The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Make "validateUserPass" method of OCA\DAV\Connector\Sabre\Auth
class return false after checking if user is logged in if
empty username or password have been passed to it
Fixes#59849
Signed-off-by: Idan <cartaidan@gmail.com>
The permission string for directories and files can contain M or S
depending if they are respectively coming from a mount or a share. This
information is not to be disclosed when the share is a public one.
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
This check was introduced in a previous PR, causing disruptive
changes in PROPFIND responses in some cases.
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
instanceof cannot be used to check the instance of a storage, doing so
breaks the check in certain cases. In this case, enabling the
`files_accesscontrol` app breaks the check.
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
The `$path` argument was added in https://github.com/nextcloud/server/pull/48612, but was never actually used by the callers. The path was therefore missing in the favorite/unfavorite events, which lead to a broken activity information.
I also added a fallback to handle `addToFavorites` and `removeFromFavorites`, which are part of a public API, and are calling `tagAs` and `untag` without `$path`.
Fix https://github.com/nextcloud/activity/issues/2134
Signed-off-by: Louis Chemineau <louis@chmn.me>
Emits a `preloadCollection` event in the DAV server, so that plugins can listen to it and preload DAV properties for files inside a collection, to avoid the N+1 issue that would follow if loading properties on a per-file basis.
This allows plugins to preload the content of a Collection to speed-up
subsequent per-node PROPFINDs and reduce database load.
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
We already do that for files, we are now also doing for calendars.
With relatively small amount of calendars, I managed to reduce the
number of DB requests by 35% and from 23 DB requests touching the
oc_properties table to only 3.
Signed-off-by: Carl Schwan <carl.schwan@nextclound.com>
This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment.
Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF. So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin.
We also add a redirect to be helpful to the user.
**Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view.
Fix#52482
Signed-off-by: Louis Chemineau <louis@chmn.me>
Louis
Côme Chilliet
Stephan Orbaugh
Idan
Josh
Ferdinand Thiessen
Robin Appelman
nextcloud-command
John Molakvoæ
provokateurin
Salvatore Martire
Carl Schwan
Carl Schwan
Benjamin Gaussorgues
Andy Scherzinger
skjnldsv
Carl Schwan
Carl Schwan
Joas Schilling