Fix the thorrtler whitelist bitmask

Before we actually didn't check each bit of the bitmask. Now we do.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

[tx-robot] updated from transifex

[tx-robot] updated from transifex

[tx-robot] updated from transifex

[tx-robot] updated from transifex

[tx-robot] updated from transifex

Merge pull request #14096 from nextcloud/dependabot/npm_and_yarn/apps/updatenotification/stable14/lodash-4.17.11

[Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/updatenotification

Merge pull request #14092 from nextcloud/dependabot/npm_and_yarn/apps/oauth2/stable14/lodash-4.17.11

[Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/oauth2

Merge pull request #14090 from nextcloud/dependabot/npm_and_yarn/apps/accessibility/stable14/lodash-4.17.11

[Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/accessibility

Merge pull request #14091 from nextcloud/dependabot/npm_and_yarn/build/stable14/lodash-4.17.11

[Security] Bump lodash from 4.17.10 to 4.17.11 in /build

[Security] Bump lodash in /apps/updatenotification

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.11. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Changelog](https://github.com/lodash/lodash/blob/master/CHANGELOG)
- [Commits](https://github.com/lodash/lodash/compare/4.17.10...4.17.11)

Signed-off-by: dependabot[bot] <support@dependabot.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

[Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/oauth2

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.11. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Changelog](https://github.com/lodash/lodash/blob/master/CHANGELOG)
- [Commits](https://github.com/lodash/lodash/compare/4.17.10...4.17.11)

Signed-off-by: dependabot[bot] <support@dependabot.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Rebuild

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Merge pull request #14089 from nextcloud/dependabot/npm_and_yarn/build/stable14/extend-3.0.2

[Security] Bump extend from 3.0.1 to 3.0.2 in /build

[Security] Bump lodash from 4.17.10 to 4.17.11 in /build

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.11. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Changelog](https://github.com/lodash/lodash/blob/master/CHANGELOG)
- [Commits](https://github.com/lodash/lodash/compare/4.17.10...4.17.11)

Signed-off-by: dependabot[bot] <support@dependabot.com>

[Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/accessibility

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.11. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Changelog](https://github.com/lodash/lodash/blob/master/CHANGELOG)
- [Commits](https://github.com/lodash/lodash/compare/4.17.10...4.17.11)

Signed-off-by: dependabot[bot] <support@dependabot.com>

[Security] Bump extend from 3.0.1 to 3.0.2 in /build

Bumps [extend](https://github.com/justmoon/node-extend) from 3.0.1 to 3.0.2. **This update includes security fixes.**
- [Release notes](https://github.com/justmoon/node-extend/releases)
- [Changelog](https://github.com/justmoon/node-extend/blob/master/CHANGELOG.md)
- [Commits](https://github.com/justmoon/node-extend/compare/v3.0.1...v3.0.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>

Merge pull request #14069 from nextcloud/smb-3.0.1-14

[14] update icewind/smb to 3.0.1

Merge pull request #14062 from nextcloud/version/noid/14.0.7

14.0.7

[tx-robot] updated from transifex

update icewind/smb to 3.0.1

Signed-off-by: Robin Appelman <robin@icewind.nl>

14.0.7

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

[tx-robot] updated from transifex

Merge pull request #13913 from nextcloud/version/noid/14.0.7RC1

14.0.7 RC 1

14.0.7 RC 1

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #13931 from nextcloud/backport/12636/stable14

[stable14] handle mail send error gracefully

Merge pull request #13922 from nextcloud/backport/13644/stable14

[stable14] ignore non existing users when retrieving details of group members

Fix typos and unused return values

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

fix typo

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

log full exception

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

handle mail send error gracefully

log the error in case a notification mail of a new share couldn't
be send to the recipient and finish the share operation successfully

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

ignore non existing users when retrieving details of group members

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #13928 from nextcloud/backport/13786/stable14

[stable14] Remove .css fileending from accessibility user css route

Remove .css fileending from accessibility user css route

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Merge pull request #13923 from nextcloud/backport/13865/stable14

[stable14] fix paged search with multiple bases (LDAP)

Merge pull request #13921 from nextcloud/backport/13412/stable14

[stable14] forward error message from password policy

Merge pull request #13916 from nextcloud/backport/13869/stable14

[stable14] Clean pending 2FA authentication on password reset

Merge pull request #13888 from nextcloud/backport/13883/stable14

[stable14] Fix dropping a folder on a folder row

iterate over bases instead of doing parallel search

parallel search is not compatible with paged search, but the letter is
usually always applied.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

integration test: pages search scenario with multiple bases

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

typo

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

forward error message from password policy

Signed-off-by: Robin Appelman <robin@icewind.nl>

Clean pending 2FA authentication on password reset

When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.

The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Merge pull request #13901 from nextcloud/stable14-13897-fix-updating-the-password-of-a-link-share-when-passwords-are-enforced

[stable14] Fix updating the password of a link share when passwords are enforced

Fix template format

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Fix updating the password of a link share when passwords are enforced

The password input was shown in the popup menu when passwords were not
enforced, or when they were enforced but no password was set, which
prevented updating/changing the password once set. As the popover menu
is shown only when the share is a link share, and the password input
should be shown too when password are enforced and a password is set no
condition is needed, so now the password input is always shown.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Remove unused parameter

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Fix dropping a folder on a folder row

When the uploaded files have a relative path (that is, when a folder is
uploaded) it is first ensured that all the parent folders exist, which
is done by trying to create them. When a folder is created in the
currently opened folder the file list is updated and a row for the new
folder is added. However, this was done too when the folder already
existed, which caused the previous row to be removed and a new one added
to replace it.

For security reasons, some special headers need to be set in requests;
this is done automatically for jQuery by handling the "ajaxSend" event
in the document. In the case of DAV requests, if the headers are not set
the server rejects the request with "CSRF check not passed".

When a file or folder is dropped on a folder row the jQuery upload
events are chained from the initial drop event, which has the row as its
target. In order to upload the file jQuery performs a request, which
triggers the "ajaxSend" event in the row; this event then bubbles up to
the document, which is then handled by adding the special headers to the
request.

However, when a folder was dropped on a folder row that folder row was
removed when ensuring that the folder exists. The jQuery upload events
were still triggered on the row, but as it had been removed it had no
parent nodes, and thus the events did not bubble up. Due to this the
"ajaxSend" event never reached the document when triggered on the
removed row, the headers were not set, and the upload failed.

All this is simply fixed by not removing the folder row when trying to
create it if it existed already.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Merge pull request #13708 from nextcloud/stb14-vcard-avatar-fixes

[stable14] vcard avatar fixes

Merge pull request #13822 from nextcloud/dependabot/npm_and_yarn/build/stable14/bower-1.8.8

[Security] Bump bower from 1.8.4 to 1.8.8 in /build

[tx-robot] updated from transifex

[Security] Bump bower from 1.8.4 to 1.8.8 in /build

Bumps [bower](https://github.com/bower/bower) from 1.8.4 to 1.8.8. **This update includes security fixes.**
- [Release notes](https://github.com/bower/bower/releases)
- [Changelog](https://github.com/bower/bower/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bower/bower/compare/v1.8.4...v1.8.8)

Signed-off-by: dependabot[bot] <support@dependabot.com>

[tx-robot] updated from transifex

Merge pull request #13767 from nextcloud/backport/13747/stable14

[stable14] Honor remember_login_cookie_lifetime

Merge pull request #13788 from nextcloud/stable14-13217-add-acceptance-tests-for-moving-and-copying-files

[stable14] Add acceptance tests for moving and copying files

Add acceptance tests for moving and copying selections to another folder

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Add acceptance tests for moving and copying files to another folder

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Merge pull request #13782 from nextcloud/backport/13772/stable14

[stable14] Show proper default locale

Show proper default locale

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

[tx-robot] updated from transifex

Honor remember_login_cookie_lifetime

If the remember_login_cookie_lifetime is set to 0 this means we do not
want to use remember me at all. In that case we should also not creatae
a remember me cookie and should create a proper temp token.

Further this specifies that is not 0 the remember me time should always
be larger than the session timeout. Because else the behavior is not
really defined.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Merge pull request #13741 from nextcloud/backport/13140/stable14

[stable14] Cache tokens when using swift's v2 authentication

Merge pull request #13763 from nextcloud/backport/13730/stable14

[stable14] Respect user locale in natural sort comparator

Respect user locale in natural sort comparator

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Merge pull request #13745 from nextcloud/backport/13739/stable14

[stable14] cleanup shared lock if changing to exclusive lock failed

[tx-robot] updated from transifex

cleanup shared lock if changing to exclusive lock failed

Signed-off-by: Robin Appelman <robin@icewind.nl>

Bump autoloader

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Cache tokens when using swift's v2 authentication

Signed-off-by: Robin Appelman <robin@icewind.nl>

Merge pull request #13671 from nextcloud/backport/13660/stable14

[stable14] Fix template paramter

Fix template paramter

Else we get shown an error page instead of the correct 403.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

[tx-robot] updated from transifex

Update apps/dav/lib/CardDAV/PhotoCache.php

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Co-Authored-By: skjnldsv <skjnldsv@users.noreply.github.com>

Log failure on parsing

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>

Allow URI as data for vcard PHOTO

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>

[tx-robot] updated from transifex

[tx-robot] updated from transifex

[tx-robot] updated from transifex

Merge pull request #13666 from nextcloud/backport/13664/stable14

[stable14] Use warning background color & primary text color for setting warnings

Use warning background color & primary text color for setting warnings

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #13654 from nextcloud/backport/13650/stable14

[stable14] Fix colorizeSvg with transformations that contain a comma (,)

[tx-robot] updated from transifex

[stable15] Fix colorizeSvg with transformations that contain a comma (,)

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>

Merge pull request #13637 from nextcloud/backport/13634/stable14

[stable14] update URL for federation

[tx-robot] updated from transifex

update URL for federation

Merge pull request #13599 from nextcloud/3rdpart/stable14/pear/archive_tar-1.4.5

[stable14] [3rdparty] Update pear/acrchive_tar to 1.4.5

[tx-robot] updated from transifex

[3rdparty] Update pear/acrchive_tar to 1.4.5

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

[tx-robot] updated from transifex

Merge pull request #13583 from nextcloud/backport/13573/stable14

[stable14] Principals can be principal/user/<name> or principal/<name> from lega…

Principals can be principal/user/<name> or principal/<name> from legacy installs

Signed-off-by: Joas Schilling <coding@schilljs.com>

Merge pull request #13385 from nextcloud/3rdparty/broker-add-timezone-cancel-message-stable14

[stable14][3rdparty] Broker: add timezone to CANCEL messages

Merge pull request #13035 from nextcloud/objectstore-write-exists-14

[14] upload new files in objectstore to a .part path first

[tx-robot] updated from transifex

Merge pull request #13558 from nextcloud/backport/13354/stable14

[stable14] check anonymous OPTIONS requests file in root (not in subdir)

check anonymous OPTIONS requests file in root (not in subdir)

Signed-off-by: Bastien Durel <bastien@durel.org>

[tx-robot] updated from transifex

[tx-robot] updated from transifex

Merge pull request #13516 from nextcloud/version/noid/14.0.6

14.0.6