aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | Merge pull request #24267 from ↵Morris Jobke2020-11-222-54/+3
|\ \ \ \ \ | |_|_|/ / |/| | | | | | | | | | | | | | nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent Auto-wire remaining encryption app services that depend on View
| * | | | Auto-wire remaining encryption app services that depend on ViewMorris Jobke2020-11-221-54/+0
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
| * | | | Allow View to be used via DIMorris Jobke2020-11-211-0/+3
| | |/ / | |/| | | | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | | | Merge pull request #24269 from nextcloud/taint-specializeRoeland Jago Douma2020-11-221-0/+2
|\ \ \ \ | | | | | | | | | | Mark getAppPath as specialized taint
| * | | | Mark getAppPath as specialized taintLukas Reschke2020-11-211-0/+2
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Should remove some false positives. https://psalm.dev/docs/security_analysis/avoiding_false_positives/ Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | | Merge pull request #24268 from nextcloud/add-app-as-sanitizer-for-includeRoeland Jago Douma2020-11-221-0/+1
|\ \ \ \ | | | | | | | | | | Mark cleanAppId as sanitizer for include
| * | | | Mark cleanAppId as sanitizer for includeLukas Reschke2020-11-211-0/+1
| |/ / / | | | | | | | | | | | | | | | | | | | | Should remove a bunch of false positive code scanning results. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | | [tx-robot] updated from transifexNextcloud bot2020-11-226-10/+10
| | | |
* | | | Merge pull request #24276 from ↵John Molakvoæ2020-11-212-7/+7
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | nextcloud/dependabot/npm_and_yarn/vue-material-design-icons-4.11.0 Bump vue-material-design-icons from 4.10.0 to 4.11.0
| * | | | Bump vue-material-design-icons from 4.10.0 to 4.11.0dependabot-preview[bot]2020-11-212-7/+7
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [vue-material-design-icons](https://github.com/robcresswell/vue-material-design-icons) from 4.10.0 to 4.11.0. - [Release notes](https://github.com/robcresswell/vue-material-design-icons/releases) - [Changelog](https://github.com/robcresswell/vue-material-design-icons/blob/dev/CHANGELOG.md) - [Commits](https://github.com/robcresswell/vue-material-design-icons/compare/4.10.0...4.11.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* / / / [tx-robot] updated from transifexNextcloud bot2020-11-216-12/+30
|/ / /
* | | Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-appMorris Jobke2020-11-212-97/+10
|\ \ \ | | | | | | | | Auto-wire as much as possible in the encryption app
| * | | Auto-wire as much as possible in the encryption appMorris Jobke2020-11-202-97/+10
| | | | | | | | | | | | | | | | | | | | | | | | Also cleans up only non-classname services in the server container Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | | | Merge pull request #24246 from LukasReschke/add-taint-flow-analysisMorris Jobke2020-11-214-0/+91
|\ \ \ \ | |/ / / |/| | | Add Psalm Security Analysis
| * | | Add Psalm Taint Flow AnalysisLukas Reschke2020-11-204-0/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the Psalm Security Analysis, as described at https://psalm.dev/docs/security_analysis/ It also adds a plugin for adding input into AppFramework. The results can be viewed in the GitHub Security tab at https://github.com/nextcloud/server/security/code-scanning **Q&A:** Q: Why do you not use the shipped Psalm version? A: I do a lot of changes to the Psalm Taint behaviour. Using released versions is not gonna get us the results we want. Q: How do I improve false positives? A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/ Q: How do I add custom sources? A: https://psalm.dev/docs/security_analysis/custom_taint_sources/ Q: We should run this on apps! A: Yes. Q: What will change in Psalm? A: Quite some of the PHP core functions are not yet marked to propagate the taint. This leads to results where the taint flow is lost. That's something that I am currently working on. Q: Why is the plugin MIT licensed? A: Because its the first of its kind (based on GitHub Code Search) and I want other people to copy it if they want to. Security is for all :) Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | | Merge pull request #24257 from nextcloud/nc-commentsMorris Jobke2020-11-201-2/+2
|\ \ \ \ | | | | | | | | | | Simple typo in comments
| * | | | Simple typo in commentsCarlos Ferreira2020-11-201-2/+2
| | |/ / | |/| |
* | | | Merge pull request #24242 from essys/patch-1Morris Jobke2020-11-201-1/+1
|\ \ \ \ | | | | | | | | | | Update ScanLegacyFormat.php
| * | | | Update ScanLegacyFormat.phpessys2020-11-201-1/+1
| | | | | | | | | | | | | | | Fixed a small typo on line 99.
* | | | | Merge pull request #24254 from nextcloud/enh/lint_php8Morris Jobke2020-11-201-1/+1
|\ \ \ \ \ | |_|/ / / |/| | | | Also lint php8
| * | | | Also lint php8Roeland Jago Douma2020-11-201-1/+1
| |/ / / | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | Merge pull request #24062 from ↵Morris Jobke2020-11-204-3/+50
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | nextcloud/revert-24060-revert-24039-faster-installation Revert "Revert "Installation goes brrrr""
| * | | Don't drop the table anymore when we create it againJoas Schilling2020-11-161-0/+1
| | | | | | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * | | Revert "Revert "Installation goes brrrr""Joas Schilling2020-11-113-3/+49
| | | |
* | | | Merge pull request #24241 from ↵Roeland Jago Douma2020-11-202-0/+8
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | nextcloud/enh/harden_EncryptionLegacyCipher_repair Harden EncryptionLegacyCipher a bit
| * | | | Harden EncryptionLegacyCipher a bitRoeland Jago Douma2020-11-202-0/+8
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | | Merge pull request #24243 from nextcloud/techdebt/composer-require-libxmlRoeland Jago Douma2020-11-202-4/+8
|\ \ \ \ \ | |_|_|/ / |/| | | | Require libxml in composer
| * | | | Require xmlreader via composerChristoph Wurst2020-11-202-4/+6
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * | | | Require libxml in composerChristoph Wurst2020-11-202-1/+3
|/ / / / | | | | | | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | | | Merge pull request #24234 from nextcloud/dependabot/composer/vimeo/psalm-4.2.0Roeland Jago Douma2020-11-202-95/+42
|\ \ \ \ | |/ / / |/| | | Bump vimeo/psalm from 4.1.1 to 4.2.0
| * | | Bump vimeo/psalm from 4.1.1 to 4.2.0dependabot-preview[bot]2020-11-202-132/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [vimeo/psalm](https://github.com/vimeo/psalm) from 4.1.1 to 4.2.0. - [Release notes](https://github.com/vimeo/psalm/releases) - [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | | | Merge pull request #24235 from ↵Roeland Jago Douma2020-11-201-37/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | nextcloud-pr-bot/automated/noid/psalm-baseline-update [Automated] Update psalm-baseline.xml
| * | | | Update psalm baselineNextcloud-PR-Bot2020-11-201-37/+1
|/ / / / | | | | | | | | | | | | Signed-off-by: GitHub <noreply@github.com>
* / / / [tx-robot] updated from transifexNextcloud bot2020-11-206-10/+10
|/ / /
* | | Merge pull request #24017 from nextcloud/enh/share_expirationMorris Jobke2020-11-192-25/+43
|\ \ \ | | | | | | | | Make the expire shares cron job actually expire the shares
| * | | Make the expire shares cron job actually expire the sharesRoeland Jago Douma2020-11-192-25/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now we just delete the shares from the DB. Which is efficient sure. But doesn't trigger any real cleanup. So no Admin audit entries or any other post processing is done. This makes sure we really trigger this. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | Merge pull request #24203 from nextcloud/enh/search_regex_file_sharesMorris Jobke2020-11-191-0/+16
|\ \ \ \ | | | | | | | | | | Use regex when searching on single file shares
| * | | | Limit shared cache search if it is just a fileRoeland Jago Douma2020-11-191-0/+16
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | | Merge pull request #24211 from nextcloud/bugfix/noid/theming-imageMorris Jobke2020-11-191-4/+5
|\ \ \ \ \ | | | | | | | | | | | | Fix setting images through occ for theming
| * | | | | Fix setting images through occ for themingJulius Härtl2020-11-191-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | | | | | Merge pull request #24007 from nextcloud/select-distinct-multipleMorris Jobke2020-11-192-1/+45
|\ \ \ \ \ \ | | | | | | | | | | | | | | allow selecting multiple columns with SELECT DISTINCT
| * | | | | | allow selecting multiple columns with SELECT DISTINCTRobin Appelman2020-11-162-1/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | | | | | | Merge pull request #24103 from ↵Morris Jobke2020-11-191-1/+1
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nextcloud/bugfix/noid/groupfolder-share-object-storage Only check path for being accessible when the storage is a object home
| * | | | | | | Only check path for being accessible when the storage is a object homeJulius Härtl2020-11-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | | | | | | | Merge pull request #24164 from nextcloud/fix/lazy-app-registrationMorris Jobke2020-11-194-14/+26
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Allow lazy app registration
| * | | | | | | | Allow lazy app registrationChristoph Wurst2020-11-184-14/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During app installation we run migration steps. Those steps may use services the app registers or classes from composer. Hence we have to make sure the app runs through the registration. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | | | | | | | | Merge pull request #24094 from nextcloud/bugfix/noid/trash-appdataMorris Jobke2020-11-191-1/+1
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Only attempt to move to trash if a file is not in appdata
| * | | | | | | | | Only attempt to move to trash if a file is not in appdataJulius Härtl2020-11-131-1/+1
| | |/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | | | | | | | | Merge pull request #24225 from nextcloud/enh/dataresponse_typehintsMorris Jobke2020-11-191-4/+4
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fix DataResponse typehints
| * | | | | | | | | Fix DataResponse typehintsRoeland Jago Douma2020-11-191-4/+4
|/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We use this already in several places where we just pass strings or numbers. This all works because we just convert it to a json response in the end. So better to have the typehints reflect this. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 15:23:22 +0000