diff options
Diffstat (limited to 'lib/public')
| -rw-r--r-- | lib/public/AppFramework/Http/ContentSecurityPolicy.php | 2 | ||||
| -rw-r--r-- | lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 24 | ||||
| -rw-r--r-- | lib/public/Comments/IComment.php | 22 | ||||
| -rw-r--r-- | lib/public/Comments/ICommentsManager.php | 28 | ||||
| -rw-r--r-- | lib/public/Files/StorageNotAvailableException.php | 2 | ||||
| -rw-r--r-- | lib/public/IDBConnection.php | 8 |
6 files changed, 83 insertions, 3 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php index 082aa0206c7..17844497f94 100644 --- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php @@ -24,8 +24,6 @@ namespace OCP\AppFramework\Http; -use OCP\AppFramework\Http; - /** * Class ContentSecurityPolicy is a simple helper which allows applications to * modify the Content-Security-Policy sent by ownCloud. Per default only JavaScript, diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php index 4fca1588e7f..ae4ceef1923 100644 --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php @@ -38,6 +38,8 @@ use OCP\AppFramework\Http; class EmptyContentSecurityPolicy { /** @var bool Whether inline JS snippets are allowed */ protected $inlineScriptAllowed = null; + /** @var string Whether JS nonces should be used */ + protected $useJsNonce = null; /** * @var bool Whether eval in JS scripts is allowed * TODO: Disallow per default @@ -74,6 +76,7 @@ class EmptyContentSecurityPolicy { * @param bool $state * @return $this * @since 8.1.0 + * @deprecated 10.0 CSP tokens are now used */ public function allowInlineScript($state = false) { $this->inlineScriptAllowed = $state; @@ -81,6 +84,18 @@ class EmptyContentSecurityPolicy { } /** + * Use the according JS nonce + * + * @param string $nonce + * @return $this + * @since 9.2.0 + */ + public function useJsNonce($nonce) { + $this->useJsNonce = $nonce; + return $this; + } + + /** * Whether eval in JavaScript is allowed or forbidden * @param bool $state * @return $this @@ -323,6 +338,15 @@ class EmptyContentSecurityPolicy { if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) { $policy .= 'script-src '; + if(is_string($this->useJsNonce)) { + $policy .= '\'nonce-'.base64_encode($this->useJsNonce).'\''; + $allowedScriptDomains = array_flip($this->allowedScriptDomains); + unset($allowedScriptDomains['\'self\'']); + $this->allowedScriptDomains = array_flip($allowedScriptDomains); + if(count($allowedScriptDomains) !== 0) { + $policy .= ' '; + } + } if(is_array($this->allowedScriptDomains)) { $policy .= implode(' ', $this->allowedScriptDomains); } diff --git a/lib/public/Comments/IComment.php b/lib/public/Comments/IComment.php index bb997a07223..8210d4c8c7e 100644 --- a/lib/public/Comments/IComment.php +++ b/lib/public/Comments/IComment.php @@ -133,6 +133,28 @@ interface IComment { public function setMessage($message); /** + * returns an array containing mentions that are included in the comment + * + * @return array each mention provides a 'type' and an 'id', see example below + * @since 9.2.0 + * + * The return array looks like: + * [ + * [ + * 'type' => 'user', + * 'id' => 'citizen4' + * ], + * [ + * 'type' => 'group', + * 'id' => 'media' + * ], + * … + * ] + * + */ + public function getMentions(); + + /** * returns the verb of the comment * * @return string diff --git a/lib/public/Comments/ICommentsManager.php b/lib/public/Comments/ICommentsManager.php index 98169fb335f..6a32cfd803d 100644 --- a/lib/public/Comments/ICommentsManager.php +++ b/lib/public/Comments/ICommentsManager.php @@ -246,4 +246,32 @@ interface ICommentsManager { */ public function registerEventHandler(\Closure $closure); + /** + * registers a method that resolves an ID to a display name for a given type + * + * @param string $type + * @param \Closure $closure + * @throws \OutOfBoundsException + * @since 9.2.0 + * + * Only one resolver shall be registered per type. Otherwise a + * \OutOfBoundsException has to thrown. + */ + public function registerDisplayNameResolver($type, \Closure $closure); + + /** + * resolves a given ID of a given Type to a display name. + * + * @param string $type + * @param string $id + * @return string + * @throws \OutOfBoundsException + * @since 9.2.0 + * + * If a provided type was not registered, an \OutOfBoundsException shall + * be thrown. It is upon the resolver discretion what to return of the + * provided ID is unknown. It must be ensured that a string is returned. + */ + public function resolveDisplayName($type, $id); + } diff --git a/lib/public/Files/StorageNotAvailableException.php b/lib/public/Files/StorageNotAvailableException.php index a28a66f2510..b6a5a70718a 100644 --- a/lib/public/Files/StorageNotAvailableException.php +++ b/lib/public/Files/StorageNotAvailableException.php @@ -58,7 +58,7 @@ class StorageNotAvailableException extends HintException { */ public function __construct($message = '', $code = self::STATUS_ERROR, \Exception $previous = null) { $l = \OC::$server->getL10N('core'); - parent::__construct($message, $l->t('Storage not available'), $code, $previous); + parent::__construct($message, $l->t('Storage is temporarily not available'), $code, $previous); } /** diff --git a/lib/public/IDBConnection.php b/lib/public/IDBConnection.php index 188e715aba0..31706342228 100644 --- a/lib/public/IDBConnection.php +++ b/lib/public/IDBConnection.php @@ -251,4 +251,12 @@ interface IDBConnection { * @since 9.0.0 */ public function escapeLikeParameter($param); + + /** + * Check whether or not the current database support 4byte wide unicode + * + * @return bool + * @since 9.2.0 + */ + public function supports4ByteText(); } |