| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
`json_encode` fails hard on PHP >= 5.5 if a non UTF-8 value is specified by returning false. Older PHP versions just nullify the value which makes it at least somewhat usable.
This leads to very confusing errors which are very hard to debug since developers are usually not aware of this. In this case I'd consider throwing a fatal exception – since it arguably is an error situation – is a fair solution since this makes developers and administrators aware of any occurence of the problem so that these bugs can get fixed.
Fixes https://github.com/owncloud/core/issues/17265
|
| |\
| |
| | |
Fix undefined offset
|
| | |
| |
| |
| | |
There are cases where no trusted host is specified such as when installing the instance, this lead to an undefined offset warning in the log right after installing. (when another domain than localhost or 127.0.0.1 was used)
|
| |/ |
|
| | |
|
| |\
| |
| | |
Fix #16713
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
testing ...
fixes
fix test
add php doc
fix small mistake
add another phpdoc
remove not working cors annotations from files app
|
| |
|
|
|
|
| |
For enhanced security it is important that there is also a way to disallow domains, including the default ones.
With this commit every method gets added a new "disallow" function.
|
| |
|
|
| |
value instead of index
|
| |
|
|
|
|
| |
This is required when working with stuff such as PDF.js in the files_pdfviewer application. Opt-in only.
Master change only because the stable CSP policies has a failback that allows nearly anything :see_no_evil:
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First stab at the StreamResponse, see #12988
The idea is to use an interface ICallbackResponse (I'm not 100% happy with the name yet, suggestions?) that allow the response to output things in its own way, for instance stream the file using readfile
Unittests are atm lacking, plan is to
check if a mock of ICallbackResponse will be used by calling its callback (also unhappy with this name) method
Usage is:
$response = new StreamResponse('path/to/file');
rename io to output, add additional methods and handle error and not modified cases when using StreamResponse
fix indention and uppercasing, also handle forbidden cases
fix indention
fix indention
no forbidden, figuring out if a file is really readable is too complicated to get to work across OSes and streams
remove useless import
remove useless import
fix intendation
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
X-Forwarded-Proto contains a list of protocols if ownCloud is behind multiple reverse proxies.
This is a revival of https://github.com/owncloud/core/pull/11157 using the new IRequest public API.
|
| |\
| |
| | |
Close cursor for appframework and manipulation queries if applicable
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Allow AppFramework applications to specify a custom CSP header
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.
Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```
Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.
This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.
Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.
Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
|
| |\ \
| | |
| | | |
Additional controllermethodreflector inheritance tests
|
| | | | |
|
| | |/ |
|
| | | |
|
| |\ \
| | |
| | | |
Add a controller and reponse for ocs
|
| | | | |
|
| | | | |
|
| | |/ |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `mod_unique_id` is enabled the ID generated by it will be used for logging. This allows for correlation of the Apache logs and the ownCloud logs.
Testplan:
- [ ] When `mod_unique_id` is enabled the request ID equals the one generated by `mod_unique_id`.
- [ ] When `mod_unique_id` is not available the request ID is a 20 character long random string
- [ ] The generated Id is stable over the lifespan of one request
Changeset looks a little bit larger since I had to adjust every unit test using the HTTP\Request class for proper DI.
Fixes https://github.com/owncloud/core/issues/13366
|
| |
|
|
|
|
| |
prefer url parameters passed into the main method. If they are not present, use the containers urlParameters
add space
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* resolves dependencies by type hint or variable name
* simpler route.php
* implementation of https://github.com/owncloud/core/issues/12829
Generates and injects parameters automatically. You can now build full classes like
$c->query('MyClassName')
without having to register it as a service. The resolved object's instance will be saved by using registerService. If a constructor parameter is not type hinted, the parameter name will be taken.
Therefore the following two implementations are identical:
class Class1 { function __construct(MyClassName $class)
class Class1 { function __construct($MyClassName)
This makes it possible to also inject primitive values such as strings, arrays etc.
In addition if the query could not be resolved, a `QueryException` is now thrown
Routes can now be returned as an array from `routes.php` and an `appinfo/application.php` is optional
Old commit messages:
make it possible to return the routes instead of having to intialize the application
try to get the controller by convention
add first implementation of automatic resolve
add another test just to be sure
store the resolved object
more tests
add phpdoc to public app.php method
use the same variable for the public app.php method
deprecate old methods and add services for public interfaces
deprecated getServer method
disallow private api injection for apps other than core or settings (settings should be an app goddamnit :D)
register userid because its such an often used variable
fix indention and leading slash
use test namespace
add deprecation reasons, remove private api usage checks and remove deprecation from getServer()
add additional public interfaces
add public interface for rootfolder
fix syntax error
remove deprecation from methods where no alternative is there yet
remove deprecated from method which has no alternative
add timezone public service for #12881
add another deprecation hint
move deprecation into separate branch
remove dead comment
first try to get the namespace from the info.xml, if it does not exist, just uppercase the first letter
also trim the namespace name
add an interface for timefactory
move timefactory to public and add icontrollermethodreflector
keep core interface
fix copyright date in headers
|
| |\
| |
| | |
Merge headers
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is no AppFramework way to modify cookies, which makes it unusable for quite some use-cases or results in untestable code.
This PR adds some basic functionalities to add and invalidate cookies.
Usage:
```php
$response = new TemplateResponse(...);
$response->addCookie('foo', 'bar');
$response->invalidateCookie('foo');
$response->addCookie('bar', 'foo', new \DateTime('2015-01-01 00:00'));
```
Existing cookies can be accessed with the AppFramework using `$this->request->getCookie($name)`.
|
| |\
| |
| | |
Add route postfix to allow url versioning when only the http method changed
|
| | |
| |
| |
| | |
add postfix
|
| |/ |
|
| |
|
|
| |
Fixes https://github.com/owncloud/core/issues/12188 for AppFramework apps
|
| | |
|
| |
|
|
| |
take care of this
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix docstrings
adjust copyright date
another copyright date update
another header update
implement third headers argument, fix indention, fix docstrings
fix docstrings
|
| | |
|
| | |
|
