aboutsummaryrefslogtreecommitdiffstats
path: root/lib/base.php
Commit message (Collapse)AuthorAgeFilesLines
* fix: Switch lazy object to enabled by default on PHP 8.4feat/use-php84-lazy-objectsCôme Chilliet2025-06-051-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat: Add a configuration toggle for lazy objects in DICôme Chilliet2025-06-051-0/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #53157 from nextcloud/chore/refactor-coreFerdinand Thiessen2025-06-021-2/+2
|\ | | | | refactor(core): migrate core application to `IBootstrap`
| * fix: make core application bootstrapable by coordinatorchore/refactor-coreFerdinand Thiessen2025-06-021-2/+2
| | | | | | | | | | | | Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | fix: Remove useless legacy autoloaderfix/delete-legacy-autoloaderCôme Chilliet2025-05-271-32/+2
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: Remove useless legacy autoloader for testsfix/cleanup-test-legacy-autoloaderCôme Chilliet2025-05-271-3/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #52810 from ↵Louis2025-05-221-4/+4
|\ | | | | | | nextcloud/artonge/feat/do_not_require_samesite_strict_cookie_on_public.php
| * fix: Move CSRF check from base to PublicAuth for public.phpLouis Chemineau2025-05-211-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment. Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF. So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin. We also add a redirect to be helpful to the user. **Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view. Fix #52482 Signed-off-by: Louis Chemineau <louis@chmn.me>
* | chore: deprecate `OC_Helper::isReadOnlyConfigEnabled`chore/depreate-oc-helper-roFerdinand Thiessen2025-05-171-1/+2
|/ | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #52667 from nextcloud/fix/improve-init-profilingCôme Chilliet2025-05-141-2/+5
|\ | | | | Improve init profiling
| * feat: Improve init a bit, and add more profiling stepsCôme Chilliet2025-05-131-2/+5
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | feat(encryption): Migrate from hooks to eventsCôme Chilliet2025-05-131-7/+8
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* perf: Add config options to trigger individual and sample profiling using ↵perf/excimerJulius Knorr2025-04-221-3/+14
| | | | | | excimer Signed-off-by: Julius Knorr <jus@bitgrid.net>
* fix: Replace all usages of OC_User backend method calls by IUserManagerfix/cleanup-user-backendsCôme Chilliet2025-04-101-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Remove some call and references to deprecated OC_Util classCôme Chilliet2025-04-071-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #51029 from nextcloud/fix/deprecate-oc-template-and-cleanupCôme Chilliet2025-03-101-10/+11
|\ | | | | fix: Deprecate OC_Template, add proper template manager instead
| * fix: Migrate all uses of OCP\Template to OCP\Template\ITemplateManagerCôme Chilliet2025-03-061-1/+1
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
| * fix: Deprecate OC_Template, add proper template manager insteadCôme Chilliet2025-03-061-9/+10
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | fix(base.php): Correct order for booting \OC\Serverbugfix/50619/correctly-init-serverJoas Schilling2025-03-101-28/+31
|/ | | | | | | | | | | | | | | | | A recent change had broken authentication with an older FastCGI Apache2 module, because the IRequest object got initialised before the fix from self::handleAuthHeaders() copied the authentication headers into the correct $_SERVER variables. Since this part is completely independent from any Nextcloud code it is now done as a first thing within the init() call. Additionally similar issues could happen when another class would boot too early and read other global PHP settings like ini values and default timezone, so those are now also moved to the beginning. Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #51000 from nextcloud/fix/federatedfilesharing/group-cleanupStephan Orbaugh2025-03-031-4/+8
|\ | | | | fix(FederatedShareProvider): Delete external shares when groups are deleted or users removed from a group
| * fix(Share20): Convert broken hooks to IEventListenerprovokateurin2025-03-031-4/+8
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | Fix A+ rating when checking with Nextcloud Security Scan.backport/51173/masterDaleBCooper2025-03-021-7/+7
| | | | | | | | | | Due to commit 33d7019 session.cookie_secure=true is not set when accessing /status.php. This results in a degration from A+ to A rating due to missing __Host prefix for nc_sameSiteCookielax and nc_sameSiteCookiestrict cookies.
* | fix: Replace OC_App calls by IAppManagerCôme Chilliet2025-02-241-9/+14
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #48738 from nextcloud/perf/log-high-memory-requestsJulius Knorr2025-02-131-0/+16
|\ | | | | perf: Log requests using high amount of memory as warning
| * perf: Log requests using high amount of memory as warningperf/log-high-memory-requestsJulius Knorr2025-02-131-0/+16
| | | | | | | | Signed-off-by: Julius Knorr <jus@bitgrid.net>
* | fix: Replace isInstalled calls with isEnabledForAnyone or isEnabledForUserCôme Chilliet2025-02-131-4/+4
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Use the new countUsersTotal method where it makes senseCôme Chilliet2025-01-141-2/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(status): Avoid session creation for status requestsavoidStatusSessionsGit'Fellow2024-11-211-0/+7
| | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* fix: Do not check for strict cookie when running webcronfix/cron-strict-cookieFerdinand Thiessen2024-11-071-1/+3
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore(legacy): Introduce public version ct plass and drop version methods ↵clean/version-ocpJulius Knorr2024-09-201-3/+5
| | | | | | from OC_Util Signed-off-by: Julius Knorr <jus@bitgrid.net>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-191-8/+8
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(setup-checks): Ensure URL with webroot worksFerdinand Thiessen2024-09-131-1/+1
| | | | | | | | | | | We basically mock the way `URLGenerator::getAbsoluteURL` works, so we must make sure that the URL might already contain the webroot. Because `baseURL` and `cliURL` also contain the webroot we need to remove the webroot from the URL first. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Daniel <mail@danielkesselberg.de> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(setup): ignore long session login during installationMaxence Lange2024-08-271-1/+6
| | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-251-9/+9
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* (base) Give a hint in web interface if SimpleXML (php-xml) is missingJosh Richards2024-08-161-0/+7
| | | | | | | | | | | | | Fixes #2180 And prevents #31473, #23970, #18610, #15708 Avoids a 500 error and also gives a useful error message on the web interface if this module isn't installed, gets overlooked during a PHP upgrade, etc. While we check for it later, it's too late for session. Inspired by #17163 Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
* fix(session): Log when session_* calls are slowChristoph Wurst2024-08-071-1/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix(occ): Use the const instead of hardcoded string for --debug-log optionCôme Chilliet2024-07-081-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(occ): Move debug log listener setup to a static method, add option for levelCôme Chilliet2024-07-021-9/+2
| | | | | | Also changed option from --debug to --debug-log to avoid conflicts Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(occ): Add a --debug option to output all log levels to the outputCôme Chilliet2024-07-021-0/+12
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: Add SPDX headerAndy Scherzinger2024-05-241-64/+3
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* chore: remove unnecessary ini_setDaniel Kesselberg2024-04-301-1/+0
| | | | | | | | Changing gc_maxlifetime cannot have any effect because this configuration option does not exist. There is a configuration option named session.gc_maxlifetime. I removed the ini_set call because autoconfiguring is error-prone, and the current code could never have worked as intended. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* fix: Fix default values for ini var in lib/base.phpCôme Chilliet2024-04-301-2/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Remove unused endpoint from base.phpCôme Chilliet2024-03-061-15/+0
| | | | | | It’s not called anymore, and app loading cannot break boot anymore Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(updater): hide overwrites from disabled apps list on upgradeMichaIng2024-02-271-1/+7
| | | | | | | | If an incompatible app is enabled manually, it is added to the "app_install_overwrite" array in config.php. Nextcloud upgrades won't disable any app in this array, but they were still shown on the upgrade page and logs as being disabled. This commit assures that only apps which are really disabled, i.e. which are not in the "app_install_overwrite" array, are shown and logged as disabled during upgrades. Signed-off-by: MichaIng <micha@dietpi.com>
* fix: Use DI for Setup class and move away from deprecated methodsCôme Chilliet2024-01-291-11/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(l10n): invalid translation of a numberJohn Molakvoæ2023-10-211-1/+1
| | | | | fix https://github.com/nextcloud/server/issues/35252 Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
* Talk federation authenticationJoas Schilling2023-10-091-0/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove deprecated methods Util::writeLog and DIContainer::logCôme Chilliet2023-09-251-2/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(autoloader): no apcu no side effectsArthur Schiwon2023-09-081-5/+2
| | | | | | | | | | | apcu lead to side effects especially with app management and (soft) inter-dependencies, and lead also to 500 server errors. While we could add management to clear apcu cache in many cases (may stil leave edge cases) the performance benefit is marginally as also class maps are already cached in opcache. Hence, the simple and effective way to go is to not use apcu for autoloading. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* new name of AppEcosystem is AppAPIAlexander Piskun2023-09-061-6/+6
| | | | Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-21 18:49:27 +0000