| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |\
| |
| | |
Add dedicated baseline for OCP
|
| | |
| |
| |
| | |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |\ \
| | |
| | |
| | |
| | | |
nextcloud/make-integration-tests-work-with-both-php-7.3-and-7.4
Make integration tests work with both PHP 7.3 and 7.4
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "Trashbin" and "WebDav" traits were using each other in a circular
dependency ("WebDav" -> "Sharing" -> "Provisioning" -> "BasicStructure"
-> "Trashbin" -> "WebDav"). In PHP 7.3 this worked fine, but in PHP 7.4
the fatal error "Trait 'WebDav' not found in .../Trashbin.php" was
thrown. To solve this now the "TrashBin" trait no longer explicitly uses
"WebDav".
However, due to this change, the class using "TrashBin" is now expected
to also use "WebDav". As the "Trashbin" trait was not needed by most
contexts using the "BasicStructure" trait "Trashbin" was removed from it
and added only to those contexts that actually need it.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |/
|
|
| |
Signed-off-by: GitHub <noreply@github.com>
|
| |\
| |
| |
| | |
nextcloud/dependabot/npm_and_yarn/build/node-sass-5.0.0
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Bumps [node-sass](https://github.com/sass/node-sass) from 4.14.1 to 5.0.0.
- [Release notes](https://github.com/sass/node-sass/releases)
- [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/node-sass/compare/v4.14.1...v5.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
|
| |\ \
| |/
|/|
| |
| | |
nextcloud/dependabot/composer/icewind/streams-0.7.2
Bump icewind/streams from 0.7.1 to 0.7.2
|
| | |
| |
| |
| | |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |/
|
|
| |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
| |
|
|
|
|
| |
Some issues were resolved, hence every CI run shows this diff.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |\
| |
| | |
Unify links to php.net
|
| | |
| |
| |
| |
| |
| | |
Update all links to https://www.php.net/
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
| | |
| |
| |
| | |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| | |
| |
| |
| | |
Signed-off-by: GitHub <noreply@github.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. **This update includes a security fix.**
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
|
| |\ \
| | |
| | | |
Add deck share provider support
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: GitHub <noreply@github.com>
|
| |\ \ \
| |/ /
|/| | |
Phone number validation and search
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Even on solid color images the resizing can cause some small artifacts
that slightly modify the color of certain pixels. Due to this now the
color comparison is no longer strict but fuzzy.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
"sendingAToWithRequesttoken" needs to be used to test some non OCS
endpoints which require the request token to be sent in the request. Now
it is possible to specify the body (or, rather, additional contents
beside the cookies and the request token) for those requests, as it will
be needed for example to upload an avatar.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Until now requests always had "auth" headers either for an admin or a
regular user, depending on the value of "currentUser". Now, if
"currentUser" starts by "anonymous" no "auth" header is sent, which
makes possible to also test requests with users not logged in.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
| |\ \
| | |
| | | |
[3rdparty] Migrate to Opis/Closure
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |/ /
| |
| |
| | |
Signed-off-by: GitHub <noreply@github.com>
|
| |\ \
| | |
| | | |
Allow subscription to indicate that a userlimit is reached
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |\ \ \
| |/ /
|/| | |
dont use system composer for autoload checker
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
this ensures that the same composer version is used by everyone (and ci)
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: GitHub <noreply@github.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: GitHub <noreply@github.com>
|
| | |
| |
| |
| | |
Signed-off-by: GitHub <noreply@github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [vimeo/psalm](https://github.com/vimeo/psalm) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/vimeo/psalm/releases)
- [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| | |
| |
| |
| | |
Signed-off-by: GitHub <noreply@github.com>
|
| |\ \
| | |
| | | |
Fix default internal expiration date
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
