summaryrefslogtreecommitdiffstats
path: root/lib/private
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | added CORS skip if session was created by AppAPIAlexander Piskun2023-10-091-0/+4
|/ / / | | | | | | | | | Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
* | | fix(user): Log affected user of app token login name mismatchChristoph Wurst2023-10-061-0/+2
| | | | | | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | | fix ocm-provider rewrite rulesMaxence Lange2023-10-051-1/+1
|/ / | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | Store size in int|float for 32bit supportCôme Chilliet2023-09-252-4/+7
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | ocm servicesMaxence Lange2023-09-225-73/+506
|/ | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* Merge pull request #40379 from nextcloud/backport/38808/stable27Arthur Schiwon2023-09-214-4/+6
|\ | | | | [stable27] Fix issues where unencrypted_size was being falsely used for non-encrypted home folders
| * fix: Only read unencrypted_size when file is actually encryptedJulius Härtl2023-09-122-3/+3
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * fix: Only store unencrypted_size if path should be encryptedJulius Härtl2023-09-122-1/+3
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | fix(comments): Use provided offset in best effort when loading commentsJoas Schilling2023-09-191-0/+16
| | | | | | | | | | | | | | | | | | When we didn't find the "$lastKnownComment" the whole condition was ignored. Now we still use the ID as an offset. This is required as a fall-back for expired messages in Talk and deleted comments in other apps. Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Wrap mimetype insert and getLastInsertId in a transactionLucas Azevedo2023-09-161-7/+9
| | | | | | | | Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
* | fix(mimetype): Remove unnecessary transaction when storing a mime typeLucas Azevedo2023-09-161-26/+22
|/ | | | | | | | | | | | Fixes #40064. This could be fixed by adding a rollback and starting a new transaction before the SELECT query, but in this case that would have the same effect as not using one. See https://dev.mysql.com/doc/refman/8.0/en/innodb-autocommit-commit-rollback.html and https://www.postgresql.org/docs/7.1/sql-begin.html#R1-SQL-BEGIN-1 Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
* fix(autoloader): no apcu no side effectsArthur Schiwon2023-09-081-1/+2
| | | | | | | | | | | apcu lead to side effects especially with app management and (soft) inter-dependencies, and lead also to 500 server errors. While we could add management to clear apcu cache in many cases (may stil leave edge cases) the performance benefit is marginally as also class maps are already cached in opcache. Hence, the simple and effective way to go is to not use apcu for autoloading. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* only determine quota_include_external_storage once for quota wrapperRobin Appelman2023-09-072-4/+6
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* better caching in storage stats calculationsRobin Appelman2023-09-071-7/+12
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* reuse dependencies from wrapped cacheRobin Appelman2023-09-071-3/+11
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge pull request #40286 from nextcloud/backport/40233/stable27Arthur Schiwon2023-09-072-2/+16
|\ | | | | [stable27] Detect aborted connection in OC\Files\View and stop writing data to t…
| * Detect aborted connection in OC\Files\View and stop writing data to the ↵Benjamin Gaussorgues2023-09-062-2/+16
| | | | | | | | | | | | output buffer Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | fix(ratelimit): Only use memory cache backend for redisJoas Schilling2023-09-061-2/+2
| | | | | | | | Signed-off-by: Anna Larch <anna@nextcloud.com>
* | Merge pull request #40231 from nextcloud/sharing-mask-wrapper-27Arthur Schiwon2023-09-068-114/+123
|\ \ | |/ |/| [27] move share permission logic to storage wrapper
| * cleanup di for share permissions wrapperRobin Appelman2023-09-045-116/+115
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
| * more share permission logic to storage wrapperRobin Appelman2023-09-044-10/+20
| | | | | | | | | | | | this way we only have to determine the share permissions once Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Merge pull request #40258 from nextcloud/backport/40234/stable27Arthur Schiwon2023-09-051-0/+4
|\ \ | | | | | | [stable27] enh: skip processing for empty response
| * | enh: skip processing for empty responseDaniel Kesselberg2023-09-041-0/+4
| |/ | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Merge pull request #40227 from nextcloud/backport/40195/stable27Arthur Schiwon2023-09-051-1/+2
|\ \ | | | | | | [stable27] fix: prevent sharing permissions on user root folder
| * | fix: prevent sharing permissions on user root folderJohn Molakvoæ2023-09-041-1/+2
| |/ | | | | | | Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
* / fix(s3): fix handling verify_bucket_exists parameterThomas Citharel2023-08-311-1/+1
|/ | | | | | | | If 'verify_bucket_exists' is set to false in the config.php s3 configuration, it's supposed to avoid verifying that the bucket exists. However empty(falsy) will always return true, so this condition would not work. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* feat: add switch to disable dns pinningDaniel Kesselberg2023-08-301-2/+4
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #40080 from nextcloud/backport/40077/stable27Joas Schilling2023-08-292-0/+12
|\ | | | | [stable27] fix(cache): Remove displayname cache entry on delete
| * fix(cache): Remove displayname cache entry on deleteJoas Schilling2023-08-282-0/+12
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(CalDAV): check voject exists before attempting any operationAnna Larch2023-08-281-5/+35
| | | | | | | | Signed-off-by: Anna Larch <anna@nextcloud.com>
* | Use nullsafe call syntax instead of additionnal checkCôme Chilliet2023-08-281-1/+1
| | | | | | | | Co-authored-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
* | Set files_sharing:hide_disabled_user_shares to 'yes' to hide shares from ↵Côme Chilliet2023-08-281-5/+19
|/ | | | | | disabled users Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix user log.condition featureCôme Chilliet2023-08-251-8/+12
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(middleware): Fix header injection for bruteforce middlewareJoas Schilling2023-08-231-5/+1
| | | | | | | Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons So shifting back to old standard practise for now Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix: Make bypass function public APIJoas Schilling2023-08-232-7/+8
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat: Expose if the own IP is allowed to bypass bruteforce protectionJoas Schilling2023-08-232-22/+12
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat: Add a header which signals that the request was throttledJoas Schilling2023-08-231-4/+14
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add a "testing mode" for bruteforce protection that doesn't ↵Joas Schilling2023-08-231-2/+6
| | | | | | sleep Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add a bruteforce protection backend base on memcacheJoas Schilling2023-08-235-126/+442
| | | | | | Similar to the ratelimit backend Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #39934 from nextcloud/backport/39481/stable27Julius Härtl2023-08-221-16/+24
|\
| * fix: don't emit Hooks when hookpaths are emptyAnna Larch2023-08-211-16/+24
| | | | | | | | Signed-off-by: Anna Larch <anna@nextcloud.com>
* | Merge pull request #39949 from nextcloud/backport/39770/stable27Julius Härtl2023-08-221-0/+5
|\ \ | |/ |/|
| * fix: always use display name from correct backendMax2023-08-171-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Overwrite the display name after the account is initialized when using an instacne of IGetDisplayNameBackend. Before when using a variation of user_oidc and registering a Backend.php implementing IGetDisplayNameBackend the personal setting page shows 'uid'. The UserManager/AccountManager seems not to use consistently the correct backend. The correct backend is used in this sequence: server/lib/private/TemplateLayout.php $userDisplayName = \OC_User::getDisplayName(); $this->assign(user_displayname, $userDisplayName); In the settings page, it definitely not calls the registered backend, but seems to fall back to default Backend and shows (usually) uid or a value from the standard account property table. Signed-off-by: Max <max@nextcloud.com>
* | fix(memcache): Fix comparison of Memcache configs to classesJoas Schilling2023-08-171-7/+9
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix: Prevent PHP warnings when optional CacheEntry attributes are unsetFerdinand Thiessen2023-08-172-4/+4
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* select the fileid first when looking for incomplete filesRobin Appelman2023-08-141-5/+9
| | | | | | this seems to improve mariadbs index selection Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge pull request #39722 from nextcloud/backport/39698/stable27John Molakvoæ2023-08-111-1/+1
|\
| * fix: simplify `sourceData` checkJohn Molakvoæ2023-08-051-1/+1
| | | | | | | | Co-authored-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
| * Catch more invalid cache source storage pathsJosh Richards2023-08-051-1/+1
| | | | | | | | | | | | | | | | | | | | OC\Files\Cache\Cache::get can return string|false|null, not just string|false. - nextcloud/server#26270 added handling of false, but null is needed too. - Well, or we change the default $resullt to false, but I'm not sure if that has other ramifications and the real need here is to simply catch situations where the cache source storage path is not valid for whatever reason Related: nextcloud/server#19009 Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
* | log imaginary errors as info to not spam the server logsSimon L2023-08-101-2/+2
| | | | | | | | Signed-off-by: Simon L <szaimen@e.mail.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-21 22:07:32 +0000