Joas Schilling
0fc355aa1e
ci(autochecks): Run some autochecks also on non-PHP files
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-02-21 12:12:29 +01:00
dependabot[bot]
eb3c639c6b
bump behat/behat from 3.18.1 to 3.19.0 in /build/integration
...
---
updated-dependencies:
- dependency-name: behat/behat
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-02-18 14:31:46 +01:00
Côme Chilliet
e757b649b7
fix: Fix psalm taint false-positives by small refactorings
...
Mostly make it clear that we trust admin input or that we correctly
escape strings.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 18:08:23 +01:00
Côme Chilliet
640dbd0b5e
fix: Fix false-positive psalm taint errors when outputting plain text
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:26:23 +01:00
Côme Chilliet
7c907223d2
fix: Fix psalm taint false-positive by escaping trusted input
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:26:22 +01:00
Côme Chilliet
fa108d5b54
fix: Correctly tag json encoding in BaseResponse to fix false-positive
...
…in psalm taint analysis
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:26:22 +01:00
Côme Chilliet
aac79bad9b
fix: Move config.php taint trust upstream directly in OC\Config class
...
This solves some false-positive psalm taint errors
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:26:20 +01:00
Côme Chilliet
25f38883f1
fix: Work around false-positive psalm taint error calling print_r in admin_audit
...
Same issue as var_export, print_r is listed as sink but it’s not when
using return:true. Anyway, using the logger context feature is better.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:24:08 +01:00
Côme Chilliet
fec865cc29
chore: Correctly flag json encoding methods as escaping html and quotes
...
Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we
only use it in JSON output anyway.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:24:07 +01:00
Côme Chilliet
964bc960f8
chore: Update psalm-baseline-security.xml
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-13 16:27:13 +01:00
Côme Chilliet
007335dadf
chore(rector): Enable Nextcloud 25 set for the apps folder
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-13 11:45:39 +01:00
Côme Chilliet
ee48cafd20
Merge pull request #50689 from nextcloud/fix/migrate-dav-to-events
...
fix(dav): Migrate from hooks to user events
2025-02-13 10:24:05 +01:00
Joas Schilling
747bf1a241
fix(transifex): Adjust check for translation of apps
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-02-11 07:19:46 +01:00
Côme Chilliet
a4d7623ed7
chore: Update psalm baseline
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-10 14:52:18 +01:00
John Molakvoæ
93c72f5675
Merge pull request #50660 from nextcloud/fix/mime-int
...
fix: make sure we process mime extensions as string
2025-02-06 16:13:27 +01:00
Ferdinand Thiessen
2a0f81da53
fix(provisioning_api): Correct limit for editUser
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-02-06 11:58:24 +01:00
Ferdinand Thiessen
729cdf6818
fix(FediverseAction): Ensure valid fediverse links are generated
...
Harden also for existing values of the profile.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-02-06 11:58:24 +01:00
skjnldsv
6baafd82b6
fix: make sure we process mime extensions as string
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-02-05 12:35:41 +01:00
Ferdinand Thiessen
73dc0f0f19
fix(sharing): Ensure download restrictions are not dropped
...
When a user receives a share with share-permissions but also with
download restrictions (hide download or the modern download permission attribute),
then re-shares of that share must always also include those restrictions.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-02-04 15:39:14 +01:00
dependabot[bot]
8ad7350a6b
Merge pull request #50137 from nextcloud/dependabot/composer/build/integration/behat/behat-3.18.1
2025-01-30 00:11:21 +00:00
Ferdinand Thiessen
b48ee2e924
fix: Harden files scanner for invalid null access
...
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-28 20:08:46 +01:00
Ferdinand Thiessen
0baab8fd98
test: Reset sharing app config after test
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-28 16:40:50 +01:00
Ferdinand Thiessen
253f4345f1
fix(files_sharing): Respect permissions passed when creating link shares
...
Given:
User creates a link or email share with permissions=4 (create only = file drop).
Problem:
Currently the permissions are automatically extended to permissions = 5
(READ + CREATE). Work around was to create the share and directly update
it.
Solution:
Respect what the user is requesting, create a file drop share.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-28 16:40:50 +01:00
Kate
2f862d1fcb
Merge pull request #50221 from nextcloud/add-integration-tests-for-moving-a-file-from-and-to-a-shared-folder
2025-01-27 17:03:04 +01:00
Daniel Calviño Sánchez
b59c71ccf8
test: Add integration tests for moving a file from and to a shared folder
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2025-01-27 14:13:07 +01:00
Joas Schilling
c1655bcde7
fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-01-27 12:46:15 +01:00
Ferdinand Thiessen
eea91fa1ba
fix(TemplateLayout): core
is not an app but the server itself
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-24 15:10:23 +01:00
Richard Steinmetz
d3126cd1bb
fix(dav): default calendar and address book not created on first login
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2025-01-23 22:02:52 +01:00
skjnldsv
abd3cb60fc
fix(files): more conversion tests and translate error messages
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-17 18:22:58 +01:00
Arthur Schiwon
2de855f0bc
Merge pull request #50162 from nextcloud/fix/improve-ldap-avatar-handling
...
Improve ldap avatar handling
2025-01-16 21:43:29 +01:00
skjnldsv
19ce362896
chore: add file conversion integration tests
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-16 18:55:44 +01:00
Côme Chilliet
a741c6cfa1
chore(psalm): Update baseline to remove fixed errors
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-01-13 17:34:11 +01:00
dependabot[bot]
f5ee945bbf
build(deps-dev): bump behat/behat in /build/integration
...
Bumps [behat/behat](https://github.com/Behat/Behat ) from 3.16.0 to 3.18.1.
- [Release notes](https://github.com/Behat/Behat/releases )
- [Changelog](https://github.com/Behat/Behat/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Behat/Behat/compare/v3.16.0...v3.18.1 )
---
updated-dependencies:
- dependency-name: behat/behat
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-01-11 02:33:07 +00:00
skjnldsv
669e6cadd6
chore(federation): cleanup SettingsController and legacy AddServerMiddleware
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-09 15:39:01 +01:00
skjnldsv
b434750cb2
chore(federation): add trusted server auto accept integration tests
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-09 12:54:51 +01:00
Stephan Orbaugh
b64b106c13
Merge pull request #49966 from nextcloud/block-dav-move-parent
...
fix: block moving files to it's own parent with dav
2025-01-07 10:24:06 +01:00
Joas Schilling
8953f44534
Merge pull request #50035 from nextcloud/fix/http/jsonresponse-data-type
...
fix(HTTP): Adjust JSONResponse data type
2025-01-07 06:39:14 +01:00
Robin Appelman
757076af29
fix: explicitly ignore nested mounts when transfering ownership
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-01-06 14:45:35 +01:00
provokateurin
3624923af2
fix(HTTP): Adjust JSONResponse data type
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-01-04 00:58:54 +01:00
Robin Appelman
9193cd664e
fix: block moving files to it's own parent with dav
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-01-03 15:30:20 +01:00
Joas Schilling
63f3309993
fix(logger): Prevent infinite recursion with log.condition => matches
...
When we need to check the log condition for a user matches,
there is a risk that something on the way checks the log level
and would result in an infinite loop.
So we simply check if it's a nested call and use the default
warning level in that case.
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-01-03 10:04:51 +01:00
nextcloud-command
ec26a4449c
fix(security): Update CA certificate bundle
...
Signed-off-by: GitHub <noreply@github.com>
2025-01-01 02:33:07 +00:00
Robin Appelman
7bc8eb3007
chore: update baseline
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-12-27 15:18:09 +01:00
Benjamin Gaussorgues
22051a73c1
feat(login): add origin check at login
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-12-05 09:51:53 +01:00
Maxence Lange
f08d053290
fix(ocm): switching to IdentityProof
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-12-04 09:30:55 -01:00
Maxence Lange
4591430c9c
feat(ocm): signing ocm requests
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-12-04 09:30:55 -01:00
Daniel Kesselberg
dd3fa88b36
chore: check enums for since and experimental comments
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-12-02 14:30:18 +01:00
Kate
bcb8b85fc6
Merge pull request #49224 from nextcloud/build/psalm/unstable-namespace
2024-11-29 12:01:07 +01:00
Joas Schilling
dd101dd0f7
Merge pull request #49515 from nextcloud/bugfix/noid/boolean-false-in-multipart-form-data
...
fix(controller): Fix false booleans in multipart/form-data
2024-11-28 14:46:16 +01:00
Joas Schilling
2b6da9eaee
ci: Remove obsolete baseline entry
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-11-28 13:57:24 +01:00