diff options
| -rw-r--r-- | .drone.yml | 53 | ||||
| -rw-r--r-- | core/js/files/client.js | 2 | ||||
| -rw-r--r-- | core/js/js.js | 4 | ||||
| -rw-r--r-- | core/js/setupchecks.js | 6 | ||||
| -rw-r--r-- | core/js/tests/specs/setupchecksSpec.js | 17 | ||||
| -rw-r--r-- | lib/versioncheck.php | 6 |
6 files changed, 69 insertions, 19 deletions
diff --git a/.drone.yml b/.drone.yml index 8d07ee1d722..2ceccc4de9a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -89,6 +89,14 @@ pipeline: when: matrix: TESTS: syntax-php7.2 + syntax-php7.3: + image: nextcloudci/php7.3:php7.3-1 + commands: + - composer install + - ./lib/composer/bin/parallel-lint --exclude lib/composer/jakub-onderka/ --exclude 3rdparty/symfony/polyfill-php70/Resources/stubs/ --exclude 3rdparty/patchwork/utf8/src/Patchwork/Utf8/Bootup/ --exclude 3rdparty/paragonie/random_compat/lib/ --exclude lib/composer/composer/autoload_static.php --exclude 3rdparty/composer/autoload_static.php --exclude 3rdparty/doctrine/cache/lib/Doctrine/Common/Cache/RiakCache.php . + when: + matrix: + TESTS: syntax-php7.3 phan: image: nextcloudci/php7.2:php7.2-12 commands: @@ -214,6 +222,14 @@ pipeline: matrix: DB: NODB PHP: 7.2 + nodb-php7.3: + image: nextcloudci/php7.3:php7.3-1 + commands: + - NOCOVERAGE=true TEST_SELECTION=NODB ./autotest.sh sqlite + when: + matrix: + DB: NODB + PHP: 7.3 sqlite-php7.0: image: nextcloudci/php7.0:php7.0-19 commands: @@ -238,6 +254,14 @@ pipeline: matrix: DB: sqlite PHP: 7.2 + sqlite-php7.3: + image: nextcloudci/php7.3:php7.3-1 + commands: + - NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh sqlite + when: + matrix: + DB: sqlite + PHP: 7.3 mysql-php7.0: image: nextcloudci/php7.0:php7.0-19 commands: @@ -262,6 +286,14 @@ pipeline: matrix: DB: mysql PHP: 7.2 + mysql-php7.3: + image: nextcloudci/php7.3:php7.3-1 + commands: + - NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh mysql + when: + matrix: + DB: mysql + PHP: 7.3 mysql5.6-php7.0: image: nextcloudci/php7.0:php7.0-19 commands: @@ -336,6 +368,14 @@ pipeline: matrix: DB: mysqlmb4 PHP: 7.2 + mysqlmb4-php7.3: + image: nextcloudci/php7.3:php7.3-1 + commands: + - NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh mysqlmb4 + when: + matrix: + DB: mysqlmb4 + PHP: 7.3 integration-capabilities_features: image: nextcloudci/integration-php7.0:integration-php7.0-8 commands: @@ -804,6 +844,9 @@ matrix: - DB: NODB PHP: 7.2 ENABLE_REDIS: false + - DB: NODB + PHP: 7.3 + ENABLE_REDIS: false - DB: sqlite PHP: 7.0 ENABLE_REDIS: true @@ -813,6 +856,9 @@ matrix: - DB: sqlite PHP: 7.2 ENABLE_REDIS: false + - DB: sqlite + PHP: 7.3 + ENABLE_REDIS: false - DB: mysql PHP: 7.0 ENABLE_REDIS: true @@ -822,6 +868,9 @@ matrix: - DB: mysql PHP: 7.2 ENABLE_REDIS: false + - DB: mysql + PHP: 7.3 + ENABLE_REDIS: false - DB: mysql5.6 PHP: 7.0 ENABLE_REDIS: true @@ -855,6 +904,9 @@ matrix: - DB: mysqlmb4 PHP: 7.2 ENABLE_REDIS: false + - DB: mysqlmb4 + PHP: 7.3 + ENABLE_REDIS: false - TESTS: integration-capabilities_features - TESTS: integration-federation_features - TESTS: integration-maintenance-mode @@ -912,6 +964,7 @@ matrix: - TESTS: syntax-php7.0 - TESTS: syntax-php7.1 - TESTS: syntax-php7.2 + - TESTS: syntax-php7.3 - TESTS: phan - TESTS: litmus-v1 - TESTS: litmus-v2 diff --git a/core/js/files/client.js b/core/js/files/client.js index aa450df1773..f3838dd359a 100644 --- a/core/js/files/client.js +++ b/core/js/files/client.js @@ -281,8 +281,6 @@ path = path.substr(0, path.length - 1); } - path = decodeURIComponent(path); - if (response.propStat.length === 0 || response.propStat[0].status !== 'HTTP/1.1 200 OK') { return null; } diff --git a/core/js/js.js b/core/js/js.js index e7e1c301bb5..d78b0159cfa 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -1383,10 +1383,12 @@ function initCore() { */ function initSessionHeartBeat() { // interval in seconds - var interval = 900; + var interval = NaN; if (oc_config.session_lifetime) { interval = Math.floor(oc_config.session_lifetime / 2); } + interval = isNaN(interval)? 900: interval; + // minimum one minute interval = Math.max(60, interval); // max interval in seconds set to 24 hours diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index 62f0fb10c10..de329a8ca5c 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -447,15 +447,17 @@ (xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'no-referrer' && xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'no-referrer-when-downgrade' && xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'strict-origin' && - xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'strict-origin-when-cross-origin')) { + xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'strict-origin-when-cross-origin' && + xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'same-origin')) { messages.push({ - msg: t('core', 'The "{header}" HTTP header is not set to "{val1}", "{val2}", "{val3}" or "{val4}". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" href="{link}">W3C Recommendation ↗</a>.', + msg: t('core', 'The "{header}" HTTP header is not set to "{val1}", "{val2}", "{val3}", "{val4}" or "{val5}". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" href="{link}">W3C Recommendation ↗</a>.', { header: 'Referrer-Policy', val1: 'no-referrer', val2: 'no-referrer-when-downgrade', val3: 'strict-origin', val4: 'strict-origin-when-cross-origin', + val5: 'same-origin', link: 'https://www.w3.org/TR/referrer-policy/' }), type: OC.SetupChecks.MESSAGE_TYPE_INFO diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index 38a39cdd746..d16032a5cf5 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -830,7 +830,7 @@ describe('OC.SetupChecks tests', function() { msg: 'The "X-Permitted-Cross-Domain-Policies" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING }, { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin" or "strict-origin-when-cross-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', + msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', type: OC.SetupChecks.MESSAGE_TYPE_INFO } ]); @@ -975,7 +975,7 @@ describe('OC.SetupChecks tests', function() { }); }); - it('should return a message if Referrer-Policy is set to same-origin', function(done) { + it('should return no message if Referrer-Policy is set to same-origin', function(done) { protocolStub.returns('https'); var result = OC.SetupChecks.checkGeneric(); @@ -991,12 +991,7 @@ describe('OC.SetupChecks tests', function() { }); result.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin" or "strict-origin-when-cross-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_INFO - } - ]); + expect(data).toEqual([]); done(); }); }); @@ -1019,7 +1014,7 @@ describe('OC.SetupChecks tests', function() { result.done(function( data, s, x ){ expect(data).toEqual([ { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin" or "strict-origin-when-cross-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', + msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', type: OC.SetupChecks.MESSAGE_TYPE_INFO } ]); @@ -1045,7 +1040,7 @@ describe('OC.SetupChecks tests', function() { result.done(function( data, s, x ){ expect(data).toEqual([ { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin" or "strict-origin-when-cross-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', + msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', type: OC.SetupChecks.MESSAGE_TYPE_INFO } ]); @@ -1071,7 +1066,7 @@ describe('OC.SetupChecks tests', function() { result.done(function( data, s, x ){ expect(data).toEqual([ { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin" or "strict-origin-when-cross-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', + msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the <a href="https://www.w3.org/TR/referrer-policy/" rel="noreferrer noopener">W3C Recommendation ↗</a>.', type: OC.SetupChecks.MESSAGE_TYPE_INFO } ]); diff --git a/lib/versioncheck.php b/lib/versioncheck.php index 48e16471967..739c045f6df 100644 --- a/lib/versioncheck.php +++ b/lib/versioncheck.php @@ -9,10 +9,10 @@ if (version_compare(PHP_VERSION, '7.0') === -1) { exit(-1); } -// Show warning if > PHP 7.2 is used as Nextcloud is not compatible with > PHP 7.2 for now -if (version_compare(PHP_VERSION, '7.3.0') !== -1) { +// Show warning if > PHP 7.3 is used as Nextcloud is not compatible with > PHP 7.3 for now +if (version_compare(PHP_VERSION, '7.4.0') !== -1) { http_response_code(500); - echo 'This version of Nextcloud is not compatible with > PHP 7.2.<br/>'; + echo 'This version of Nextcloud is not compatible with > PHP 7.3.<br/>'; echo 'You are currently running ' . PHP_VERSION . '.'; exit(-1); } |