Commit Graph

11 Commits

Author SHA1 Message Date
Côme Chilliet 1ab09ec753 chore: Apply new coding standard to all files
The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2026-06-01 13:46:39 +02:00
Carl Schwan 11cf69d8ba fix(psalm): Fix static analysis issues in apps/*/tests
There are still 1200 more to fix before we can enable static analysis
for the tests.

Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-01-16 12:00:51 +01:00
Ferdinand Thiessen d6d6747a73 refactor: apply rector rules for PHPUnit 10
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-10-27 21:56:04 +01:00
skjnldsv 9c98b722f4 fix(dav): allow multiple link shares token in session
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-10-23 13:10:39 +02:00
Robin Appelman aa15f9d16d chore: run rector
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-07-01 22:45:52 +02:00
Joas Schilling 76e6ab1dff test: Migrate remaining DAV tests to PHPUnit 10
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-05-28 09:25:47 +02:00
Louis Chemineau 009d0c550c fix: Move CSRF check from base to PublicAuth for public.php
This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment.

Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF.  So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin.

We also add a redirect to be helpful to the user.

**Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view.

Fix #52482

Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-05-21 16:01:36 +02:00
Côme Chilliet 1580c8612b chore(apps): Apply new rector configuration to autouse classes
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-10-15 10:40:25 +02:00
Andy Scherzinger 56d4f3aa2d chore: Add SPDX header
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-28 14:41:28 +02:00
John Molakvoæ 18399fc1cf fix: improve typing and use \OCP\Server::get
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
2024-01-09 10:56:34 +01:00
John Molakvoæ 82b5a19a35 fix: public dav and files_sharing testing fixes
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
2024-01-09 10:56:14 +01:00