
* hides log entries for the case the parent folder does not exist

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-03 11:58:55 +01:00
Roeland Jago Douma
0585b776fb
Do no run SyncJob in cron
Fixes #7184

The SyncJob can be very resource intensive. Since it requests all users
on the system to create the system addressbook. In order to do this it
creates a vcard for every user and updates the addressbook.

There is no need for this job since the proper signals are emitted and
handled in the carddav backend to update the addressbook live.

Worst comes to worst there is always the occ command to bring the
address book in sync again.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-02 10:00:01 +01:00
Thomas Müller
8c5d656f3b Handle OC-Total-Length in new chunking
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-15 14:46:36 +01:00
Morris Jobke
1ceeab9229
Fix unit tests for CalendarManager
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-12 09:33:52 +01:00
Morris Jobke
d98dea1eb1
Merge pull request #6884 from nextcloud/feature/3003/opt_out_of_birthday_calendar
Opt out of birthday calendar
2017-12-12 08:29:26 +01:00
Tobia De Koninck
f6ef779f97
Make ContactsStore a public API
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-12-11 18:18:58 +01:00
Morris Jobke
ba3c608a00
Merge pull request #6590 from nextcloud/dav-create-activities-for-publishing
Create activities for (un)publishing calendar events
2017-12-11 17:13:11 +01:00
Morris Jobke
c76c7a96fc
Update wording
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-11 16:28:40 +01:00
Thomas Citharel
4c32de22bb
Create activities for (un)publishing calendar events
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-12-11 16:28:40 +01:00
Georg Ehrke
6802e2b59a
Principal search: Take sharing settings into account
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-12-11 16:04:55 +01:00
Georg Ehrke
f543039858
exclude shared calendars from freeBusy
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-12-11 16:04:55 +01:00
Christoph Seitz
787e3d51b4
Fix functions to search for principals in the backend.
Add a "searchPrincipals" function to the NC principal backend.
Fix the "findByUri" function to respect the prefixPath.

Signed-off-by: Christoph Seitz <christoph.seitz@posteo.de>
2017-12-11 16:04:55 +01:00
blizzz
80b27fdb93
Merge pull request #7342 from nextcloud/fix_carddav_converter
CardDAV convertor check should not be to wide
2017-12-11 16:03:07 +01:00
Morris Jobke
5b20600da9
Merge pull request #7313 from nextcloud/ensure-that-x-oc-mtime-header-is-an-integer-with-chunked-uploads
Ensure that X-OC-MTime header is an integer with chunked uploads
2017-12-11 15:07:05 +01:00
Roeland Jago Douma
40633c5e54
CardDAV convertor check should not be to wide
Case: email is set to null, but the avatar is set. In the old case the
email would set $emptyValue but $noImage would still be false. This we
would set the empty string as email.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-11 11:58:02 +01:00
Lukas Reschke
de8fefeb18
Merge pull request #7395 from nextcloud/remove-unused
Remove unused variables
2017-12-06 13:09:01 +01:00
Morris Jobke
a73f86912f
Remove unused variables
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-05 09:58:15 +01:00
Roeland Jago Douma
d2fe30d464
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-04 15:23:20 +01:00
Roeland Jago Douma
c8a29ec942
A failed storage is a not available storage
We have to double check. Since getting the info of the root returns a
generic entry. But actually the stroage is not available. Else we get
very weird sync and web behavior.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-04 15:23:11 +01:00
Morris Jobke
f22e02cd79
Refactor method to check if update is needed
There was only one call, that actually needed the parameter to be set to true. So this change moved the print of the page to that location and replaces all other occurences with a direct call to the underlying OCP API.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-30 16:04:07 +01:00
Daniel Calviño Sánchez
2a7b1bae10 Reject X-OC-MTime header if given as a string with hexadecimal notation
In PHP 7.X hexadecimal notation support was removed from "is_numeric",
so "sanitizeMtime" directly rejected those values; in PHP 5.X, on the
other hand, "sanitizeMtime" returned 0 when a string with hexadecimal
notation was given (as it was the behaviour of "intval"). To provide a
consistent behaviour between PHP versions, and given that it does not
make much sense to send X-OC-MTime in hexadecimal notation, now
X-OC-MTime is always rejected if given as a string with hexadecimal
notation.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-28 01:08:52 +01:00
Thomas Müller
ffe034abb0 Don't use runInSeparateProcess
Directly calling "header" in the PHPUnit process causes the "Cannot
modify header information - headers already sent by" error to be thrown.
Instead of running the test in a separate process, which is slower, this
commit wraps the call to "header" in a method that can be mocked in the
tests.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-27 20:39:45 +01:00
Daniel Calviño Sánchez
2af3d8a9b2 Make possible to provide a specific HTTP request object to File
This will be used in a following commit to test how the X-OC-MTime
header is handled.

This commit is based on the "make File::put() more testable" commit
(included in 018d45cad97e0) from ownCloud by Artur Neumann.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-27 20:39:41 +01:00
Daniel Calviño Sánchez
01e346b2ae Ensure that X-OC-MTime header is an integer also with chunked uploads
This commit extends the changes introduced in pull request #3793 also to
chunked uploads.

The "sanitizeMTime" method name is the same used in the equivalent pull
request to this one from ownCloud (28066).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-27 20:37:51 +01:00
Morris Jobke
3f7267e0e9
Merge pull request #6901 from nextcloud/bugfix/4014/catch_parsing_error
catch errors when parsing calendar data for calendar query requests
2017-11-27 17:50:37 +01:00
Morris Jobke
573551253e
Merge pull request #7308 from nextcloud/do-not-log-InvalidSyncToken
Log InvalidSyncToken on DAV in debug level
2017-11-27 17:27:41 +01:00
Georg Ehrke
ea117bac31
catch errors when parsing calendar data for calendar query requests
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-27 17:14:18 +01:00
Morris Jobke
88905c6293
Log InvalidSyncToken on DAV in debug level
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 16:37:11 +01:00
Morris Jobke
26a5fff423
Log NotImplementedException on DAV in debug level
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 16:17:01 +01:00
Björn Schießle
f347e2e4a6
Merge pull request #7047 from nextcloud/add-support-for-files-with-no-permissions
Add support for files with no permissions
2017-11-20 16:15:52 +01:00
Morris Jobke
eeb0cfdaf5
Merge pull request #7152 from nextcloud/bugfix/noid/adjust_calendarobject_size_after_applying_class
remove cached size from shared calendar objects
2017-11-17 08:28:34 +01:00
Morris Jobke
20868e17e8
Merge pull request #7193 from nextcloud/bugfix/noid/invitation-email-refinements
refine invitation email
2017-11-16 21:11:44 +01:00
Morris Jobke
f32fbbca2e
Merge pull request #6840 from nextcloud/feature/5282/calendar_api
Calendar API for apps
2017-11-16 21:10:35 +01:00
Georg Ehrke
b073b13d9f
refine invitation email
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-16 13:54:19 +01:00
Georg Ehrke
072652b2af
show name of organizer in from name of invitation email
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-14 21:23:27 +01:00
Georg Ehrke
19b77039d7
remove cached size from shared calendar objects
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-12 17:30:22 +01:00
Georg Ehrke
2b51d84b98
generate birthday calendars in a background job after admin enabled them
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-11 16:17:18 +01:00
Georg Ehrke
a87d986041
create a user's birthday calendar right after they requested it
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-11 11:28:34 +01:00
Georg Ehrke
ef6f41a16c
respect admin / user choice about birthday calendars in corresponding hooks
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-11 02:15:57 +01:00
Georg Ehrke
d59b3392ab
disallow users to create calendars with reserved names
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-11 02:15:56 +01:00
Georg Ehrke
1c106a66b1
adapt occ 'dav:sync-birthday-calendar command
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-11 02:15:56 +01:00
Georg Ehrke
5068d56fb0
add CalDAV interface that allows users to re-enable their birthday calendar
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-11 02:15:50 +01:00
Georg Ehrke
dc34622008
remember when a user deleted their contact birthdays calendar
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-10 23:05:04 +01:00
Georg Ehrke
8b22bfea4f
Add admin checkbox to disable birthday calendars
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-09 17:12:06 +01:00
Georg Ehrke
7784672cc0
add option to filter CalendarAPI by componenttype
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-09 15:14:58 +01:00
Georg Ehrke
fa416e031b
integrate Dav app with Calendar API
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-09 15:14:58 +01:00
Lukas Reschke
b754a2e385
Merge pull request #7042 from nextcloud/bugfix/noid/ensure_unique_uid_for_calendar_objects
ensure uid for calendar objects is unique
2017-11-07 21:55:09 +01:00
Roeland Jago Douma
f55732a18f
Merge pull request #7075 from nextcloud/remove-unused-variables
Remove unused variables
2017-11-07 16:18:40 +01:00
Morris Jobke
31c5c2a592
Change @georgehrke's email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
Morris Jobke
0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Georg Ehrke
4df08f296b
ensure uid for calendar objects is unique
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-06 14:25:08 +01:00
Morris Jobke
5445b1ff17
Remove unused variables
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 09:43:45 +01:00
Georg Ehrke
43147aeada
fancify invitation emails
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-03 11:20:03 +01:00
Joas Schilling
1bb048d11f
Correctly use the email templating
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-11-03 11:20:03 +01:00
Joas Schilling
b14b933062
Language depending dates
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-11-03 11:20:03 +01:00
Joas Schilling
cf04093fa6
Fix phpStorm complaints
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-11-03 11:20:03 +01:00
Leon Klingele
c899f35261
DAV: Initial email customization support
Signed-Off-By: Leon Klingele <leon@struktur.de>
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-11-03 11:19:39 +01:00
Daniel Calviño Sánchez
555d582f35 Return whether the file is readable or not in the DAV permissions
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-02 19:37:00 +01:00
blizzz
b3ff9a2248
Merge pull request #6849 from nextcloud/fix-missing-translation-of-personal-calendar-in-activity
Fix missing translation of "Personal" calendar in activities
2017-10-31 15:05:26 +01:00
Joas Schilling
143ff6a622
Add a doc why this should not be removed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-23 12:35:55 +02:00
Georg Ehrke
1855204ad9
remove reminders from read-only shared calendars
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-10-22 14:19:29 +02:00
Joas Schilling
bb1af9b284 Merge pull request #6811 from nextcloud/feature/noid/disable_caldav_invitations
Opt out of IMip CalDAV Plugin
2017-10-19 11:57:52 +02:00
Joas Schilling
bdb0265644
Fix missing translation of "Personal" calendar in activities
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-16 18:41:33 +02:00
Georg Ehrke
b958725f78
Make it possible to opt out of IMip Plugin for CalDAV
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-10-16 13:49:46 +02:00
Georg Ehrke
7828cf454e
add admin settings panel for dav app
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-10-16 13:49:08 +02:00
Julius Härtl
79c4538511
Dav: codestyle fixes in PluginManager
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-10-14 20:51:59 +02:00
Vincent Petry
a829ac787a
Let apps register Sabre plugins or collections
upstream #26761

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-10-14 20:50:53 +02:00
Joas Schilling
7c53f921a9
Use ::class to avoid errors
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-13 12:36:20 +02:00
Joas Schilling
fd5465d509
Fix class name, regression from 44cf67accd
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-13 12:35:52 +02:00
Joas Schilling
3b4ab6560b
Check if the user/group exists for dav shares
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-05 12:48:10 +02:00
Joas Schilling
155d451cf8
Fix copy paste errors
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-29 11:10:57 +02:00
Joas Schilling
c65e591e88
Restore the sequencial order
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-29 11:10:57 +02:00
Joas Schilling
740d820194
Migrate ids to bigint in the dav app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-29 11:10:57 +02:00
Joas Schilling
e0a4c61350 Merge pull request #6633 from nextcloud/dav-remove-like-when-not-needed
Don't add a LIKE condition when it's not needed
2017-09-25 12:12:50 +02:00
Roeland Jago Douma
4ac32223da
Add indexes to cards and cards_properties tables
Fixes #6170

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-25 10:27:46 +02:00
Thomas Citharel
f1bfd4433e
Don't add a LIKE condition when it's not needed
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-25 09:10:44 +02:00
Joas Schilling
d5b5fc7fca
Fix unsigned state
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-19 12:49:42 +02:00
Joas Schilling
8768faacaa
Fix migration naming
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-19 12:44:46 +02:00
Roeland Jago Douma
32234a23da
Move DAV app to migrations
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-18 14:35:27 +02:00
Roeland Jago Douma
ab63c89ab3
Fix quota calculation on new dav upload endpoint
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-13 19:28:38 +02:00
Morris Jobke
8e6d86a862 Merge pull request #5304 from nextcloud/bugfix/2855/dont_send_invitations_for_past_events
don't send invitation emails for past events
2017-09-06 22:48:46 +02:00
Morris Jobke
1724fed8c5 Merge pull request #5415 from nextcloud/search-cache-node
cache nodes from search results
2017-09-06 10:16:01 +02:00
Georg Ehrke
a1df91da9d
Sabre/VObject returns DateTimeImmutable, not a simple DateTime
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-09-05 13:13:37 +02:00
Georg Ehrke
86f28669fc
don't send invitation emails for past events
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-09-05 13:13:37 +02:00
Roeland Jago Douma
f0158e42e9 Merge pull request #6309 from nextcloud/new-dav-event
add a new dav event to allow apps to register their own sabredav plugins
2017-09-04 12:12:46 +02:00
nhirokinet
baba99a7e6 not to backquote LIMIT on CalDavBackend.php 2017-09-03 23:51:49 +09:00
Bjoern Schiessle
f8cc8e1c9e
add a new dav event to allow apps to register their own sabredav plugins
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 14:05:18 +02:00
Bjoern Schiessle
e83e1c7c23
add propfind to detect encryption status
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-28 14:02:25 +02:00
Robin Appelman
37e8b698f7 cache nodes from search results
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-08-26 10:18:19 +02:00
Morris Jobke
fc12bd0be6 Do not log WebDAV maintenance mode exception
Log the maintenance mode exception only in debug level. Fixes #6124

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 15:03:39 +02:00
Joas Schilling
231bb47ae6 Fix file size comparison
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-01 13:56:12 +02:00
Joas Schilling
89238164e1 Fix comparisons in the dav app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-01 13:55:07 +02:00
Roeland Jago Douma
61a6adff14
Fix sabre test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
Roeland Jago Douma
fc369dd86e
[DAV] Fix URLUtil::splitPath usage
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
Roeland Jago Douma
f57a3aa81b
[DAV][CalDAV] Fixes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:16 +02:00
Lukas Reschke
e1f52fc901
Stricter phan config fixes
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:13 +02:00
Robin Appelman
89b747d066
refactor chunked assembly stream
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-21 12:49:39 +02:00
Lukas Reschke
3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Joas Schilling
984933e586
Only use readable chars in Share Tokens
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-18 15:44:34 +02:00
Morris Jobke
b4deba2078 Merge pull request #5483 from nextcloud/issue-5075-png-files-for-activity-emails
Use PNGs for icons in activity emails
2017-07-07 11:05:00 +02:00
Joas Schilling
b27819785e
Don't log passwords on dav exceptions
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-29 17:20:10 +02:00
Morris Jobke
eb9aedf44b Enhance the logging if the part file can not be renamed
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-06-22 17:50:14 -05:00
Joas Schilling
90fa27694a
Use PNG version of the icons for shipped activities
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-20 13:48:51 +02:00
Joas Schilling
698a7cb7f0 Merge pull request #5124 from nextcloud/allow-dirlisting-with-unreadable-items
Allow dir-listing also when one child is blocked by access control
2017-06-16 10:47:08 +02:00
Morris Jobke
ca3c69c8ae Merge pull request #5298 from nextcloud/bugfix/4885/calendar_shares_url_special_char_issue
urldecode group principals in Cal- and CardDAV backend
2017-06-14 23:10:40 -05:00
Morris Jobke
ac565cecad Merge pull request #5300 from nextcloud/bugfix/noid/fix_proppatch_requests_to_groupshares
allow users to send PropPatch request when calendar is group-shared with them
2017-06-14 23:00:39 -05:00
Morris Jobke
f38f2baa5a Merge pull request #5295 from nextcloud/bugfix/5077/allow_proppatches_to_birthday_calendar
allow PropPatch requests to contact_birthdays
2017-06-13 18:11:13 -05:00
Lukas Reschke
633396001f
Prevent sending second WWW-Authenticate header
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.

Fixes https://github.com/nextcloud/server/issues/5088

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-13 13:54:52 +02:00
Georg Ehrke
35781ae45c
urldecode group principals in Cal- and CardDAV backend
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-12 21:01:30 +02:00
Georg Ehrke
0f1d47cdf3
allow users to send PropPatch request when calendar is group-shared with them
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-08 09:21:56 +02:00
Georg Ehrke
9563c25c69
allow PropPatch requests to contact_birthdays
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-08 08:00:52 +02:00
Joas Schilling
d0c614a322
Allow dir-listing also when one child is blocked by access control
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-26 15:54:39 +02:00
Georg Ehrke
4b5379309e
fix replacing of 4MB Unicode Chars in cal props table
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-05-21 13:26:46 +02:00
Lukas Reschke
639ba526d0
Adjust realm from SabreDAV to Nextcloud
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:38:55 +02:00
Lukas Reschke
f93db724d7
Make legacy DAV backend use the BearerAuth backend as well
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:19:39 +02:00
Lukas Reschke
df3909a7c3
Use Bearer backend for SabreDAV
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:10 +02:00
Lukas Reschke
5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +02:00
Roeland Jago Douma
cef2110263
Revert "fix objectstore rename"
This reverts commit 5334a3dc33.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-15 13:59:18 +02:00
Morris Jobke
b2c96d0c23 Stop if user folder is not available
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-09 11:26:08 -05:00
Morris Jobke
2d707fdfb5 Merge pull request #4621 from nextcloud/fix_readonly_shared_calendar_proppatch
fix PROPPATCH requests to read-only shared calendars
2017-05-08 12:42:30 -05:00
Morris Jobke
df6ce6b385 Merge pull request #4675 from nextcloud/fix_4651
Create a photo cache to speedup the contactsmenu
2017-05-08 12:20:27 -05:00
Robin Appelman
9d8936c5bf
fix error when browsing the dav root
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-05-08 14:34:36 +02:00
Roeland Jago Douma
dea6edb066
Fix init
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-08 12:40:00 +02:00
Georg Ehrke
255442f281
fix PROPPATCH requests to read-only shared calendars
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-05-08 12:09:15 +02:00
Roeland Jago Douma
92408390b0
Fix ImageExportPluginTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-08 11:20:49 +02:00
Roeland Jago Douma
747990b03a
No more XSS
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-08 11:20:49 +02:00
Roeland Jago Douma
3ab53d000f
Clear cache on vcard change/delete
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-08 11:20:49 +02:00
Roeland Jago Douma
34d97aa51c
Request proper size for contacts menu
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-08 11:20:49 +02:00
Roeland Jago Douma
dd430c2fd7
Cache the carddav photo endpoint
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-08 11:20:49 +02:00
Roeland Jago Douma
303c0dd6a8
Always dispatch Carddav events
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-08 11:20:47 +02:00
Morris Jobke
49e958fa12 Enforce type hints in dav app
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-04 19:32:22 -03:00
Bjoern Schiessle
c053a275d7
check password for mail shares as well
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-04 11:20:20 +02:00
Roeland Jago Douma
59e27f03b6
Add caching to the imageexport plugin
Since we now heavily use this endpoint for the contacts menu we better
set proper caching on the images. Else this gets reload over and over
again leading to slow loading menu and unneded bytes transfered.

* cache for 1 hour by default
* added ETag for validation

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-02 12:30:34 +02:00
Morris Jobke
2a773310dc Merge pull request #4098 from nextcloud/feature/caldav_search
add Nextcloud Search extension to CalDAV
2017-04-28 23:38:04 -03:00
Georg Ehrke
0f8a9514de
rename calendarobjects_properties -> calendarobjects_props
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-28 20:21:46 +02:00
Georg Ehrke
8d00458b56
unit test custom calendar search
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-28 20:21:36 +02:00
Robin Appelman
ab9a36e872
allow apps to set custom mount types
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-28 09:38:21 +02:00
Roeland Jago Douma
9da697b11a Merge pull request #4524 from nextcloud/downstream-27508
Keep file id on move
2017-04-28 09:37:40 +02:00
Vincent Petry
211a76eff3
Add comment 2017-04-27 09:29:20 +02:00
Vincent Petry
614bd5c294
Properly handle missing READ permission 2017-04-27 09:29:02 +02:00
Morris Jobke
3e37a5f1c7 Merge pull request #3770 from nextcloud/faster-search-in-contacts
Factorize query for searching contacts
2017-04-27 00:25:30 -03:00
Roeland Jago Douma
edd9444209 Merge pull request #4503 from nextcloud/downstream-27281
fix objectstore rename
2017-04-26 17:17:24 +02:00
Vincent Petry
7b6e4d0dd2
Fix FutureFile MOVE to keep destination node
Sabre usually deletes the target node on MOVE before proceeding with the
actual move operation. This fix prevents this to happen in case the
source node is a FutureFile.
2017-04-26 15:46:38 +02:00
Vincent Petry
ec8d7010e5
Accept moving FutureFile into a Directory 2017-04-26 15:43:01 +02:00
Vincent Petry
82b967d3f9
Remove ObjectTree::move and let is use the IMoveTarget approach instead
This removes the duplicated code
2017-04-26 15:35:08 +02:00
Vincent Petry
0a9f7730d0
Ported ObjectTree::move to IMoveTarget in new DAV endpoint 2017-04-26 15:33:20 +02:00
Georg Ehrke
c76633bb8a
require at least one param or prop filter element
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-25 18:20:32 +02:00
Joas Schilling
5334a3dc33
fix objectstore rename
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 17:52:05 +02:00
Vincent Petry
1c40a05204
Restrict proppatch to the proper nodes
Need to fetch the node earlier because cancelling from within the
handler is not possible. Well, it is but it prevents other node types
using the same property names to run because the failure marks the
property with status 403.
2017-04-25 17:25:03 +02:00
Georg Ehrke
ac3cc5211b
updateProperties: catch exception when reading calendar data
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-25 16:42:41 +02:00
Georg Ehrke
dd424fcb7b
unit test CalDAV Search Plugin
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-25 16:39:17 +02:00
Georg Ehrke
40eec1e63c
add repairstep with backgroundjob to index calendar data
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-25 11:55:31 +02:00
Georg Ehrke
e760cda96f
remove unused CalendarSearchValidator
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-24 22:38:21 +02:00
Georg Ehrke
57b543a918
add Nextcloud Search extension to CalDAV
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-24 22:38:20 +02:00
Joas Schilling
3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports
Remove unused use statements
2017-04-24 11:47:37 +02:00
Roeland Jago Douma
d842b29c5b Merge pull request #4401 from nextcloud/caldav-carddav-nc-owner-displayname
add owner-displayname property to calendars and addressbooks
2017-04-24 09:17:55 +02:00
Georg Ehrke
c89e057d27
add owner-displayname property to calendars and addressbooks
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-23 11:26:49 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Morris Jobke
2b6f6dac00
Remove unused variables
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 18:20:51 -05:00
Roeland Jago Douma
6d1651452f
Add back the name query part
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-21 20:43:40 +02:00
Thomas Citharel
ecba3722da
Factorize query for searching contacts 2017-04-21 20:43:36 +02:00
Joas Schilling
088f4422f9
Fix remaining "PHP Inspection" warnings
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 10:44:11 +02:00
Joas Schilling
62ef59616d
Add public access modifier to all methods
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 10:44:11 +02:00
Joas Schilling
c2d1e6e7ff
Restrict share handling to the owner only
Otherwise group members can remove the share for the complete group,
remove edit permissions and even single user shares for other users.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 10:44:11 +02:00
Björn Schießle
b90e91144b Merge pull request #3614 from nextcloud/discover-federatedsharing-endpoints
Discover federatedsharing endpoints
2017-04-12 16:01:07 +02:00
Joas Schilling
a3c3124762
Allow file upload when storage is unlimited
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 12:27:47 +02:00
Morris Jobke
1729e4471f
Update comments to Nextcloud
* based on PR by @Ardinis
* see #4311

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 23:16:27 -05:00
Bjoern Schiessle
d5dec527c9
get addressbook url and carddav user from remote server
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-11 15:04:01 +02:00
Lukas Reschke
aacbb560ae
Add missing maintenance plugin to new DAV endpoint
The `/remote.php/dav/` endpoint was not implementing the MaintenancePlugin. Thus when the instance was put into maintenance mode the endpoints were still accessible and delivered empty content. Sync clients really do love this.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-11 01:31:57 +02:00
Morris Jobke
a045f3c4d7 Merge pull request #4146 from nextcloud/unread-comments-folder
Allow getting the unread comment count for an entire folder at once
2017-04-10 13:21:39 -05:00
Roeland Jago Douma
e9c6fe2fd8 Merge pull request #4222 from nextcloud/dav-search-fileid
Allow searching file by fileid
2017-04-10 15:57:56 +02:00
Georg Ehrke
c99bdc9eb4
don't remove owner property for public calendars
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-09 21:20:59 +02:00
Lukas Reschke
63288ebc50
Don't list on public calendar endpoints
There is no need to allow listing here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-05 22:43:05 +02:00
Robin Appelman
bb7e236e74
Allow searching file by fileid
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-05 15:22:53 +02:00
Morris Jobke
51bcb0bbe1 Merge pull request #3620 from nextcloud/feature/1463/editable_color_name_for_shared_calendars
allow sharees to edit certain calendar properties for themselves
2017-04-03 13:12:56 -05:00
Joas Schilling
43143e170e
Make sure transparency is an integer when saving a calendar
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-30 17:58:33 +02:00
Robin Appelman
429f8ae011
Allow getting the unread comment count for an entire folder at once
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:48:24 +02:00
Morris Jobke
c1030a34a5 Merge pull request #4062 from nextcloud/downstream-26872
Adding dav resource for avatars
2017-03-29 10:30:22 -06:00
Roeland Jago Douma
00839a5ac5 Merge pull request #4066 from nextcloud/always-fix-the-values-live
Directly fix invalid values of DTEND and DTSTART
2017-03-29 10:13:10 +02:00
Roeland Jago Douma
7cc96c2121
Don't output jpeg if we request png
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-29 00:05:04 +02:00
Lukas Reschke
2a77727897
Fix PHPDoc
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-29 00:04:29 +02:00