aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge branch 'master' into jr-readdir-false-falseJohn Molakvoæ2024-08-16866-29418/+24979
|\| | | | | Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
| * feat(webauthn): Add user verification to webauthn challengesS1m2024-08-153-8/+27
| | | | | | | | | | | | | | | | Require user verification if all tokens are registered with UV flag, else discourage it Signed-off-by: S1m <git@sgougeon.fr> Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
| * Merge pull request #45435 from nextcloud/feat/dav/upcoming-events-apiChristoph Wurst2024-08-141-0/+1
| |\ | | | | | | feat(dav): Add an API for upcoming events
| | * feat(dav): Add an API for upcoming eventsChristoph Wurst2024-08-131-0/+1
| | | | | | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * | Merge pull request #43573 from nextcloud/HolgerHees-fix-csp-nonce-handlingFerdinand Thiessen2024-08-134-6/+20
| |\ \ | | | | | | | | Fix for ignored `CSP_NONCE` in ContentSecurity Header
| | * | feat: Provide CSP nonce as `<meta>` elementFerdinand Thiessen2024-08-133-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| | * | fix: Make sure CSP nonce is not double base64 encodedFerdinand Thiessen2024-08-131-1/+4
| | | | | | | | | | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| | * | fix: Use `CSP_NONCE` env variable in ContentSecurity HeaderHolger Hees2024-08-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available. Signed-off-by: Holger Hees <holger.hees@gmail.com>
| * | | feat(auth): Clean-up unused auth tokens and wipe tokensChristoph Wurst2024-08-132-9/+21
| | |/ | |/| | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * | Merge pull request #47180 from ↵Côme Chilliet2024-08-132-2/+45
| |\ \ | | |/ | |/| | | | | | | nextcloud/fix/apply-group-limit-on-remove-from-group Apply group limit on remove from group
| | * fix: Remove shares only if there are no more common groups between usersCôme Chilliet2024-08-121-38/+36
| | | | | | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
| | * fix(files_sharing): Delete user shares if needed when user is removed from a ↵Louis Chemineau2024-08-122-2/+47
| | | | | | | | | | | | | | | | | | group Signed-off-by: Louis Chemineau <louis@chmn.me>
| * | fix(taskprocessing): select preferred provider when running sync task, fix ↵Julien Veyssier2024-08-122-11/+16
| |/ | | | | | | | | | | task type values according to preferred provider Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
| * fix(SetupCheck): Properly check public access to data directoryFerdinand Thiessen2024-08-086-9/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | When checking for public (web) access to the data directory the status is not enough as you might have a webserver that forwards to e.g. a login page. So instead check that the content of the file matches. For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content to allow checking. ¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| * Merge pull request #47044 from nextcloud/fix/accept-several-mounts-in-encryptionAndy Scherzinger2024-08-071-1/+1
| |\ | | | | | | fix(encryption): Fix mountpoint check to accept if several are found
| | * fix(encryption): Fix mountpoint check to accept if several are foundCôme Chilliet2024-08-051-1/+1
| | | | | | | | | | | | | | | | | | | | | There is no strong requirement to have only one mount for a given storage id. Also the error in this case would be misleading. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
| * | Merge pull request #46395 from nextcloud/apcu-default-ttlRobin Appelman2024-08-072-29/+8
| |\ \ | | | | | | | | fix: set default TTL for APCu cache as per docs
| | * | chore: remove Redis::DEFAULT_TTL constant now that it's defined in the interfaceRobin Appelman2024-08-071-1/+0
| | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
| | * | chore: cleanup acpu inc and decRobin Appelman2024-08-071-28/+2
| | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
| | * | fix: set default TTL for APCu cache as per docsRobin Appelman2024-08-071-0/+6
| | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
| * | | Merge pull request #47069 from ↵Maxence Lange2024-08-071-0/+12
| |\ \ \ | | | | | | | | | | | | | | | | | | | | nextcloud/fix/noid/display-message-on-no-migration-attributes fix(migration-preview): display a message if no attributes set
| | * | | fix(migration-preview): display a message if no attributes setMaxence Lange2024-08-061-0/+12
| | |/ / | | | | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
| * / / fix(session): Log when session_* calls are slowChristoph Wurst2024-08-074-16/+29
| |/ / | | | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * | Merge pull request #38364 from ↵John Molakvoæ2024-08-061-2/+49
| |\ \ | | | | | | | | | | | | joshtrichards/jr-preview-libgd-webp-animation-bypass
| | * | fix(previews): Don't crash on animated WEBP imagesJosh Richards2024-05-301-2/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #30029 and #37263 libgd handles animated WEBP images poorly and generates a meaningless error message as a result. We were returning a 500 error for these preview requests (web) and a fatal error at the command-line (occ). Now we bypass libgd if the we detect an animated WEBP image (and simply don't generate the preview). No more 500 error. Should fix occ too. Signed-off-by: Josh Richards <josh.t.richards@gmail.com> Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
| * | | Merge pull request #47065 from nextcloud/fix/group-ocJohn Molakvoæ2024-08-061-0/+2
| |\ \ \
| | * | | fix: Ensure database connection is setup when getting group detailsFerdinand Thiessen2024-08-061-0/+2
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| * | | | Merge pull request #46967 from nextcloud/fix/share-not-foundJohn Molakvoæ2024-08-062-19/+13
| |\ \ \ \
| | * | | | fix(files_sharing): show proper share not found error messageskjnldsv2024-08-062-19/+13
| | |/ / / | | | | | | | | | | | | | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
| * | | | Merge pull request #46985 from nextcloud/feat/email-share-formatJohn Molakvoæ2024-08-061-12/+12
| |\ \ \ \ | | |/ / / | |/| | |
| | * | | fix(emails): adjust mail button to new designskjnldsv2024-08-061-12/+12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
| * | | | fix: unify bundle namingJérôme Herbinet2024-08-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jérôme Herbinet <33763786+Jerome-Herbinet@users.noreply.github.com> Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
| * | | | Merge pull request #46953 from nextcloud/cleanup-old-mount-repairStephan Orbaugh2024-08-062-62/+0
| |\ \ \ \ | | |/ / / | |/| | | chore: delete repair step for 8y old oc_mounts issue
| | * | | chore: delete repair step for 8y old oc_mounts issueRobin Appelman2024-08-022-62/+0
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
| * | | | Merge pull request #46931 from nextcloud/connection-builder-additional-paramsFerdinand Thiessen2024-08-051-25/+20
| |\ \ \ \ | | | | | | | | | | | | fix: fix passing additional db connection parameters in factory
| | * | | | fix: fix passing additional db connection parameters in factoryRobin Appelman2024-07-311-25/+20
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
| * | | | | fix: ensure array returned from getMountsForFileId is continiousRobin Appelman2024-08-021-2/+2
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
| * | | | fix(files): Fix incorrect keys by reindexingChristopher Ng2024-08-011-2/+2
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
| * | | | Merge pull request #46864 from nextcloud/fix/dont-persist-blurhash-preview-2Richard Steinmetz2024-08-011-19/+4
| |\ \ \ \ | | | | | | | | | | | | fix: don't persist previews used during blurhash generation - take 2
| | * | | | fix: don't persist previews used during blurhash generationRichard Steinmetz2024-07-301-19/+4
| | | |_|/ | | |/| | | | | | | | | | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
| * | | | Merge pull request #45950 from nextcloud/chore/remove-depreacted-searchAndy Scherzinger2024-08-017-405/+0
| |\ \ \ \ | | | | | | | | | | | | chore: Remove deprecated legacy search backend
| | * | | | chore: Remove deprecated legacy search backendJulius Härtl2024-08-017-405/+0
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * | | | | fix(activity): regroup Files and spltit sharing activityskjnldsv2024-08-011-6/+4
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
| * | | | Merge pull request #46912 from ↵Marcel Klehr2024-08-011-0/+4
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | nextcloud/fix/taskprocessing-speech-to-text-legacy More fixes for task processing
| | * | | | fix(TaskProcessing): Legacy Speech To Text support needs UserIdMarcel Klehr2024-07-311-0/+4
| | | |/ / | | |/| | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * | | | Merge pull request #46872 from ↵Marcel Klehr2024-08-011-14/+18
| |\ \ \ \ | | |/ / / | |/| | | | | | | | | | | | | nextcloud/fix/taskprocessing/dont-break-with-provider-errors fix(TaskProcessing): Don't break if provider methods throw
| | * | | fix(TaskProcessing): Don't break if provider methods throwMarcel Klehr2024-07-301-14/+18
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * | | | Merge pull request #46099 from nextcloud/fix/properly-add-accept-share-interfaceJoas Schilling2024-07-302-4/+6
| |\ \ \ \ | | | | | | | | | | | | fix: Add `acceptShare` as an interface
| | * | | | fix: Add `acceptShare` as an interfaceFerdinand Thiessen2024-07-302-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was commented out because at that time no other share provider supported the `acceptShare` method. Today it is the same no other provider supports it, but we should make it discoverable by adding it to the public API as an additional interface. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| * | | | | Merge pull request #46476 from nextcloud/enh/noid/migration-attributesStephan Orbaugh2024-07-304-0/+269
| |\ \ \ \ \ | | |/ / / / | |/| | | | Migration Attributes
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 16:08:18 +0000