aboutsummaryrefslogtreecommitdiffstats
path: root/build
Commit message (Collapse)AuthorAgeFilesLines
* fix: Fix psalm taint false-positives by small refactoringsfix/fix-psalm-taint-errors-2Côme Chilliet2025-02-171-36/+0
| | | | | | | Mostly make it clear that we trust admin input or that we correctly escape strings. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Fix false-positive psalm taint errors when outputting plain textCôme Chilliet2025-02-171-8/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Fix psalm taint false-positive by escaping trusted inputCôme Chilliet2025-02-171-8/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Correctly tag json encoding in BaseResponse to fix false-positiveCôme Chilliet2025-02-171-8/+0
| | | | | | …in psalm taint analysis Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Move config.php taint trust upstream directly in OC\Config classCôme Chilliet2025-02-171-34/+0
| | | | | | This solves some false-positive psalm taint errors Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Work around false-positive psalm taint error calling print_r in admin_auditCôme Chilliet2025-02-171-5/+0
| | | | | | | Same issue as var_export, print_r is listed as sink but it’s not when using return:true. Anyway, using the logger context feature is better. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: Correctly flag json encoding methods as escaping html and quotesCôme Chilliet2025-02-171-8/+0
| | | | | | | Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we only use it in JSON output anyway. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: Update psalm-baseline-security.xmlenh/apply-rector-set-to-appsCôme Chilliet2025-02-131-18/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore(rector): Enable Nextcloud 25 set for the apps folderCôme Chilliet2025-02-131-0/+4
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #50689 from nextcloud/fix/migrate-dav-to-eventschore/mail-bisect-ee48cafd200233203a1444dba797ef3eb89a35caCôme Chilliet2025-02-131-6/+0
|\ | | | | fix(dav): Migrate from hooks to user events
| * chore: Update psalm baselineCôme Chilliet2025-02-101-6/+0
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | fix(transifex): Adjust check for translation of appsbugfix/noid/ensure-translation-of-shipped-appsJoas Schilling2025-02-111-4/+9
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #50660 from nextcloud/fix/mime-intJohn Molakvoæ2025-02-061-6/+0
|\ | | | | fix: make sure we process mime extensions as string
| * fix: make sure we process mime extensions as stringskjnldsv2025-02-051-6/+0
| | | | | | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* | fix(provisioning_api): Correct limit for `editUser`Ferdinand Thiessen2025-02-063-1/+19
| | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | fix(FediverseAction): Ensure valid fediverse links are generatedFerdinand Thiessen2025-02-061-0/+8
| | | | | | | | | | | | Harden also for existing values of the profile. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | fix(sharing): Ensure download restrictions are not droppedfix/proper-download-checkFerdinand Thiessen2025-02-041-0/+73
|/ | | | | | | | When a user receives a share with share-permissions but also with download restrictions (hide download or the modern download permission attribute), then re-shares of that share must always also include those restrictions. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #50137 from ↵dependabot[bot]2025-01-301-84/+233
|\ | | | | | | nextcloud/dependabot/composer/build/integration/behat/behat-3.18.1
| * build(deps-dev): bump behat/behat in /build/integrationdependabot/composer/build/integration/behat/behat-3.18.1dependabot[bot]2025-01-111-84/+233
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [behat/behat](https://github.com/Behat/Behat) from 3.16.0 to 3.18.1. - [Release notes](https://github.com/Behat/Behat/releases) - [Changelog](https://github.com/Behat/Behat/blob/master/CHANGELOG.md) - [Commits](https://github.com/Behat/Behat/compare/v3.16.0...v3.18.1) --- updated-dependencies: - dependency-name: behat/behat dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | fix: Harden files scanner for invalid null accessFerdinand Thiessen2025-01-281-15/+0
| | | | | | | | | | | | Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | test: Reset sharing app config after testfix/share-api-create--permissionsFerdinand Thiessen2025-01-281-0/+1
| | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | fix(files_sharing): Respect permissions passed when creating link sharesFerdinand Thiessen2025-01-281-0/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Given: User creates a link or email share with permissions=4 (create only = file drop). Problem: Currently the permissions are automatically extended to permissions = 5 (READ + CREATE). Work around was to create the share and directly update it. Solution: Respect what the user is requesting, create a file drop share. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | Merge pull request #50221 from ↵Kate2025-01-271-0/+27
|\ \ | | | | | | | | | nextcloud/add-integration-tests-for-moving-a-file-from-and-to-a-shared-folder
| * | test: Add integration tests for moving a file from and to a shared folderadd-integration-tests-for-moving-a-file-from-and-to-a-shared-folderDaniel Calviño Sánchez2025-01-271-0/+27
| | | | | | | | | | | | Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* | | fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbugfix/noid/allow-ratelimit-bypassJoas Schilling2025-01-271-5/+0
|/ / | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(TemplateLayout): `core` is not an app but the server itselffix/get-version-of-coreFerdinand Thiessen2025-01-241-9/+0
| | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | fix(dav): default calendar and address book not created on first loginRichard Steinmetz2025-01-232-0/+9
| | | | | | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* | fix(files): more conversion tests and translate error messagesskjnldsv2025-01-171-0/+21
| | | | | | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* | Merge pull request #50162 from nextcloud/fix/improve-ldap-avatar-handlingArthur Schiwon2025-01-161-14/+0
|\ \ | | | | | | Improve ldap avatar handling
| * | chore(psalm): Update baseline to remove fixed errorsfix/improve-ldap-avatar-handlingCôme Chilliet2025-01-131-14/+0
| |/ | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* / chore: add file conversion integration testsfeat/conversion-adjustingskjnldsv2025-01-166-13/+188
|/ | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* chore(federation): cleanup SettingsController and legacy AddServerMiddlewarefeat/auto-accept-trusted-serverskjnldsv2025-01-091-2/+2
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* chore(federation): add trusted server auto accept integration testsskjnldsv2025-01-093-52/+215
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* Merge pull request #49966 from nextcloud/block-dav-move-parentStephan Orbaugh2025-01-072-0/+20
|\ | | | | fix: block moving files to it's own parent with dav
| * fix: block moving files to it's own parent with davblock-dav-move-parentRobin Appelman2025-01-032-0/+20
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Merge pull request #50035 from nextcloud/fix/http/jsonresponse-data-typeJoas Schilling2025-01-071-5/+0
|\ \ | | | | | | fix(HTTP): Adjust JSONResponse data type
| * | fix(HTTP): Adjust JSONResponse data typefix/http/jsonresponse-data-typeprovokateurin2025-01-041-5/+0
| |/ | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* / fix: explicitly ignore nested mounts when transfering ownershipmount-move-checksRobin Appelman2025-01-061-1/+1
|/ | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix(logger): Prevent infinite recursion with log.condition => matchesbugfix/noid/prevent-infitnite-loopJoas Schilling2025-01-031-0/+39
| | | | | | | | | | When we need to check the log condition for a user matches, there is a risk that something on the way checks the log level and would result in an infinite loop. So we simply check if it's a nested call and use the default warning level in that case. Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(security): Update CA certificate bundlenextcloud-command2025-01-011-1/+1
| | | | Signed-off-by: GitHub <noreply@github.com>
* chore: update baselinescan-home-ext-storaeRobin Appelman2024-12-271-8/+0
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* feat(login): add origin check at loginBenjamin Gaussorgues2024-12-052-2/+11
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* fix(ocm): switching to IdentityProofMaxence Lange2024-12-042-4/+22
| | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* feat(ocm): signing ocm requestsMaxence Lange2024-12-041-0/+3
| | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* chore: check enums for since and experimental commentsDaniel Kesselberg2024-12-022-16/+31
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #49224 from nextcloud/build/psalm/unstable-namespaceKate2024-11-292-0/+123
|\
| * build(psalm): Configure unstable namespacebuild/psalm/unstable-namespaceprovokateurin2024-11-122-0/+123
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | Merge pull request #49515 from ↵Joas Schilling2024-11-281-3/+0
|\ \ | | | | | | | | | | | | nextcloud/bugfix/noid/boolean-false-in-multipart-form-data fix(controller): Fix false booleans in multipart/form-data
| * | ci: Remove obsolete baseline entryJoas Schilling2024-11-281-3/+0
| | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | | test(ExternalStorage): Send basic auth during integrations testsLouis Chemineau2024-11-282-19/+38
| | | | | | | | | | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-24 02:48:19 +0000