We already use `.text()` here which automatically properly encodes the string. Thus the string will be double-encoded and look ugly. (i.e. when you search for ">" you will see "No results found for >")
Fixes itself.
The check for invalid paths is actually over-complicated and performed twice resulting in a performance penalty. Additionally, I decided to add unit-tests to that function.
Part of https://github.com/owncloud/core/issues/13221
The current behaviour of the authenticion logic in base.php prevents REST APIs in ownCloud applications to work.
Because `!self::$CLI` is usually always a true statement the previously above block was entered which returned, thus the authentication logic for this part does not trigger in.
This can be reproduced by installing apps such as the News app and issuing the following command:
`curl -u admin:admin http://localhost/index.php/apps/news/api/v1-2/feeds`
The following parts needs to get throughly tested:
- [ ] OCS
- [ ] remote.php's DAV features
- [ ] Regular login features
This bug affects master and stable7. I'd propose that we merge this for 8.0 since this has the potential to break every component that relies on Basic Auth features. A backport would also be very nice.
Remark to myself: We really need to move out the authentication code for 8.1 out of base.php - I already have a local branch that does that somewhere which I will get in shape for 8.1... - This untested code is a night-mare.
Fixes itself.
Otherwise every time the AppStore was opened a lot of connections to the AppStore server were made which resulted in a terrible performance.
This changeset will cache the response for a sensible time so that only the first request will be somewhat slow.
Performance changes:
- Loading a category took previously more than 3 seconds on my machine. Now for every follow-up request it takes less than 200ms, resulting in a performance gain of 1950%
- Loading the category list took previously about 750ms - now it takes 154ms, a total performance gain of 395%
Otherwise a fatal PHP error is thrown since the filesystem is not setup:
```
( ! ) Fatal error: Call to a member function getOwner() on null in /Users/lreschke/Programming/core/lib/private/files/filesystem.php on line 817
Call Stack
1 0.0004 247792 {main}( ) ../index.php:0
2 0.0946 5088776 OC::handleRequest( ) ../index.php:28
3 0.1423 7491280 OC\Route\Router->match( ) ../base.php:748
4 0.1664 8592152 call_user_func:{/Users/lreschke/Programming/core/lib/private/route/router.php:250} ( ) ../router.php:250
5 0.1664 8592216 __lambda_func( ) ../router.php:250
6 0.1665 8599064 require_once( '/Users/lreschke/Programming/core/apps/files_versions/ajax/getVersions.php' ) ../route.php(135) : runtime-created function:1
7 0.1801 9061096 OCA\Files_Versions\Storage::getUidAndFilename( ) ../getVersions.php:7
8 0.1801 9061144 OC\Files\Filesystem::getOwner( ) ../storage.php:45
```
Furthermore this adds the CSRF check as a nice-to-have addition, the requests accessing this are done via the jQuery AJAX methods and thus the header is automatically added to all requests already.
Otherwise when the file without any specified mimetype was accessed the error log was flooded with entries such as "Undefined index: mime", there can be multiple issues found about this in the forum and our bugtracker.
To test this access `/index.php/apps/files/ajax/mimeicon.php` with and without `$_GET['mime']`.
Fixes itself.
`$this->info` can very well contain an empty array or possibly other values. This means that when this code path is called a PHP Fatal error might get thrown which is not what we want.
* options for timeout in seconds and if it contains HTML
* if timeout is 0 it will show the message permanently
* removes the notification after a given (default: 5 seconds) timeframe
* based on work by @brantje
* provide JS unit tests for notifications
Currently if a user does not replace the .htaccess file with the new update this can lead to serious problems in case Apache is used as webserver.
This commit adds the version to the .htaccess file and the update routine fails in case not the newest version is specified in there. This obviously means that every release has to update the version specified in .htaccess as well. But I see no better solution for it.
Conflicts:
lib/private/updater.php