Otherwise an administrator could bypass sudo mode by installing an app that allows RCE by design. I've by intention excluded the update endpoint from the requirement because updating apps should be as unintruisive as possible.
Not the cleanest approach by adding this to the AJAX endpoints instead of requiring a controller but for 11 this felt safer for me. We can clean this up together later then. (also the other AJAX endpoints in this folder do have the same logic)
Ref https://github.com/nextcloud/server/issues/2487
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
The previous Regex worked for an iPhone with version "10.0" but not with "10.0.1" which was wrong. I modified the Regex to also match for those situations.
I also added a Regex for the iPad
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
The enabled page doesn't pass through "getAppsForCategory" thus it also needs to have that special logic applied.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
That field is already there and looking at the code this seems to have been missed on a rebase.
Fixes https://github.com/nextcloud/server/issues/2222
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Otherwise when adding a user as subadmin this would throw the following JS error:
```
users.js?v=bc2aae7…:500 Uncaught TypeError: Cannot read property 'message' of undefined(…)(anonymous function) @ users.js?v=bc2aae7…:500j @ jquery.js:3099fireWith @ jquery.js:3211x @ jquery.js:8264(anonymous function) @ jquery.js:8605
```
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Fixes several error messages when installing an app from the appstore, including:
```
Illegal offset type in isset or empty at /media/psf/stable9/lib/private/legacy/app.php#662
Illegal offset type at /media/psf/stable9/lib/private/legacy/app.php#663
Illegal offset type at /media/psf/stable9/lib/private/legacy/app.php#661
Object of class OC_App could not be converted to string at /media/psf/stable9/lib/private/legacy/app.php#81
trim() expects parameter 1 to be string, object given at /media/psf/stable9/lib/private/legacy/app.php#628
```
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>