wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
41265 commits 157 branches 562 tags 714 MiB
Commit graph

778 commits

Author SHA1 Message Date
Robin Appelman
89b747d066
refactor chunked assembly stream 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-07-21 12:49:39 +02:00
Lukas Reschke
3d2600b039
Add Phan plugin to check for SQL injections 
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-20 22:48:13 +02:00
Joas Schilling
984933e586
Only use readable chars in Share Tokens 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-07-18 15:44:34 +02:00
Morris Jobke
b4deba2078 Merge pull request #5483 from nextcloud/issue-5075-png-files-for-activity-emails 
Use PNGs for icons in activity emails
 2017-07-07 11:05:00 +02:00
Joas Schilling
b27819785e
Don't log passwords on dav exceptions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-06-29 17:20:10 +02:00
Morris Jobke
eb9aedf44b Enhance the logging if the part file can not be renamed 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-06-22 17:50:14 -05:00
Joas Schilling
90fa27694a
Use PNG version of the icons for shipped activities 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-06-20 13:48:51 +02:00
Joas Schilling
698a7cb7f0 Merge pull request #5124 from nextcloud/allow-dirlisting-with-unreadable-items 
Allow dir-listing also when one child is blocked by access control
 2017-06-16 10:47:08 +02:00
Morris Jobke
ca3c69c8ae Merge pull request #5298 from nextcloud/bugfix/4885/calendar_shares_url_special_char_issue 
urldecode group principals in Cal- and CardDAV backend
 2017-06-14 23:10:40 -05:00
Morris Jobke
ac565cecad Merge pull request #5300 from nextcloud/bugfix/noid/fix_proppatch_requests_to_groupshares 
allow users to send PropPatch request when calendar is group-shared with them
 2017-06-14 23:00:39 -05:00
Morris Jobke
f38f2baa5a Merge pull request #5295 from nextcloud/bugfix/5077/allow_proppatches_to_birthday_calendar 
allow PropPatch requests to contact_birthdays
 2017-06-13 18:11:13 -05:00
Lukas Reschke
633396001f
Prevent sending second WWW-Authenticate header 
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.

Fixes https://github.com/nextcloud/server/issues/5088

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-06-13 13:54:52 +02:00
Georg Ehrke
35781ae45c
urldecode group principals in Cal- and CardDAV backend 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-06-12 21:01:30 +02:00
Georg Ehrke
0f1d47cdf3
allow users to send PropPatch request when calendar is group-shared with them 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-06-08 09:21:56 +02:00
Georg Ehrke
9563c25c69
allow PropPatch requests to contact_birthdays 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-06-08 08:00:52 +02:00
Joas Schilling
d0c614a322
Allow dir-listing also when one child is blocked by access control 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-05-26 15:54:39 +02:00
Georg Ehrke
4b5379309e
fix replacing of 4MB Unicode Chars in cal props table 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-05-21 13:26:46 +02:00
Lukas Reschke
639ba526d0
Adjust realm from SabreDAV to Nextcloud 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 21:38:55 +02:00
Lukas Reschke
f93db724d7
Make legacy DAV backend use the BearerAuth backend as well 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 21:19:39 +02:00
Lukas Reschke
df3909a7c3
Use Bearer backend for SabreDAV 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:10 +02:00
Lukas Reschke
5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:03 +02:00
Roeland Jago Douma
cef2110263
Revert "fix objectstore rename" 
This reverts commit 5334a3dc33.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-15 13:59:18 +02:00
Morris Jobke
b2c96d0c23 Stop if user folder is not available 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-05-09 11:26:08 -05:00
Morris Jobke
2d707fdfb5 Merge pull request #4621 from nextcloud/fix_readonly_shared_calendar_proppatch 
fix PROPPATCH requests to read-only shared calendars
 2017-05-08 12:42:30 -05:00
Morris Jobke
df6ce6b385 Merge pull request #4675 from nextcloud/fix_4651 
Create a photo cache to speedup the contactsmenu
 2017-05-08 12:20:27 -05:00
Robin Appelman
9d8936c5bf
fix error when browsing the dav root 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-05-08 14:34:36 +02:00
Roeland Jago Douma
dea6edb066
Fix init 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 12:40:00 +02:00
Georg Ehrke
255442f281
fix PROPPATCH requests to read-only shared calendars 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-05-08 12:09:15 +02:00
Roeland Jago Douma
92408390b0
Fix ImageExportPluginTest 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma
747990b03a
No more XSS 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma
3ab53d000f
Clear cache on vcard change/delete 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma
34d97aa51c
Request proper size for contacts menu 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma
dd430c2fd7
Cache the carddav photo endpoint 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:49 +02:00
Roeland Jago Douma
303c0dd6a8
Always dispatch Carddav events 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-08 11:20:47 +02:00
Morris Jobke
49e958fa12 Enforce type hints in dav app 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-05-04 19:32:22 -03:00
Bjoern Schiessle
c053a275d7
check password for mail shares as well 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-05-04 11:20:20 +02:00
Roeland Jago Douma
59e27f03b6
Add caching to the imageexport plugin 
Since we now heavily use this endpoint for the contacts menu we better
set proper caching on the images. Else this gets reload over and over
again leading to slow loading menu and unneded bytes transfered.

* cache for 1 hour by default
* added ETag for validation

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-05-02 12:30:34 +02:00
Morris Jobke
2a773310dc Merge pull request #4098 from nextcloud/feature/caldav_search 
add Nextcloud Search extension to CalDAV
 2017-04-28 23:38:04 -03:00
Georg Ehrke
0f8a9514de
rename calendarobjects_properties -> calendarobjects_props 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-28 20:21:46 +02:00
Georg Ehrke
8d00458b56
unit test custom calendar search 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-28 20:21:36 +02:00
Robin Appelman
ab9a36e872
allow apps to set custom mount types 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-04-28 09:38:21 +02:00
Roeland Jago Douma
9da697b11a Merge pull request #4524 from nextcloud/downstream-27508 
Keep file id on move
 2017-04-28 09:37:40 +02:00
Vincent Petry
211a76eff3
Add comment 2017-04-27 09:29:20 +02:00
Vincent Petry
614bd5c294
Properly handle missing READ permission 2017-04-27 09:29:02 +02:00
Morris Jobke
3e37a5f1c7 Merge pull request #3770 from nextcloud/faster-search-in-contacts 
Factorize query for searching contacts
 2017-04-27 00:25:30 -03:00
Roeland Jago Douma
edd9444209 Merge pull request #4503 from nextcloud/downstream-27281 
fix objectstore rename
 2017-04-26 17:17:24 +02:00
Vincent Petry
7b6e4d0dd2
Fix FutureFile MOVE to keep destination node 
Sabre usually deletes the target node on MOVE before proceeding with the
actual move operation. This fix prevents this to happen in case the
source node is a FutureFile.
 2017-04-26 15:46:38 +02:00
Vincent Petry
ec8d7010e5
Accept moving FutureFile into a Directory 2017-04-26 15:43:01 +02:00
Vincent Petry
82b967d3f9
Remove ObjectTree::move and let is use the IMoveTarget approach instead 
This removes the duplicated code
 2017-04-26 15:35:08 +02:00
Vincent Petry
0a9f7730d0
Ported ObjectTree::move to IMoveTarget in new DAV endpoint 2017-04-26 15:33:20 +02:00
Georg Ehrke
c76633bb8a
require at least one param or prop filter element 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-25 18:20:32 +02:00
Joas Schilling
5334a3dc33
fix objectstore rename 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-25 17:52:05 +02:00
Vincent Petry
1c40a05204
Restrict proppatch to the proper nodes 
Need to fetch the node earlier because cancelling from within the
handler is not possible. Well, it is but it prevents other node types
using the same property names to run because the failure marks the
property with status 403.
 2017-04-25 17:25:03 +02:00
Georg Ehrke
ac3cc5211b
updateProperties: catch exception when reading calendar data 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-25 16:42:41 +02:00
Georg Ehrke
dd424fcb7b
unit test CalDAV Search Plugin 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-25 16:39:17 +02:00
Georg Ehrke
40eec1e63c
add repairstep with backgroundjob to index calendar data 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-25 11:55:31 +02:00
Georg Ehrke
e760cda96f
remove unused CalendarSearchValidator 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-24 22:38:21 +02:00
Georg Ehrke
57b543a918
add Nextcloud Search extension to CalDAV 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-24 22:38:20 +02:00
Joas Schilling
3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports 
Remove unused use statements
 2017-04-24 11:47:37 +02:00
Roeland Jago Douma
d842b29c5b Merge pull request #4401 from nextcloud/caldav-carddav-nc-owner-displayname 
add owner-displayname property to calendars and addressbooks
 2017-04-24 09:17:55 +02:00
Georg Ehrke
c89e057d27
add owner-displayname property to calendars and addressbooks 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-23 11:26:49 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 19:23:31 -05:00
Morris Jobke
2b6f6dac00
Remove unused variables 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 18:20:51 -05:00
Roeland Jago Douma
6d1651452f
Add back the name query part 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-21 20:43:40 +02:00
Thomas Citharel
ecba3722da
Factorize query for searching contacts 2017-04-21 20:43:36 +02:00
Joas Schilling
088f4422f9
Fix remaining "PHP Inspection" warnings 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-20 10:44:11 +02:00
Joas Schilling
62ef59616d
Add public access modifier to all methods 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-20 10:44:11 +02:00
Joas Schilling
c2d1e6e7ff
Restrict share handling to the owner only 
Otherwise group members can remove the share for the complete group,
remove edit permissions and even single user shares for other users.

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-20 10:44:11 +02:00
Björn Schießle
b90e91144b Merge pull request #3614 from nextcloud/discover-federatedsharing-endpoints 
Discover federatedsharing endpoints
 2017-04-12 16:01:07 +02:00
Joas Schilling
a3c3124762
Allow file upload when storage is unlimited 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-12 12:27:47 +02:00
Morris Jobke
1729e4471f
Update comments to Nextcloud 
* based on PR by @Ardinis
* see #4311

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-11 23:16:27 -05:00
Bjoern Schiessle
d5dec527c9
get addressbook url and carddav user from remote server 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-04-11 15:04:01 +02:00
Lukas Reschke
aacbb560ae
Add missing maintenance plugin to new DAV endpoint 
The `/remote.php/dav/` endpoint was not implementing the MaintenancePlugin. Thus when the instance was put into maintenance mode the endpoints were still accessible and delivered empty content. Sync clients really do love this.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-11 01:31:57 +02:00
Morris Jobke
a045f3c4d7 Merge pull request #4146 from nextcloud/unread-comments-folder 
Allow getting the unread comment count for an entire folder at once
 2017-04-10 13:21:39 -05:00
Roeland Jago Douma
e9c6fe2fd8 Merge pull request #4222 from nextcloud/dav-search-fileid 
Allow searching file by fileid
 2017-04-10 15:57:56 +02:00
Georg Ehrke
c99bdc9eb4
don't remove owner property for public calendars 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-09 21:20:59 +02:00
Lukas Reschke
63288ebc50
Don't list on public calendar endpoints 
There is no need to allow listing here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-05 22:43:05 +02:00
Robin Appelman
bb7e236e74
Allow searching file by fileid 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-04-05 15:22:53 +02:00
Morris Jobke
51bcb0bbe1 Merge pull request #3620 from nextcloud/feature/1463/editable_color_name_for_shared_calendars 
allow sharees to edit certain calendar properties for themselves
 2017-04-03 13:12:56 -05:00
Joas Schilling
43143e170e
Make sure transparency is an integer when saving a calendar 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-30 17:58:33 +02:00
Robin Appelman
429f8ae011
Allow getting the unread comment count for an entire folder at once 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 12:48:24 +02:00
Morris Jobke
c1030a34a5 Merge pull request #4062 from nextcloud/downstream-26872 
Adding dav resource for avatars
 2017-03-29 10:30:22 -06:00
Roeland Jago Douma
00839a5ac5 Merge pull request #4066 from nextcloud/always-fix-the-values-live 
Directly fix invalid values of DTEND and DTSTART
 2017-03-29 10:13:10 +02:00
Roeland Jago Douma
7cc96c2121
Don't output jpeg if we request png 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-29 00:05:04 +02:00
Lukas Reschke
2a77727897
Fix PHPDoc 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-29 00:04:29 +02:00
Roeland Jago Douma
f0850b266e
Fix inspection results 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-29 00:04:29 +02:00
Thomas Müller
836271e0fd
Adding AvatarNodeTest 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:04:29 +02:00
Thomas Müller
3e93f491f2
Adding AvatarHomeTest 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:04:29 +02:00
Thomas Müller
73007255ce
Return last modification time to allow proper listing in cadaver 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:04:29 +02:00
Thomas Müller
23aab05bda
Adding dav resource for avatars 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-29 00:04:29 +02:00
Georg Ehrke
242bb746b9
OCA\DAV\Files\CustomPropertiesBackend -> OCA\DAV\DAV\CustomPropertiesBackend 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-03-27 19:15:51 +02:00
Georg Ehrke
b887adf386
allow sharees to edit certain calendar properties for themselves 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-03-27 17:21:57 +02:00
Joas Schilling
3bd501aad2
Directly fix the values 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-26 13:09:53 +02:00
Georg Ehrke
896dd76ab5
fix bug with shared_by for own calendars if shared 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-03-25 23:07:09 +01:00
Bjoern Schiessle
ee014bddbd
fix tests 
calling getAbsoluteBundlePath() in the constructor makes other tests fail

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-03-24 11:27:01 +01:00
Joas Schilling
33867f331c
Load cert file before syncing addressbooks and contacts 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-24 11:06:44 +01:00
Bjoern Schiessle
aa26a3ae74
use right format for avatars 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-03-24 11:06:44 +01:00
Bjoern Schiessle
e637113452
don't add empty values to the vcard 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-03-24 11:06:44 +01:00
Bjoern Schiessle
faf836b0c0
fix the way we create a new vcard to avoid to have multiple UIDs 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-03-24 11:06:41 +01:00
Christoph Wickert
07b35b7bae DummyGetResponsePlugin: ownCloud -> Nexcloud 
Signed-off-by: Christoph Wickert <cwickert@suse.de>
 2017-03-18 12:59:25 +01:00