25 files changed, 83 insertions, 55 deletions

diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
index b80c7887591..bdf33d73c29 100644
--- a/lib/private/Accounts/AccountManager.php
+++ b/lib/private/Accounts/AccountManager.php
@@ -220,7 +220,7 @@ class AccountManager implements IAccountManager {
 		foreach ($properties as $property) {
 			if (strlen($property->getValue()) > 2048) {
 				if ($throwOnData) {
-					throw new InvalidArgumentException();
+					throw new InvalidArgumentException($property->getName());
 				} else {
 					$property->setValue('');
 				}
diff --git a/lib/private/Avatar/Avatar.php b/lib/private/Avatar/Avatar.php
index 3bd58bb7681..f0e14ad8b2f 100644
--- a/lib/private/Avatar/Avatar.php
+++ b/lib/private/Avatar/Avatar.php
@@ -38,7 +38,6 @@ namespace OC\Avatar;
 
 use Imagick;
 use OC\Color;
-use OC_Image;
 use OCP\Files\NotFoundException;
 use OCP\IAvatar;
 use Psr\Log\LoggerInterface;
@@ -106,7 +105,7 @@ abstract class Avatar implements IAvatar {
 			return false;
 		}
 
-		$avatar = new OC_Image();
+		$avatar = new \OCP\Image();
 		$avatar->loadFromData($file->getContent());
 		return $avatar;
 	}
@@ -148,7 +147,7 @@ abstract class Avatar implements IAvatar {
 			$avatar->setFont($font);
 			$avatar->readImageBlob($svg);
 			$avatar->setImageFormat('png');
-			$image = new OC_Image();
+			$image = new \OCP\Image();
 			$image->loadFromData((string)$avatar);
 			$data = $image->data();
 			return $data === null ? false : $data;
diff --git a/lib/private/Avatar/AvatarManager.php b/lib/private/Avatar/AvatarManager.php
index 77138085dc9..ec9bed40850 100644
--- a/lib/private/Avatar/AvatarManager.php
+++ b/lib/private/Avatar/AvatarManager.php
@@ -136,20 +136,23 @@ class AvatarManager implements IAvatarManager {
 			$avatarScope = '';
 		}
 
-		if (
+		switch ($avatarScope) {
 			// v2-private scope hides the avatar from public access and from unknown users
-			$avatarScope === IAccountManager::SCOPE_PRIVATE
-			&& (
-				// accessing from public link
-				$requestingUser === null
-				// logged in, but unknown to user
-				|| !$this->knownUserService->isKnownToUser($requestingUser->getUID(), $userId)
-			)) {
-			// use a placeholder avatar which caches the generated images
-			return new PlaceholderAvatar($folder, $user, $this->logger);
+			case IAccountManager::SCOPE_PRIVATE:
+				if ($requestingUser !== null && $this->knownUserService->isKnownToUser($requestingUser->getUID(), $userId)) {
+					return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config);
+				}
+				break;
+			case IAccountManager::SCOPE_LOCAL:
+			case IAccountManager::SCOPE_FEDERATED:
+			case IAccountManager::SCOPE_PUBLISHED:
+				return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config);
+			default:
+				// use a placeholder avatar which caches the generated images
+				return new PlaceholderAvatar($folder, $user, $this->logger);
 		}
 
-		return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config);
+		return new PlaceholderAvatar($folder, $user, $this->logger);
 	}
 
 	/**
diff --git a/lib/private/Avatar/UserAvatar.php b/lib/private/Avatar/UserAvatar.php
index b46e4816fa2..6cca5a1c355 100644
--- a/lib/private/Avatar/UserAvatar.php
+++ b/lib/private/Avatar/UserAvatar.php
@@ -31,7 +31,6 @@ namespace OC\Avatar;
 
 use OC\NotSquareException;
 use OC\User\User;
-use OC_Image;
 use OCP\Files\NotFoundException;
 use OCP\Files\NotPermittedException;
 use OCP\Files\SimpleFS\ISimpleFile;
@@ -130,7 +129,7 @@ class UserAvatar extends Avatar {
 			return $data;
 		}
 
-		$img = new OC_Image();
+		$img = new \OCP\Image();
 		if (
 			(is_resource($data) && get_resource_type($data) === 'gd') ||
 			(is_object($data) && get_class($data) === \GdImage::class)
@@ -279,7 +278,7 @@ class UserAvatar extends Avatar {
 					$data = $this->generateAvatar($this->getDisplayName(), $size);
 				}
 			} else {
-				$avatar = new OC_Image();
+				$avatar = new \OCP\Image();
 				$file = $this->folder->getFile('avatar.' . $ext);
 				$avatar->loadFromData($file->getContent());
 				$avatar->resize($size);
diff --git a/lib/private/Comments/Manager.php b/lib/private/Comments/Manager.php
index 4a06ac62f1e..b7532222c33 100644
--- a/lib/private/Comments/Manager.php
+++ b/lib/private/Comments/Manager.php
@@ -1258,8 +1258,6 @@ class Manager implements ICommentsManager {
 	}
 
 	private function sumReactions(string $parentId): void {
-		$qb = $this->dbConn->getQueryBuilder();
-
 		$totalQuery = $this->dbConn->getQueryBuilder();
 		$totalQuery
 			->selectAlias(
@@ -1273,7 +1271,7 @@ class Manager implements ICommentsManager {
 			)
 			->selectAlias($totalQuery->func()->count('id'), 'total')
 			->from('reactions', 'r')
-			->where($totalQuery->expr()->eq('r.parent_id', $qb->createNamedParameter($parentId)))
+			->where($totalQuery->expr()->eq('r.parent_id', $totalQuery->createNamedParameter($parentId)))
 			->groupBy('r.reaction')
 			->orderBy('total', 'DESC')
 			->addOrderBy('r.reaction', 'ASC')
@@ -1291,9 +1289,10 @@ class Manager implements ICommentsManager {
 			)
 			->from($jsonQuery->createFunction('(' . $totalQuery->getSQL() . ')'), 'json');
 
+		$qb = $this->dbConn->getQueryBuilder();
 		$qb
 			->update('comments')
-			->set('reactions', $jsonQuery->createFunction('(' . $jsonQuery->getSQL() . ')'))
+			->set('reactions', $qb->createFunction('(' . $jsonQuery->getSQL() . ')'))
 			->where($qb->expr()->eq('id', $qb->createNamedParameter($parentId)))
 			->executeStatement();
 	}
diff --git a/lib/private/Encryption/Util.php b/lib/private/Encryption/Util.php
index 693e24c4721..174af2e8b89 100644
--- a/lib/private/Encryption/Util.php
+++ b/lib/private/Encryption/Util.php
@@ -304,7 +304,7 @@ class Util {
 			$storageService = \OC::$server->get(GlobalStoragesService::class);
 			$storages = $storageService->getAllStorages();
 			foreach ($storages as $storage) {
-				if (strpos($path, '/files/' . $storage->getMountPoint()) === 0) {
+				if (strpos($path, '/files/' . ltrim($storage->getMountPoint(), '/')) === 0) {
 					if ($this->isMountPointApplicableToUser($storage, $uid)) {
 						return true;
 					}
diff --git a/lib/private/Federation/CloudFederationProviderManager.php b/lib/private/Federation/CloudFederationProviderManager.php
index c25d4a40363..f077e36d97d 100644
--- a/lib/private/Federation/CloudFederationProviderManager.php
+++ b/lib/private/Federation/CloudFederationProviderManager.php
@@ -150,11 +150,12 @@ class CloudFederationProviderManager implements ICloudFederationProviderManager
 				return (is_array($result)) ? $result : [];
 			}
 		} catch (\Exception $e) {
+			$this->logger->debug($e->getMessage(), ['exception' => $e]);
+
 			// if flat re-sharing is not supported by the remote server
 			// we re-throw the exception and fall back to the old behaviour.
 			// (flat re-shares has been introduced in Nextcloud 9.1)
 			if ($e->getCode() === Http::STATUS_INTERNAL_SERVER_ERROR) {
-				$this->logger->debug($e->getMessage(), ['exception' => $e]);
 				throw $e;
 			}
 		}
diff --git a/lib/private/Files/ObjectStore/ObjectStoreStorage.php b/lib/private/Files/ObjectStore/ObjectStoreStorage.php
index adb3928b28a..898f64d97c2 100644
--- a/lib/private/Files/ObjectStore/ObjectStoreStorage.php
+++ b/lib/private/Files/ObjectStore/ObjectStoreStorage.php
@@ -335,6 +335,7 @@ class ObjectStoreStorage extends \OC\Files\Storage\Common {
 				$handle = fopen($tmpFile, $mode);
 				return CallbackWrapper::wrap($handle, null, null, function () use ($path, $tmpFile) {
 					$this->writeBack($tmpFile, $path);
+					unlink($tmpFile);
 				});
 			case 'a':
 			case 'ab':
@@ -352,6 +353,7 @@ class ObjectStoreStorage extends \OC\Files\Storage\Common {
 				$handle = fopen($tmpFile, $mode);
 				return CallbackWrapper::wrap($handle, null, null, function () use ($path, $tmpFile) {
 					$this->writeBack($tmpFile, $path);
+					unlink($tmpFile);
 				});
 		}
 		return false;
diff --git a/lib/private/Files/SetupManager.php b/lib/private/Files/SetupManager.php
index 040ba6b898f..876514b473c 100644
--- a/lib/private/Files/SetupManager.php
+++ b/lib/private/Files/SetupManager.php
@@ -380,13 +380,9 @@ class SetupManager {
 			return;
 		}
 
-		// for the user's home folder, it's always the home mount
-		if (rtrim($path) === "/" . $user->getUID() . "/files") {
-			if ($includeChildren) {
-				$this->setupForUser($user);
-			} else {
-				$this->oneTimeUserSetup($user);
-			}
+		// for the user's home folder, and includes children we need everything always
+		if (rtrim($path) === "/" . $user->getUID() . "/files" && $includeChildren) {
+			$this->setupForUser($user);
 			return;
 		}
 
@@ -403,6 +399,10 @@ class SetupManager {
 			return;
 		}
 
+		if (!$this->isSetupStarted($user)) {
+			$this->oneTimeUserSetup($user);
+		}
+
 		$mounts = [];
 		if (!in_array($cachedMount->getMountProvider(), $setupProviders)) {
 			$setupProviders[] = $cachedMount->getMountProvider();
diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php
index ee8a8c7d161..4996572a40e 100644
--- a/lib/private/Files/Storage/Local.php
+++ b/lib/private/Files/Storage/Local.php
@@ -15,6 +15,7 @@
  * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  * @author Klaas Freitag <freitag@owncloud.com>
  * @author Lukas Reschke <lukas@statuscode.ch>
+ * @author Martin Brugnara <martin@0x6d62.eu>
  * @author Michael Gapczynski <GapczynskiM@gmail.com>
  * @author Morris Jobke <hey@morrisjobke.de>
  * @author Robin Appelman <robin@icewind.nl>
@@ -66,6 +67,8 @@ class Local extends \OC\Files\Storage\Common {
 
 	private IMimeTypeDetector $mimeTypeDetector;
 
+	private $defUMask;
+
 	public function __construct($arguments) {
 		if (!isset($arguments['datadir']) || !is_string($arguments['datadir'])) {
 			throw new \InvalidArgumentException('No data directory set for local storage');
@@ -84,6 +87,7 @@ class Local extends \OC\Files\Storage\Common {
 		$this->dataDirLength = strlen($this->realDataDir);
 		$this->config = \OC::$server->get(IConfig::class);
 		$this->mimeTypeDetector = \OC::$server->get(IMimeTypeDetector::class);
+		$this->defUMask = $this->config->getSystemValue('localstorage.umask', 0022);
 	}
 
 	public function __destruct() {
@@ -95,7 +99,7 @@ class Local extends \OC\Files\Storage\Common {
 
 	public function mkdir($path) {
 		$sourcePath = $this->getSourcePath($path);
-		$oldMask = umask(022);
+		$oldMask = umask($this->defUMask);
 		$result = @mkdir($sourcePath, 0777, true);
 		umask($oldMask);
 		return $result;
@@ -273,7 +277,7 @@ class Local extends \OC\Files\Storage\Common {
 		if ($this->file_exists($path) and !$this->isUpdatable($path)) {
 			return false;
 		}
-		$oldMask = umask(022);
+		$oldMask = umask($this->defUMask);
 		if (!is_null($mtime)) {
 			$result = @touch($this->getSourcePath($path), $mtime);
 		} else {
@@ -292,7 +296,7 @@ class Local extends \OC\Files\Storage\Common {
 	}
 
 	public function file_put_contents($path, $data) {
-		$oldMask = umask(022);
+		$oldMask = umask($this->defUMask);
 		$result = file_put_contents($this->getSourcePath($path), $data);
 		umask($oldMask);
 		return $result;
@@ -365,7 +369,7 @@ class Local extends \OC\Files\Storage\Common {
 		if ($this->is_dir($path1)) {
 			return parent::copy($path1, $path2);
 		} else {
-			$oldMask = umask(022);
+			$oldMask = umask($this->defUMask);
 			$result = copy($this->getSourcePath($path1), $this->getSourcePath($path2));
 			umask($oldMask);
 			return $result;
@@ -373,7 +377,7 @@ class Local extends \OC\Files\Storage\Common {
 	}
 
 	public function fopen($path, $mode) {
-		$oldMask = umask(022);
+		$oldMask = umask($this->defUMask);
 		$result = fopen($this->getSourcePath($path), $mode);
 		umask($oldMask);
 		return $result;
diff --git a/lib/private/Files/Stream/SeekableHttpStream.php b/lib/private/Files/Stream/SeekableHttpStream.php
index af797c7720d..820a681bd07 100644
--- a/lib/private/Files/Stream/SeekableHttpStream.php
+++ b/lib/private/Files/Stream/SeekableHttpStream.php
@@ -24,6 +24,7 @@
 namespace OC\Files\Stream;
 
 use Icewind\Streams\File;
+use Icewind\Streams\Wrapper;
 
 /**
  * A stream wrapper that uses http range requests to provide a seekable stream for http reading
@@ -92,6 +93,18 @@ class SeekableHttpStream implements File {
 		}
 
 		$responseHead = stream_get_meta_data($this->current)['wrapper_data'];
+
+		while ($responseHead instanceof Wrapper) {
+			$wrapperOptions = stream_context_get_options($responseHead->context);
+			foreach ($wrapperOptions as $options) {
+				if (isset($options['source']) && is_resource($options['source'])) {
+					$responseHead = stream_get_meta_data($options['source'])['wrapper_data'];
+					continue 2;
+				}
+			}
+			throw new \Exception("Failed to get source stream from stream wrapper of " . get_class($responseHead));
+		}
+
 		$rangeHeaders = array_values(array_filter($responseHead, function ($v) {
 			return preg_match('#^content-range:#i', $v) === 1;
 		}));
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index 273eba35446..ba555cff438 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -201,7 +201,8 @@ class Checker {
 			if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
 				$oldMimetypeList = new GenerateMimetypeFileBuilder();
 				$newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
-				if ($newFile === file_get_contents($filename)) {
+				$oldFile = $this->fileAccessHelper->file_get_contents($filename);
+				if ($newFile === $oldFile) {
 					$hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
 					continue;
 				}
diff --git a/lib/private/Preview/Bitmap.php b/lib/private/Preview/Bitmap.php
index f7c8cf3543b..ffe5bc88856 100644
--- a/lib/private/Preview/Bitmap.php
+++ b/lib/private/Preview/Bitmap.php
@@ -68,7 +68,7 @@ abstract class Bitmap extends ProviderV2 {
 		$this->cleanTmpFiles();
 
 		//new bitmap image object
-		$image = new \OC_Image();
+		$image = new \OCP\Image();
 		$image->loadFromData((string) $bp);
 		//check if image object is valid
 		return $image->valid() ? $image : null;
diff --git a/lib/private/Preview/Bundled.php b/lib/private/Preview/Bundled.php
index 063c69ba5dd..df7f630dff7 100644
--- a/lib/private/Preview/Bundled.php
+++ b/lib/private/Preview/Bundled.php
@@ -43,7 +43,7 @@ abstract class Bundled extends ProviderV2 {
 			$zip = new ZIP($sourceTmp);
 			$zip->extractFile($path, $targetTmp);
 
-			$image = new \OC_Image();
+			$image = new \OCP\Image();
 			$image->loadFromFile($targetTmp);
 			$image->fixOrientation();
 
diff --git a/lib/private/Preview/Generator.php b/lib/private/Preview/Generator.php
index d52191544f3..ef44188da74 100644
--- a/lib/private/Preview/Generator.php
+++ b/lib/private/Preview/Generator.php
@@ -217,7 +217,7 @@ class Generator {
 
 		// Free memory being used by the embedded image resource.  Without this the image is kept in memory indefinitely.
 		// Garbage Collection does NOT free this memory.  We have to do it ourselves.
-		if ($maxPreviewImage instanceof \OC_Image) {
+		if ($maxPreviewImage instanceof \OCP\Image) {
 			$maxPreviewImage->destroy();
 		}
 
diff --git a/lib/private/Preview/HEIC.php b/lib/private/Preview/HEIC.php
index 7ce6b93ba3b..ec200defce8 100644
--- a/lib/private/Preview/HEIC.php
+++ b/lib/private/Preview/HEIC.php
@@ -89,7 +89,7 @@ class HEIC extends ProviderV2 {
 		$this->cleanTmpFiles();
 
 		//new bitmap image object
-		$image = new \OC_Image();
+		$image = new \OCP\Image();
 		$image->loadFromData((string) $bp);
 		//check if image object is valid
 		return $image->valid() ? $image : null;
diff --git a/lib/private/Preview/Image.php b/lib/private/Preview/Image.php
index 4bf0cb7a3d4..55e1220b56a 100644
--- a/lib/private/Preview/Image.php
+++ b/lib/private/Preview/Image.php
@@ -45,7 +45,7 @@ abstract class Image extends ProviderV2 {
 			return null;
 		}
 
-		$image = new \OC_Image();
+		$image = new \OCP\Image();
 
 		$fileName = $this->getLocalFile($file);
 
diff --git a/lib/private/Preview/MP3.php b/lib/private/Preview/MP3.php
index dec838b6e5a..47d752af477 100644
--- a/lib/private/Preview/MP3.php
+++ b/lib/private/Preview/MP3.php
@@ -56,7 +56,7 @@ class MP3 extends ProviderV2 {
 		}
 
 		if (!is_null($picture)) {
-			$image = new \OC_Image();
+			$image = new \OCP\Image();
 			$image->loadFromData($picture);
 
 			if ($image->valid()) {
diff --git a/lib/private/Preview/MarkDown.php b/lib/private/Preview/MarkDown.php
index 929f319f57d..d3806ce6c0e 100644
--- a/lib/private/Preview/MarkDown.php
+++ b/lib/private/Preview/MarkDown.php
@@ -137,7 +137,7 @@ class MarkDown extends TXT {
 			}
 		}
 
-		$imageObject = new \OC_Image();
+		$imageObject = new \OCP\Image();
 		$imageObject->setResource($image);
 
 		return $imageObject->valid() ? $imageObject : null;
diff --git a/lib/private/Preview/Movie.php b/lib/private/Preview/Movie.php
index 781cbad1954..5cb66a00881 100644
--- a/lib/private/Preview/Movie.php
+++ b/lib/private/Preview/Movie.php
@@ -145,7 +145,7 @@ class Movie extends ProviderV2 {
 		exec($cmd, $output, $returnCode);
 
 		if ($returnCode === 0) {
-			$image = new \OC_Image();
+			$image = new \OCP\Image();
 			$image->loadFromFile($tmpPath);
 			if ($image->valid()) {
 				unlink($tmpPath);
diff --git a/lib/private/Preview/Office.php b/lib/private/Preview/Office.php
index 570988aa684..6717584e887 100644
--- a/lib/private/Preview/Office.php
+++ b/lib/private/Preview/Office.php
@@ -83,7 +83,7 @@ abstract class Office extends ProviderV2 {
 			return null;
 		}
 
-		$image = new \OC_Image();
+		$image = new \OCP\Image();
 		$image->loadFromData((string) $png);
 
 		$this->cleanTmpFiles();
diff --git a/lib/private/Preview/SVG.php b/lib/private/Preview/SVG.php
index a4ce4899c43..fd472083533 100644
--- a/lib/private/Preview/SVG.php
+++ b/lib/private/Preview/SVG.php
@@ -68,7 +68,7 @@ class SVG extends ProviderV2 {
 		}
 
 		//new image object
-		$image = new \OC_Image();
+		$image = new \OCP\Image();
 		$image->loadFromData((string) $svg);
 		//check if image object is valid
 		if ($image->valid()) {
diff --git a/lib/private/Preview/TXT.php b/lib/private/Preview/TXT.php
index bb3af6b90de..f5a68f92be4 100644
--- a/lib/private/Preview/TXT.php
+++ b/lib/private/Preview/TXT.php
@@ -103,7 +103,7 @@ class TXT extends ProviderV2 {
 			}
 		}
 
-		$imageObject = new \OC_Image();
+		$imageObject = new \OCP\Image();
 		$imageObject->setResource($image);
 
 		return $imageObject->valid() ? $imageObject : null;
diff --git a/lib/private/Repair/RepairMimeTypes.php b/lib/private/Repair/RepairMimeTypes.php
index 61512627258..5b216331dc7 100644
--- a/lib/private/Repair/RepairMimeTypes.php
+++ b/lib/private/Repair/RepairMimeTypes.php
@@ -211,6 +211,15 @@ class RepairMimeTypes implements IRepairStep {
 		return $this->updateMimetypes($updatedMimetypes);
 	}
 
+	private function introduceOnlyofficeFormType() {
+		$updatedMimetypes = [
+			"oform" => "application/vnd.openxmlformats-officedocument.wordprocessingml.document.oform",
+			"docxf" => "application/vnd.openxmlformats-officedocument.wordprocessingml.document.docxf",
+		];
+
+		return $this->updateMimetypes($updatedMimetypes);
+	}
+
 
 	/**
 	 * Fix mime types
@@ -260,5 +269,9 @@ class RepairMimeTypes implements IRepairStep {
 		if (version_compare($ocVersionFromBeforeUpdate, '23.0.0.2', '<') && $this->introduceFlatOpenDocumentType()) {
 			$out->info('Fixed Flat OpenDocument mime types');
 		}
+
+		if (version_compare($ocVersionFromBeforeUpdate, '25.0.0.2', '<') && $this->introduceOnlyofficeFormType()) {
+			$out->info('Fixed ONLYOFFICE Forms OpenXML mime types');
+		}
 	}
 }
diff --git a/lib/private/User/User.php b/lib/private/User/User.php
index de9af35f541..c5306d1df27 100644
--- a/lib/private/User/User.php
+++ b/lib/private/User/User.php
@@ -555,15 +555,9 @@ class User implements IUser {
 		return $uid . '@' . $server;
 	}
 
-	/**
-	 * @param string $url
-	 * @return string
-	 */
-	private function removeProtocolFromUrl($url) {
+	private function removeProtocolFromUrl(string $url): string {
 		if (strpos($url, 'https://') === 0) {
 			return substr($url, strlen('https://'));
-		} elseif (strpos($url, 'http://') === 0) {
-			return substr($url, strlen('http://'));
 		}
 
 		return $url;