summaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework/Http/Request.php
Commit message (Collapse)AuthorAgeFilesLines
* Update license headersChristoph Wurst2020-12-301-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #22916 from J0WI/unifiy-links-to-php.netRoeland Jago Douma2020-12-221-1/+1
|\ | | | | Unify links to php.net
| * Unify links to php.netJ0WI2020-09-171-1/+1
| | | | | | | | | | | | Update all links to https://www.php.net/ Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* | Merge pull request #24730 from J0WI/fix-trusted-ipv6Julius Härtl2020-12-211-1/+1
|\ \ | | | | | | Fix IPv6 localhost regex
| * | Fix IPv6 localhost regexJ0WI2020-12-161-1/+1
| | | | | | | | | | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* | | Update all license headers for Nextcloud 21Christoph Wurst2020-12-161-1/+1
|/ / | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Make $vars and $secureRandom required.Daniel Kesselberg2020-12-101-2/+2
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Format code to a single space around binary operatorsChristoph Wurst2020-10-051-2/+2
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update the license headers for Nextcloud 20Christoph Wurst2020-08-241-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix PHPDoc of IRequest::getHeaderGeorg Ehrke2020-07-141-1/+1
| | | | Signed-off-by: Georg Ehrke <developer@georgehrke.com>
* Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validatingJoas Schilling2020-07-021-0/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update license headers for 19Christoph Wurst2020-04-291-2/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format code according to PSR2Christoph Wurst2020-04-101-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add visibility to all constantsChristoph Wurst2020-04-101-11/+11
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-101-34/+30
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use elseif instead of else ifChristoph Wurst2020-04-101-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove space between switch case and colonChristoph Wurst2020-04-091-3/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix multiline commentsChristoph Wurst2020-04-081-33/+33
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make getServerHost more robust to faulty user inputDaniel Kesselberg2020-01-161-7/+7
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Modify regex to match some other chromium browsersDaniel Kesselberg2019-12-271-1/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Update license headersChristoph Wurst2019-12-051-3/+9
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Always return overwritehost if configuredJulius Härtl2019-11-281-0/+5
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Remove duplicate codeDaniel Kesselberg2019-10-081-5/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Remove duplicate functionalityb108@volgograd2019-01-201-5/+1
| | | | | | This functionality implemented in the next line: $requestUri = preg_replace('%/{2,}%', '/', $requestUri);
* Only trust the X-FORWARDED-HOST header for trusted proxiesRoeland Jago Douma2018-12-171-2/+8
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #12036 from olivermg/masterMorris Jobke2018-10-301-1/+39
|\ | | | | Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
| * Adding handling of CIDR notation to trusted_proxies for IPv4Oliver Wegner2018-10-301-1/+39
| | | | | | | | Signed-off-by: Oliver Wegner <void1976@gmail.com>
* | Add REMOTE_ADDR to getHeaderDaniel Kesselberg2018-10-251-2/+6
|/ | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* ensure we always return an array from `Request::getParams`Robin Appelman2018-08-281-1/+1
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Fix commentsRoeland Jago Douma2018-02-221-2/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix proper typesRoeland Jago Douma2018-02-221-2/+10
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make Request strictRoeland Jago Douma2018-02-221-53/+59
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Request->getHeader() should always return a stringMorris Jobke2018-01-171-3/+2
| | | | | | | | PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant. Found while enabling the strict_typing for lib/private for the PHP7+ migration. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Also check for empty content lenthRoeland Jago Douma2017-12-141-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headersMorris Jobke2017-11-061-0/+3
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Handle SameSiteCookie check for index.php in AppFramework MiddlewareRoeland Jago Douma2017-09-241-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* If there is no content don't errorRoeland Jago Douma2017-08-091-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix L10N::tRoeland Jago Douma2017-08-011-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add IPv6 to “localhost” regex (#440)coderkun2017-05-141-1/+1
| | | | Signed-off-by: Oliver Hanraths <olli@coderkun.de>
* Use constantsJoas Schilling2017-04-131-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Reorder the entries of the log for easier readingJuan Pablo Villafáñez2017-04-121-1/+2
|
* Don't try to parse empty body if there is no bodyRoeland Jago Douma2017-04-041-0/+2
| | | | | | | | | | | | Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* dont require strict same site cookies for ocs requestsRoeland Jago Douma2017-03-091-0/+3
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix detection of the new iOS appJoas Schilling2017-02-101-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* oc_token should be nc_tokenChristoph Wurst2017-02-021-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Harden cookies more appropriateLukas Reschke2016-11-231-2/+31
| | | | | | | | | | This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening. See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications. Fixes https://github.com/nextcloud/server/issues/1412 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Identify Chromium as ChromeJoas Schilling2016-10-261-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #797 from nextcloud/only-match-for-auth-cookieJoas Schilling2016-08-311-2/+15
|\ | | | | Match only for actual session cookie
| * Match only for actual session cookieLukas Reschke2016-08-091-2/+15
| | | | | | | | OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
* | Remove reading PATH_INFO from server variableLukas Reschke2016-08-191-4/+0
| | | | | | | | | | | | Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used. Fixes https://github.com/nextcloud/server/issues/983
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-10 20:36:45 +0000