nextcloud

Commit Graph

Author	SHA1	Message	Date
Morris Jobke	1f06bc246c	Declare func() as safe method in phan We added a special `func()` method to the query builder, which is a plain text function by definition. It uses the string and does no escaping on purpose. It has the potential for an injection but requiring to add the "supress warning" to all surrounding code makes it harder to spot actual problems, that this plugin want to find. So it's better to only need to check the func() and not all the surrounding code as well. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
John Molakvoæ (skjnldsv)	3e5ea9b0a9	Return proper boolean user enabled state api Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	6 years ago
Morris Jobke	2c15f4003e	Add auth token to github requests Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Daniel Calviño Sánchez	1d7bf328f8	Make possible to provide "--tags=XXX" parameter to Behat "--tags=XXX" limits the features or scenarios to be run to those matching the tag filter expression. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	6 years ago
Daniel Calviño Sánchez	65bc12960f	Add integration tests for zip32/zip64 boundaries of number of files Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	6 years ago
Daniel Calviño Sánchez	6ee5469a03	Add integration tests for downloading basic zip files Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	6 years ago
Daniel Calviño Sánchez	5a7986c25d	Fix use of data directory in integration tests The data directory is not necessarily located at "../..". The proper directory is now got by running "php console.php config:system:get datadirectory". Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	6 years ago
John Molakvoæ (skjnldsv)	762002ec2e	Fixed tests Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	6 years ago
Arthur Schiwon	011dab246d	tests for systemtags related to numeric user ids Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	6 years ago
Arthur Schiwon	a5a0a938f2	test creating comments with numeric user ids Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	6 years ago
Robin Appelman	a815185bb4	fix redundant namespace Signed-off-by: Robin Appelman <robin@icewind.nl>	6 years ago
Robin Appelman	359ccbc023	Adjust integration tests to new guzzle Signed-off-by: Robin Appelman <robin@icewind.nl>	6 years ago
Morris Jobke	23f9ef54e3	Remove old perl script to update l10n files Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Roeland Jago Douma	c715045749	Fix CI after Code of Conduct merge Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Thomas Müller	74df27b7a7	Add integration tests for length header on new chunking Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	7 years ago
Daniel Calviño Sánchez	173f28a09d	Add unit tests for the navigation bar slide gesture The slide gesture is enabled or disabled depending on the width of the browser window. In order to easily control that width the karma-viewport plugin is now used in the unit tests. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	6 years ago
Robin Appelman	74b5ce8fd4	Some tests for the remote cloud api Signed-off-by: Robin Appelman <robin@icewind.nl>	6 years ago
Morris Jobke	a51a8fbcaf	Federation actually sends an email via Share 2.0 Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Morris Jobke	c930f70b52	Harden phan checks to catch more errors Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Julius Härtl	7006b739b0	Remove brackets for invalid mail addresses when updating the license header Signed-off-by: Julius Härtl <jus@bitgrid.net>	6 years ago
Morris Jobke	31c5c2a592	Change @georgehrke's email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Daniel Calviño Sánchez	555d582f35	Return whether the file is readable or not in the DAV permissions Until now it was safe to assume that every file was readable by its owner, so there was no need to return whether the file was readable or not. However, with the introduction of end to end encryption that is no longer the case, and it is now necessary to explicitly provide that information. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	6 years ago
Roeland Jago Douma	2f36744aff	Update phan config Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	ab20a64ed4	DAV Autoloader Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	112b0d57a8	Comments Autoloader Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	ce7c9dfe8a	Admin Audit autoloader Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	ff9f325677	Ignore composer stuff in phan Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	5d7d96dc45	Update autoload checker Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	17bd2fb268	Phan is moved to a new repo Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Robin Appelman	f0c7b8f264	show diff in autoload checker Signed-off-by: Robin Appelman <robin@icewind.nl>	6 years ago
Joas Schilling	242c9ee06c	No more root file Signed-off-by: Joas Schilling <coding@schilljs.com>	7 years ago
Roeland Jago Douma	02b9388fc6	Move image-optimization.sh to build dir * We should not ship this! Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Lukas Reschke	3d2600b039	Add Phan plugin to check for SQL injections This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues. As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections. The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	591aaa4154	Add workaround for https://github.com/etsy/phan/issues/1033 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	d8ec399454	Run phan over code base Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Morris Jobke	844e7b03b4	Add test to check if new files are added to the root of the repository Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Lukas Reschke	633396001f	Prevent sending second WWW-Authenticate header Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard. Fixes https://github.com/nextcloud/server/issues/5088 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	b8de3f40ee	Bearer comes first on the new endpoint Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	639ba526d0	Adjust realm from SabreDAV to Nextcloud Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	f93db724d7	Make legacy DAV backend use the BearerAuth backend as well Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	538112181f	Add additional test for accessing DAV using Bearer Auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	f2a01e1b08	Use a standardized Bearer now Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	a4116220cb	Add app to autoenabled provisioning API scenario Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Morris Jobke	692e056df9	Extract app name and navigation entries for l10n Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Morris Jobke	865cd487c4	Split up sharing-v1-part2.feature to avoid timeouts Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Vincent Petry	d379b197d5	Fix forbidden backslash DAV integration tests	7 years ago
Sergio Bertolin	a761d4cce7	Added test cases from core 16825	7 years ago
Vincent Petry	9bff66e68d	Simplified new endpoint move test	7 years ago
Vincent Petry	c30feafaa2	Added case when final chunk move must not change file id	7 years ago

1 2 3 4 5 ...

458 Commits (0771dad57fc9683b9abf694fb57a1cb91ca67aa2)