| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This makes sure using resource or GdImage (PHP>=8) behaves the same.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
|
| |\
| |
| |
| |
| | |
nextcloud/work/carl/correct-permissions-when-copying
Fix permissions when copying from ObjectStorage
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure that when a user copy a file from a directory they don't have
all permissions to a directory where they have more permissions, the
permissions are correctly set to the one from the parent taget folder.
This was caused by the ObjectStoreStorage::copyFromStorage using
the jailed storage and cache entry instead of the unjailed one like other
storages (the local one).
Steps to reproduce
+ Use object storage
+ Create a groupfolder with one group having full permission and another one
who can just read files.
+ With an user who is in the second group, copy a file from the groupfolder to
the home folder of this user.
+ The file in the home folder of the user will be read only and can't be deleted
even though it is in their home folder and they are the owner. In oc_filecache,
the permissions stored for this file are 1 (READ)
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
|
| |\ \
| | |
| | |
| | |
| | | |
nextcloud/bugfix/noid/public-api-for-trusted-domain-helpers
Add an OCP for trusted domain helper
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Christopher Ng <chrng8@gmail.com>
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Christopher Ng <chrng8@gmail.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
|
| |\ \ |
|
| | | | |
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | | |
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
|
| | |
| |
| |
| | |
Signed-off-by: alanmeeson <alan@carefullycalculated.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When using and object store as primary storage and using the default
encryption module at the same time, any encrypted file would be truncated
when read, and a text error message added to the end.
This was caused by a combination of the reliance of the read functions on
on knowing the unencrypted file size, and a bug in the function which
calculated the unencrypted file size for a given file.
In order to calculate the unencrypted file size, the function would first
skip the header block, then use fseek to skip to the last encrypted block
in the file. Because there was a corresponence between the encrypted and
unencrypted blocks, this would also be the last encrypted block. It would
then read the final block and decrypt it to get the unencrypted length of
the last block. With that, the number of blocks, and the unencrypted block
size, it could calculate the unencrypted file size.
The trouble was that when using an object store, an fread call doesn't
always get you the number of bytes you asked for, even if they are
available. To resolve this I adapted the stream_read_block function from
lib/private/Files/Streams/Encryption.php to work here. This function
wraps the fread call in a loop and repeats until it has the entire set of
bytes that were requested, or there are no more to get.
This fixes the imediate bug, and should (with luck) allow people to get
their encrypted files out of Nextcloud now. (The problem was purely on
the decryption side). In the future it would be nice to do some
refactoring here.
I have tested this with image files ranging from 1kb to 10mb using
Nextcloud version 22.1.0 (the nextcloud:22.1-apache docker image), with
sqlite and a Linode object store as the primary storage.
Signed-off-by: Alan Meeson <alan@carefullycalculated.co.uk>
|
| |\ \ |
|
| | | |
| | |
| | | |
Should fix things like `fread(): read of 8192 bytes failed with errno=21 Is a directory`
|
| |\ \ \ |
|
| | | | |
| | | |
| | | | |
Need to check another legacy. Need to explicitly add to use or do not forget add slash `\`
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We want to keep offering our push notification service for free, but large
users overload our infrastructure. For this reason we have to rate-limit the
use of push notifications. If you need this feature, consider setting up your
own push server or using Nextcloud Enterprise.
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- both $userData and $defaultUserData have numeric indices
- each element contains at least the name and other fields
- appending the missing data array is sufficient
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
| | |/ / / /
|/| | | |
| | | | |
| | | | | |
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Make the route name error more helpful
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As a developer I have no clue what "Invalid route name" means. If the
exception gives me a hint I might find it easier to figure out why my
route triggers this error.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |\ \ \ \ \ |
|
| | |\ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
| |\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
nextcloud/bugfix/noid/use-cached-user-backend-info-for-password-login
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |\ \ \ \ \ \ \ \ \ |
|
| | | |_|_|_|/ / / /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|/ / /
|/| | | | | | | | |
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| |_|/ / / / / / /
|/| | | | | | | |
| | | | | | | | | |
nextcloud/fix/concurrent-duplicate-auth-token-updates
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
The auth token activity logic works as follows
* Read auth token
* Compare last activity time stamp to current time
* Update auth token activity if it's older than x seconds
This works fine in isolation but with concurrency that means that
occasionally the same token is read simultaneously by two processes and
both of these processes will trigger an update of the same row.
Affectively the second update doesn't add much value. It might set the
time stamp to the exact same time stamp or one a few seconds later. But
the last activity is no precise science, we don't need this accuracy.
This patch changes the UPDATE query to include the expected value in a
comparison with the current data. This results in an affected row when
the data in the DB still has an old time stamp, but won't affect a row
if the time stamp is (nearly) up to date.
This is a micro optimization and will possibly not show any significant
performance improvement. Yet in setups with a DB cluster it means that
the write node has to send fewer changes to the read nodes due to the
lower number of actual changes.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Fix security issues when copying groupfolder with advanced ACL
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Using advanced ACL, it is possible that an user has access to a
directory but not to a subdirectory, so the copying use
Common::copyFromStorage instead of Local::copyFromStorage.
Fix https://github.com/nextcloud/groupfolders/issues/1692
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
|
| |\ \ \ \ \ \ \ \ \ \
| |_|/ / / / / / / /
|/| | | | | | | | | |
|
| | |/ / / / / / / /
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
