0
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2025-02-23 00:19:14 +00:00
Commit graph

1582 commits

Author SHA1 Message Date
Joas Schilling
0fc355aa1e
ci(autochecks): Run some autochecks also on non-PHP files
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-02-21 12:12:29 +01:00
dependabot[bot]
eb3c639c6b bump behat/behat from 3.18.1 to 3.19.0 in /build/integration
---
updated-dependencies:
- dependency-name: behat/behat
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-18 14:31:46 +01:00
Côme Chilliet
e757b649b7
fix: Fix psalm taint false-positives by small refactorings
Mostly make it clear that we trust admin input or that we correctly
 escape strings.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 18:08:23 +01:00
Côme Chilliet
640dbd0b5e
fix: Fix false-positive psalm taint errors when outputting plain text
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:26:23 +01:00
Côme Chilliet
7c907223d2
fix: Fix psalm taint false-positive by escaping trusted input
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:26:22 +01:00
Côme Chilliet
fa108d5b54
fix: Correctly tag json encoding in BaseResponse to fix false-positive
…in psalm taint analysis

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:26:22 +01:00
Côme Chilliet
aac79bad9b
fix: Move config.php taint trust upstream directly in OC\Config class
This solves some false-positive psalm taint errors

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:26:20 +01:00
Côme Chilliet
25f38883f1
fix: Work around false-positive psalm taint error calling print_r in admin_audit
Same issue as var_export, print_r is listed as sink but it’s not when
 using return:true. Anyway, using the logger context feature is better.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:24:08 +01:00
Côme Chilliet
fec865cc29
chore: Correctly flag json encoding methods as escaping html and quotes
Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we
 only use it in JSON output anyway.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:24:07 +01:00
Côme Chilliet
964bc960f8
chore: Update psalm-baseline-security.xml
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-13 16:27:13 +01:00
Côme Chilliet
007335dadf
chore(rector): Enable Nextcloud 25 set for the apps folder
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-13 11:45:39 +01:00
Côme Chilliet
ee48cafd20
Merge pull request from nextcloud/fix/migrate-dav-to-events
fix(dav): Migrate from hooks to user events
2025-02-13 10:24:05 +01:00
Joas Schilling
747bf1a241
fix(transifex): Adjust check for translation of apps
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-02-11 07:19:46 +01:00
Côme Chilliet
a4d7623ed7 chore: Update psalm baseline
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-10 14:52:18 +01:00
John Molakvoæ
93c72f5675
Merge pull request from nextcloud/fix/mime-int
fix: make sure we process mime extensions as string
2025-02-06 16:13:27 +01:00
Ferdinand Thiessen
2a0f81da53
fix(provisioning_api): Correct limit for editUser
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-02-06 11:58:24 +01:00
Ferdinand Thiessen
729cdf6818
fix(FediverseAction): Ensure valid fediverse links are generated
Harden also for existing values of the profile.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-02-06 11:58:24 +01:00
skjnldsv
6baafd82b6 fix: make sure we process mime extensions as string
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-02-05 12:35:41 +01:00
Ferdinand Thiessen
73dc0f0f19
fix(sharing): Ensure download restrictions are not dropped
When a user receives a share with share-permissions but also with
download restrictions (hide download or the modern download permission attribute),
then re-shares of that share must always also include those restrictions.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-02-04 15:39:14 +01:00
dependabot[bot]
8ad7350a6b
Merge pull request from nextcloud/dependabot/composer/build/integration/behat/behat-3.18.1 2025-01-30 00:11:21 +00:00
Ferdinand Thiessen
b48ee2e924
fix: Harden files scanner for invalid null access
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-28 20:08:46 +01:00
Ferdinand Thiessen
0baab8fd98
test: Reset sharing app config after test
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-28 16:40:50 +01:00
Ferdinand Thiessen
253f4345f1
fix(files_sharing): Respect permissions passed when creating link shares
Given:
User creates a link or email share with permissions=4 (create only = file drop).

Problem:
Currently the permissions are automatically extended to permissions = 5
(READ + CREATE). Work around was to create the share and directly update
it.

Solution:
Respect what the user is requesting, create a file drop share.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-28 16:40:50 +01:00
Kate
2f862d1fcb
Merge pull request from nextcloud/add-integration-tests-for-moving-a-file-from-and-to-a-shared-folder 2025-01-27 17:03:04 +01:00
Daniel Calviño Sánchez
b59c71ccf8 test: Add integration tests for moving a file from and to a shared folder
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2025-01-27 14:13:07 +01:00
Joas Schilling
c1655bcde7
fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-01-27 12:46:15 +01:00
Ferdinand Thiessen
eea91fa1ba
fix(TemplateLayout): core is not an app but the server itself
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-24 15:10:23 +01:00
Richard Steinmetz
d3126cd1bb
fix(dav): default calendar and address book not created on first login
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2025-01-23 22:02:52 +01:00
skjnldsv
abd3cb60fc fix(files): more conversion tests and translate error messages
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-17 18:22:58 +01:00
Arthur Schiwon
2de855f0bc
Merge pull request from nextcloud/fix/improve-ldap-avatar-handling
Improve ldap avatar handling
2025-01-16 21:43:29 +01:00
skjnldsv
19ce362896 chore: add file conversion integration tests
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-16 18:55:44 +01:00
Côme Chilliet
a741c6cfa1
chore(psalm): Update baseline to remove fixed errors
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-01-13 17:34:11 +01:00
dependabot[bot]
f5ee945bbf
build(deps-dev): bump behat/behat in /build/integration
Bumps [behat/behat](https://github.com/Behat/Behat) from 3.16.0 to 3.18.1.
- [Release notes](https://github.com/Behat/Behat/releases)
- [Changelog](https://github.com/Behat/Behat/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Behat/Behat/compare/v3.16.0...v3.18.1)

---
updated-dependencies:
- dependency-name: behat/behat
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-11 02:33:07 +00:00
skjnldsv
669e6cadd6 chore(federation): cleanup SettingsController and legacy AddServerMiddleware
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-09 15:39:01 +01:00
skjnldsv
b434750cb2 chore(federation): add trusted server auto accept integration tests
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-09 12:54:51 +01:00
Stephan Orbaugh
b64b106c13
Merge pull request from nextcloud/block-dav-move-parent
fix: block moving files to it's own parent with dav
2025-01-07 10:24:06 +01:00
Joas Schilling
8953f44534
Merge pull request from nextcloud/fix/http/jsonresponse-data-type
fix(HTTP): Adjust JSONResponse data type
2025-01-07 06:39:14 +01:00
Robin Appelman
757076af29
fix: explicitly ignore nested mounts when transfering ownership
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-01-06 14:45:35 +01:00
provokateurin
3624923af2
fix(HTTP): Adjust JSONResponse data type
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-01-04 00:58:54 +01:00
Robin Appelman
9193cd664e fix: block moving files to it's own parent with dav
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-01-03 15:30:20 +01:00
Joas Schilling
63f3309993
fix(logger): Prevent infinite recursion with log.condition => matches
When we need to check the log condition for a user matches,
there is a risk that something on the way checks the log level
and would result in an infinite loop.
So we simply check if it's a nested call and use the default
warning level in that case.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-01-03 10:04:51 +01:00
nextcloud-command
ec26a4449c fix(security): Update CA certificate bundle
Signed-off-by: GitHub <noreply@github.com>
2025-01-01 02:33:07 +00:00
Robin Appelman
7bc8eb3007 chore: update baseline
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-12-27 15:18:09 +01:00
Benjamin Gaussorgues
22051a73c1
feat(login): add origin check at login
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-12-05 09:51:53 +01:00
Maxence Lange
f08d053290 fix(ocm): switching to IdentityProof
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-12-04 09:30:55 -01:00
Maxence Lange
4591430c9c feat(ocm): signing ocm requests
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-12-04 09:30:55 -01:00
Daniel Kesselberg
dd3fa88b36
chore: check enums for since and experimental comments
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-12-02 14:30:18 +01:00
Kate
bcb8b85fc6
Merge pull request from nextcloud/build/psalm/unstable-namespace 2024-11-29 12:01:07 +01:00
Joas Schilling
dd101dd0f7
Merge pull request from nextcloud/bugfix/noid/boolean-false-in-multipart-form-data
fix(controller): Fix false booleans in multipart/form-data
2024-11-28 14:46:16 +01:00
Joas Schilling
2b6da9eaee
ci: Remove obsolete baseline entry
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-11-28 13:57:24 +01:00