]>
source.dussan.org Git - nextcloud-server.git/log
blizzz [Fri, 2 Aug 2019 12:07:39 +0000 (14:07 +0200)]
Merge pull request #16525 from nextcloud/bugfix/external-user-substitution
files_external: proper user context for sharing
Arthur Schiwon [Fri, 2 Aug 2019 11:09:38 +0000 (13:09 +0200)]
fix check for null
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Julius Härtl [Thu, 25 Jul 2019 07:58:54 +0000 (09:58 +0200)]
Adjust tests
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Arthur Schiwon [Thu, 25 Jul 2019 15:57:22 +0000 (17:57 +0200)]
fixes terminology and allows to request an IUser instance
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Arthur Schiwon [Thu, 25 Jul 2019 15:58:13 +0000 (17:58 +0200)]
adjusts LDAP's home handler to use the correct user object
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Arthur Schiwon [Thu, 25 Jul 2019 16:50:28 +0000 (18:50 +0200)]
do not send null value when string is expected
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Julius Härtl [Thu, 25 Jul 2019 07:31:39 +0000 (09:31 +0200)]
Provide proper user context from initMountPoints
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Julius Härtl [Wed, 24 Jul 2019 09:53:53 +0000 (11:53 +0200)]
files_external: Make sure the correct user context is used in substitution of variables
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Nextcloud bot [Fri, 2 Aug 2019 02:14:30 +0000 (02:14 +0000)]
[tx-robot] updated from transifex
Roeland Jago Douma [Thu, 1 Aug 2019 13:00:24 +0000 (15:00 +0200)]
Merge pull request #16624 from nextcloud/bugfix/noid/versions-fetch-owner-only
Make sure we only fetch the file by id for the actual owner
John Molakvoæ [Thu, 1 Aug 2019 12:57:14 +0000 (14:57 +0200)]
Merge pull request #16622 from nextcloud/design/scrollbar
Standardize scrollbar color and width across Webkit and Firefox
Roeland Jago Douma [Thu, 1 Aug 2019 10:35:26 +0000 (12:35 +0200)]
Merge pull request #16586 from nextcloud/feature/16585_adminAuditShareCirclesRemotel/wiswedel
log circles and remote shares in admin_audit
Sascha Wiswedel [Sun, 28 Jul 2019 12:16:43 +0000 (14:16 +0200)]
log circles and remote shares in admin_audit
Signed-off-by: Sascha Wiswedel <sascha.wiswedel@nextcloud.com>
Roeland Jago Douma [Thu, 1 Aug 2019 08:55:35 +0000 (10:55 +0200)]
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare
Fix permission check on incoming federated shares
Julius Härtl [Thu, 1 Aug 2019 08:10:49 +0000 (10:10 +0200)]
Make sure we only fetch the file by id for the actual owner
Otherwise this will fetch all mounts for the file id which is quite
expensive and causes long saving times in big sharing structures
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Nextcloud bot [Thu, 1 Aug 2019 02:15:27 +0000 (02:15 +0000)]
[tx-robot] updated from transifex
Roeland Jago Douma [Wed, 31 Jul 2019 17:41:52 +0000 (19:41 +0200)]
Merge pull request #16618 from nextcloud/enh/csp/form-action
Add form-action CSP element
Jan-Christoph Borchardt [Tue, 30 Jul 2019 14:39:37 +0000 (16:39 +0200)]
Standardize scrollbar color and width across Webkit and Firefox
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
Roeland Jago Douma [Wed, 31 Jul 2019 07:03:33 +0000 (09:03 +0200)]
Update CSP test cases to handle the new form-action
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Roeland Jago Douma [Tue, 30 Jul 2019 21:13:46 +0000 (23:13 +0200)]
Add form-action CSP element
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Julius Härtl [Mon, 29 Jul 2019 13:00:07 +0000 (15:00 +0200)]
Fix permission check on incoming federated shares
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Roeland Jago Douma [Wed, 31 Jul 2019 10:52:19 +0000 (12:52 +0200)]
Merge pull request #16619 from nextcloud/bugfix/16446/theming-url-validate
Validate urls in theming settings and properly handle error messages
Roeland Jago Douma [Wed, 31 Jul 2019 09:02:20 +0000 (11:02 +0200)]
Merge pull request #16544 from nextcloud/bugfix/16540
Add missing password reset page to vue
Roeland Jago Douma [Wed, 31 Jul 2019 09:01:38 +0000 (11:01 +0200)]
Merge pull request #16616 from nextcloud/dep/setEvalScript
setting unsafe-eval is deprecated
Julius Härtl [Wed, 31 Jul 2019 08:05:46 +0000 (10:05 +0200)]
Validate urls in theming settings and properly handle error messages
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Julius Härtl [Thu, 25 Jul 2019 15:04:33 +0000 (17:04 +0200)]
Move actual password reset to vue
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Nextcloud bot [Wed, 31 Jul 2019 02:16:00 +0000 (02:16 +0000)]
[tx-robot] updated from transifex
Roeland Jago Douma [Tue, 30 Jul 2019 14:27:38 +0000 (16:27 +0200)]
setting unsafe-eval is deprecated
This will be removed in a future version of Nextcloud.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Joas Schilling [Tue, 30 Jul 2019 07:58:38 +0000 (09:58 +0200)]
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare
Remove unused OC\Share\Share::checkPasswordProtectedShare
Roeland Jago Douma [Tue, 30 Jul 2019 07:51:45 +0000 (09:51 +0200)]
Merge pull request #16599 from nextcloud/fix/xss/on-favorite-file
Fix/xss/on favorite file
Roeland Jago Douma [Tue, 30 Jul 2019 06:55:28 +0000 (08:55 +0200)]
Merge pull request #16593 from nextcloud/fix/noid/more-precise-error-message
More precise error message when expected filesize does not match
Roeland Jago Douma [Tue, 30 Jul 2019 06:54:10 +0000 (08:54 +0200)]
Merge pull request #16579 from nextcloud/enh/PostLoginEvent
Add proper PostLoginEvent
Roeland Jago Douma [Tue, 30 Jul 2019 06:43:10 +0000 (08:43 +0200)]
Merge pull request #16596 from nextcloud/bugfix/noid/vtooltip-defaults
Set proper defaults for v-tooltip usages
Roeland Jago Douma [Tue, 30 Jul 2019 06:42:31 +0000 (08:42 +0200)]
Merge pull request #16595 from nextcloud/tech-debt/noid/no-need-to-document-the-obvious
Do not document the obvious
Nextcloud bot [Tue, 30 Jul 2019 02:14:45 +0000 (02:14 +0000)]
[tx-robot] updated from transifex
Julius Härtl [Mon, 29 Jul 2019 13:55:14 +0000 (15:55 +0200)]
Bump bundles
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Julius Härtl [Mon, 29 Jul 2019 13:51:08 +0000 (15:51 +0200)]
Force defaultHtml setting of v-tooltip to be disabled
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Max Fichtelmann [Mon, 29 Jul 2019 15:48:33 +0000 (17:48 +0200)]
prevent potential XSS via unchecked use innerHTML
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
Max Fichtelmann [Mon, 29 Jul 2019 15:44:01 +0000 (17:44 +0200)]
fix XSS when adding a file with a malicious name to favorites
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
Morris Jobke [Mon, 29 Jul 2019 14:59:26 +0000 (16:59 +0200)]
Merge pull request #16502 from nextcloud/bugfix/16474
Check the if we can actually access the storage cache for recent files
Morris Jobke [Mon, 29 Jul 2019 14:54:29 +0000 (16:54 +0200)]
Merge pull request #16591 from nextcloud/fix/noid/typo-in-comment
Fix typo in comment
Roeland Jago Douma [Sun, 28 Jul 2019 18:46:01 +0000 (20:46 +0200)]
Update tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Roeland Jago Douma [Sat, 27 Jul 2019 10:56:27 +0000 (12:56 +0200)]
Add proper PostLoginEvent
This can be used by othr mechanisms to listen for this event in a lazy
fashion.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Morris Jobke [Mon, 29 Jul 2019 13:25:53 +0000 (15:25 +0200)]
Do not document the obvious
This removes PHPDoc that is already available as source code type hints.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Morris Jobke [Mon, 29 Jul 2019 13:23:21 +0000 (15:23 +0200)]
Remove unused OC\Share\Share::checkPasswordProtectedShare
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Morris Jobke [Mon, 29 Jul 2019 13:03:01 +0000 (15:03 +0200)]
More precise error message when expected filesize does not match - could be on reading or writing side
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Morris Jobke [Mon, 29 Jul 2019 12:55:43 +0000 (14:55 +0200)]
Fix typo in comment
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Roeland Jago Douma [Mon, 29 Jul 2019 10:13:55 +0000 (12:13 +0200)]
Merge pull request #16582 from nextcloud/enh/split_up_security_middleware
Split up security middleware
Morris Jobke [Mon, 29 Jul 2019 08:42:36 +0000 (10:42 +0200)]
Merge pull request #16563 from nextcloud/enh/lostcontroller/better_exceptions
Use proper exception in lostController
Roeland Jago Douma [Mon, 29 Jul 2019 08:40:38 +0000 (10:40 +0200)]
Merge pull request #16581 from nextcloud/dep/strict_csps_can_go
No need to have these classes we tighten the default CSP from time to time
Roeland Jago Douma [Mon, 29 Jul 2019 08:39:46 +0000 (10:39 +0200)]
Merge pull request #16570 from nextcloud/enh/supress_touch_error
Supress warnings touch can generate
Morris Jobke [Mon, 29 Jul 2019 08:35:08 +0000 (10:35 +0200)]
Merge pull request #16571 from nextcloud/enh/update_preview_controller
Update PreviewController
Nextcloud bot [Mon, 29 Jul 2019 02:14:59 +0000 (02:14 +0000)]
[tx-robot] updated from transifex
Roeland Jago Douma [Sun, 28 Jul 2019 18:57:31 +0000 (20:57 +0200)]
Merge pull request #16573 from nextcloud/fix-default-timeouts-in-oc-notification
Fix default timeouts in OC.Notification
Roeland Jago Douma [Sun, 28 Jul 2019 08:49:02 +0000 (10:49 +0200)]
Merge pull request #16583 from nextcloud/dependabot/npm_and_yarn/webpack-4.38.0
Bump webpack from 4.36.1 to 4.38.0
Nextcloud bot [Sun, 28 Jul 2019 02:15:26 +0000 (02:15 +0000)]
[tx-robot] updated from transifex
dependabot-preview[bot] [Sun, 28 Jul 2019 01:13:42 +0000 (01:13 +0000)]
Bump webpack from 4.36.1 to 4.38.0
Bumps [webpack](https://github.com/webpack/webpack) from 4.36.1 to 4.38.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.36.1...v4.38.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Roeland Jago Douma [Fri, 26 Jul 2019 13:21:41 +0000 (15:21 +0200)]
Use proper exception in lostController
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.
This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Roeland Jago Douma [Sat, 27 Jul 2019 14:04:51 +0000 (16:04 +0200)]
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.
I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Roeland Jago Douma [Sat, 27 Jul 2019 12:59:48 +0000 (14:59 +0200)]
No need to have these classes we tighten the default CSP from time to
time
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Roeland Jago Douma [Sat, 27 Jul 2019 10:23:25 +0000 (12:23 +0200)]
Merge pull request #16560 from nextcloud/bugfix/noid/fix_cutype_reporting
fix calendar-user-type reporting
Roeland Jago Douma [Sat, 27 Jul 2019 08:39:11 +0000 (10:39 +0200)]
Merge pull request #16558 from nextcloud/enh/less_verbose_locked_logging
Do not log all locked exceptions
Nextcloud bot [Sat, 27 Jul 2019 02:14:37 +0000 (02:14 +0000)]
[tx-robot] updated from transifex
Daniel Calviño Sánchez [Fri, 26 Jul 2019 16:29:00 +0000 (18:29 +0200)]
Add unit tests for "OC.Notification.hide()"
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Daniel Calviño Sánchez [Fri, 26 Jul 2019 16:00:07 +0000 (18:00 +0200)]
Fix default timeouts in OC.Notification
When no timeout was given "show()" used the default timeout of
"OCP.Toast", which is 7 seconds instead of indefinitely as stated in the
documentation of "show()". "showHtml()" should also indefinitely show
the notification if no timeout is given, but due to the strict
comparison the notification was indefinitely shown only when a timeout
of 0 was explicitly given. Now both methods show the notification
indefinitely (or until it is explicitly hidden) when no timeout is
given.
The unit tests did not catch this error because "showHtml()" had no
tests (as before the move to Toastify it was called from "show()" and
thus implicitly tested), and because "show()" verified that "hide()" was
not called after some time; "hide()" is no longer called from "show()"
since "OCP.Toast" is used internally, so the test always passed even if
the notification was indeed hidden. Now the test is based on whether the
element is found or not, and explicit tests were added too for
"showHtml()".
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Daniel Calviño Sánchez [Fri, 26 Jul 2019 15:49:58 +0000 (17:49 +0200)]
Fix mixed test for "show" and "showTemporary"
"showTemporary()" when a timeout was given was being tested along with
the "show()" tests; now there are two separate tests when a timeout is
given, one for "showTemporary()" and one for "show()".
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Daniel Calviño Sánchez [Fri, 26 Jul 2019 15:40:44 +0000 (17:40 +0200)]
Check number of elements instead of if the jQuery object is defined
Tje jQuery object created through "$('#testArea .toastify')" will be
always defined even if no elements were found, so the check does not
really work; instead, it should be checked the number of elements found.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Roeland Jago Douma [Fri, 26 Jul 2019 15:37:11 +0000 (17:37 +0200)]
Update PreviewController
The constructor is called with the userId. However if a user is not
logged in this is null. Which means that we get an exception instead of
this being handled gracefully in the middleware.
There are cleaner solutions. But this is the solution that is the
easiest to apply without lots of work and risk of breaking things
(handling the logged in middleware before initializing the controller
etc).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Roeland Jago Douma [Fri, 26 Jul 2019 15:26:59 +0000 (17:26 +0200)]
Supress warnings touch can generate
We already catch the result value. Having the warning being logged
explicitly doesn't help and polutes the log.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Morris Jobke [Fri, 26 Jul 2019 14:14:47 +0000 (16:14 +0200)]
Merge pull request #16556 from nextcloud/feature/16554_adminAuditShareByMail/wiswedel
log email shares in admin_audit log
Morris Jobke [Fri, 26 Jul 2019 13:44:52 +0000 (15:44 +0200)]
Merge pull request #16557 from nextcloud/enh/do_not_log_locked_files
Do not log locked files
Morris Jobke [Fri, 26 Jul 2019 13:15:56 +0000 (15:15 +0200)]
Merge pull request #16555 from nextcloud/fix/16529/mask-keys
use a pattern to identify sensitive config keys
Morris Jobke [Fri, 26 Jul 2019 13:14:59 +0000 (15:14 +0200)]
Merge pull request #16551 from nextcloud/fix/12735/displayname-email
supresses disclosing the userid for LDAP users in the welcome mail
Roeland Jago Douma [Fri, 26 Jul 2019 13:07:04 +0000 (15:07 +0200)]
Merge pull request #16456 from nextcloud/dep/searchByTag
Remove deprecated searchByTag
Georg Ehrke [Fri, 26 Jul 2019 13:04:58 +0000 (15:04 +0200)]
fix CUType reporting
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
Roeland Jago Douma [Fri, 26 Jul 2019 12:55:13 +0000 (14:55 +0200)]
Do not log all locked exceptions
This can happen for valid reasons (multiple users writing at the same
time) with for example the text app. Apps should properly handle it. No
reason to log it by default.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Sascha Wiswedel [Fri, 26 Jul 2019 11:37:22 +0000 (13:37 +0200)]
log email shares in admin_audit log
Signed-off-by: Sascha Wiswedel <sascha.wiswedel@nextcloud.com>
Roeland Jago Douma [Fri, 26 Jul 2019 12:29:13 +0000 (14:29 +0200)]
Do not log locked files
This is the code doing its job. There is no need to spam the log file
with this.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Arthur Schiwon [Fri, 26 Jul 2019 11:31:14 +0000 (13:31 +0200)]
treat sensitive config keys by pattern
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Roeland Jago Douma [Fri, 26 Jul 2019 10:32:04 +0000 (12:32 +0200)]
Merge pull request #16461 from nextcloud/fix/noid/pgsql-version
fixes the check for postgresql
Roeland Jago Douma [Thu, 18 Jul 2019 13:06:55 +0000 (15:06 +0200)]
Remove deprecated searchByTag
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Arthur Schiwon [Fri, 26 Jul 2019 08:48:34 +0000 (10:48 +0200)]
supresses disclosing the userid for LDAP users in the welcome mail
The userid is not relevant here, and by default cannot be used to login
with. Typically, there is a common type of login names in organizations
(LDAP username or email most often) that does not need to be disclosed.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Roeland Jago Douma [Fri, 26 Jul 2019 06:08:34 +0000 (08:08 +0200)]
Merge pull request #16542 from nextcloud/dependabot/npm_and_yarn/build/fstream-1.0.12
[Security] Bump fstream from 1.0.11 to 1.0.12 in /build
Nextcloud bot [Fri, 26 Jul 2019 02:14:42 +0000 (02:14 +0000)]
[tx-robot] updated from transifex
Morris Jobke [Thu, 25 Jul 2019 15:07:22 +0000 (17:07 +0200)]
Merge pull request #16532 from nextcloud/bugfix/14776/maxcontrast-fix
Fix max contrast retrieval to limit minimum color for relative time
dependabot-preview[bot] [Thu, 25 Jul 2019 14:01:22 +0000 (14:01 +0000)]
[Security] Bump fstream from 1.0.11 to 1.0.12 in /build
Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12. **This update includes a security fix.**
- [Release notes](https://github.com/npm/fstream/releases)
- [Commits](https://github.com/npm/fstream/compare/v1.0.11...v1.0.12)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Roeland Jago Douma [Thu, 25 Jul 2019 11:36:01 +0000 (13:36 +0200)]
Merge pull request #16503 from nextcloud/bugfix/5504/create_new_birthday_calendars_with_VEVENT_only
allow to provide supported calendar component set internally as a string
Morris Jobke [Thu, 25 Jul 2019 07:45:09 +0000 (09:45 +0200)]
Trigger fallback code to get max contrast value and use integer there
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Nextcloud bot [Thu, 25 Jul 2019 02:14:40 +0000 (02:14 +0000)]
[tx-robot] updated from transifex
Morris Jobke [Wed, 24 Jul 2019 19:48:52 +0000 (21:48 +0200)]
Fix max contrast retrieval to limit minimum color for relative time
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Morris Jobke [Wed, 24 Jul 2019 13:15:56 +0000 (15:15 +0200)]
Merge pull request #16528 from nextcloud/shipped-texteditor
Remove files_texteditor from shipped apps
Julius Härtl [Wed, 24 Jul 2019 12:16:17 +0000 (14:16 +0200)]
Remove files_texteditor from shipped apps
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Julius Härtl [Mon, 22 Jul 2019 15:22:05 +0000 (17:22 +0200)]
Add additional check for read permissions
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Julius Härtl [Mon, 22 Jul 2019 14:41:15 +0000 (16:41 +0200)]
Check the if we can actually access the storage cache for recent files
Signed-off-by: Julius Härtl <jus@bitgrid.net>
blizzz [Wed, 24 Jul 2019 10:43:29 +0000 (12:43 +0200)]
Merge pull request #15637 from nextcloud/bugfix/15567/ignore-hidden-share
Allow hidden smb shares
blizzz [Wed, 24 Jul 2019 09:50:40 +0000 (11:50 +0200)]
Merge pull request #16523 from nextcloud/bugfix/noid/nested-recursion-breaking-max-nested-level-for-parent-comment
Nested recursion breaking max nested level for parent comment calculation
Joas Schilling [Wed, 24 Jul 2019 08:39:57 +0000 (10:39 +0200)]
PHPStorm code cleanup
Signed-off-by: Joas Schilling <coding@schilljs.com>
Joas Schilling [Wed, 24 Jul 2019 08:39:22 +0000 (10:39 +0200)]
Get the topmost parent for the parent instead of doing endless recursion
Signed-off-by: Joas Schilling <coding@schilljs.com>
Roeland Jago Douma [Wed, 24 Jul 2019 07:35:20 +0000 (09:35 +0200)]
Merge pull request #16493 from nextcloud/enh/remove-curly-braces
The array and string offset access syntax using curly braces is depre…
Nextcloud bot [Wed, 24 Jul 2019 02:15:37 +0000 (02:15 +0000)]
[tx-robot] updated from transifex