averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-29 12:24:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,512 Commits 1,008 Branches 1,229 Tags
executeUpdateRemove
Commit Graph

1232 Commits

Author SHA1 Message Date
Christoph Wurst 0e6fccf9e1 fix(security): Log failing strict cookie check 
The error is silent otherwise and makes it very hard to debug on a
production system.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-03-20 16:26:41 +01:00
Julius Härtl bbc6eee803 fix: Avoid log spam on 404 routes not using GET 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-03-03 09:40:43 +01:00
Joas Schilling 98ed72b3ed Revert "fix(performance): Do not set up filesystem on every call" 2023-02-21 07:36:43 +01:00
Anna Larch 5d4efb4d5f Do not set up filesystem on every call 
Also remove old Oc_FileChunking logis that produced GC- collectable chunks

Signed-off-by: Anna Larch <anna@nextcloud.com>
 2023-02-17 19:18:37 +01:00
Julien Veyssier 6431c5a559 extend the reference API for the new link picker 
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:55 +01:00
Julius Härtl 842f4d530f fix(session): Always setup the session if a session cookie is passed 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-22 11:33:23 +01:00
Julius Härtl 6abb37317f Do not setup a session when not required on WebDAV requests 
If basic auth is used on WebDAV endpoints, we will not setup a session
by default but instead set a test cookie. Clients which handle session
cookies properly will send back the cookie then on the second request
and a session will be initialized which can be resued for
authentication.

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-21 21:17:16 +01:00
Côme Chilliet a529aa79d8 Strong type singletons from lib/base.php 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:41 +00:00
Côme Chilliet e1d324f7eb Migrate lib/base.php to LoggerInterface 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:40 +00:00
Côme Chilliet 26d75add8f Put back cast to string now that timelimit is an int 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:40 +00:00
Côme Chilliet 7372da6c6d Fixing more psalm errors from lib/base.php 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:40 +00:00
Côme Chilliet 444811b0fe Use Server::get some more 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:40 +00:00
Côme Chilliet cf508c1e47 Use strict typing in base.php 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:40 +00:00
Julius Härtl be4c061b75 Set apcu prefix for composer 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:06 +01:00
Christoph Wurst 052dcdebe8 Refactor the ErrorHandler into a dynamic class 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-11-02 09:49:37 +01:00
Julius Härtl 11bedf1c3b Use proper error pages instead of always redirecting 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-21 15:12:21 +02:00
Simon L f97f13b136 Merge pull request #33737 from andyxheli/patch-4 
Makes untrusted domain error on info
 2022-10-01 18:06:44 +02:00
Arthur Schiwon 9b7ef2962e remove listeners to OC_Filesystem::(write|rename) old style hooks 
- the events are not emitted anymore
- OC_Filesystem::isBlacklisted() is not called from anywhere else

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-09-26 21:07:08 +02:00
Julius Härtl 80f6a5834a Refactor cache handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:24:35 +02:00
Andy Xheli 12c8123873 Makes untrusted domain error on info 
Signed-off-by: Andy Xheli <axheli@axtsolutions.com>

Since https://github.com/nextcloud/server/commit/e6d9ef2e38daffcab808eaa41b18ab16c6253b97 was applied logs get filled up with Trusted domain error. "X.X.X.X tried to access using "X.X.X.X" as host alot of users missed important errors do tohttps://github.com/nextcloud/server/commit/e6d9ef2e38daffcab808eaa41b18ab16c6253b97   please see https://github.com/nextcloud/server/issues/32599

This should fix. 
https://github.com/nextcloud/server/issues/32599#event-7281164903


Signed-off-by: Andy Xheli <axheli@axtsolutions.com>
 2022-08-29 13:27:12 -05:00
Julius Härtl 1b43fbe06c Move setting of gc_maxlifetime to initSession 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-17 12:10:27 +02:00
Julius Härtl 9e1d431255 Add config option to disable strict session timeout to be able to use read_and_close 
Fixed https://github.com/nextcloud/server/issues/29356

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-17 12:10:27 +02:00
Julius Härtl 9b4b72826a Reopen sessions if we need to write to them instead of keeping them open 
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-17 12:10:26 +02:00
Christoph Wurst d17e0699f3 Merge pull request #33173 from nextcloud/enhancement/maintenance-mode-http-header 
Set special header for 503 maintenance mode
 2022-08-10 09:16:02 +02:00
Christoph Wurst 0ed987a8dd Set special header for 503 maintenance mode 
This removes ambiguity with a 503 returned by app code, web server or
similar. Front-end and clients can then handle this state accordingly.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-08-08 14:26:11 +02:00
Christoph Wurst a1149b0378 Do not redirect if requested CSS can not be found 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-08-08 14:09:58 +02:00
Christoph Wurst 222a9523b5 Fix 404 handling of requested JSON/XML 
If front-end or an application requests JSON/XML, there is no point in
redirecting to the default page if that response doesn't exist. In the
worst case that would just cause another request, therefore server load,
traffic and a response that is meaningless to the requester.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-07-08 19:14:05 +02:00
Joas Schilling 8e59d49701 Merge pull request #32435 from nextcloud/revert-32278-remove-default-php 
Revert "Remove call to already default php.ini values"
 2022-06-03 14:16:24 +02:00
Carl Schwan e4378fd18c Merge pull request #32349 from nextcloud/enh/projects-event 
Add event to load additional scripts for projects
 2022-05-27 18:36:40 +02:00
Robin Appelman 83f831c263 Merge pull request #32427 from nextcloud/boot-event-ordering 
reorder startup events to fix overlapping
 2022-05-17 11:55:00 +00:00
Louis 8ed92ad4f7 Merge pull request #32216 from SUNET/master 
Respect user settings in php.ini if they are big enough
 2022-05-17 10:14:56 +02:00
Joas Schilling a6ca9d592d Revert "Remove call to already default php.ini values" 2022-05-16 15:54:18 +02:00
Robin Appelman a67bf03ac0 reorder startup events to fix overlapping 
current the `request` and `runtime` events overlap with the `init` event which makes it hard to create usefull visualizations.

this reorders things a bit to remove an overlap

Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-05-16 13:26:38 +02:00
Micke Nordin 0ace1831f4 Fix suggestions by @artonage 
Signed-off-by: Micke Nordin <kano@sunet.se>
 2022-05-16 10:15:45 +02:00
Julius Härtl d3acf8203d Properly import maintenance script 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-05-16 09:28:15 +02:00
Julius Härtl 9a6869943e Introduce event for loading additional script on projects 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-05-12 10:50:13 +02:00
Git'Fellow f110ff9f4d Remove default values 
These values are already the default on supported PHP versions.
I suggest to remove these calls.
 2022-05-05 13:46:09 +02:00
Mikael Nordin 30fe91a77f Simpler version as proposed by @artonage 
Co-authored-by: Louis <6653109+artonge@users.noreply.github.com>
Signed-off-by: Micke Nordin <kano@sunet.se>
 2022-04-30 16:41:35 +02:00
Micke Nordin 259664468a Respect user settings in php.ini if they are big enough 
In the admin guide:
* https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html

it is mentioned that you can tweek:
* max_input_time
* max_execution_time

in order to enable larger file uploads. However, the current codebase
will hard code these values to one hour, no matter what the user sets in
php.ini.

This patch will allow the user to set these settings in php.ini and they
will be respected, if and only if, they are set to something bigger than
3600 seconds.

Signed-off-by: Micke Nordin <kano@sunet.se>
 2022-04-29 14:50:57 +02:00
Carl Schwan 7d272c54d0 Add a built-in profiler inside Nextcloud 
The webui is provided by a seperate application named profiler

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-04-04 10:28:26 +02:00
Joas Schilling 0acd4b5f82 Merge pull request #31235 from nextcloud/techdebt/noid/extract-request-id 
Extract request id handling to dedicated class so it can be injected without DB dependency
 2022-03-22 12:08:45 +01:00
Julius Härtl 2ff0c972c9 Merge pull request #31124 from nextcloud/enh/diagnostics-logging 
Diagnostics event logging to log
 2022-03-02 12:00:44 +01:00
Julius Härtl eede608c0e Add event logging to app loading 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-02-28 11:24:41 +01:00
Côme Chilliet 63d7e7c798 Build OC\Core\Application when running occ or cron to register listeners correctly 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-02-28 10:31:52 +01:00
Joas Schilling 07a9f34385 Extract request id handling to dedicated class so it can be injected manually 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +01:00
Pierre Ozoux e6d9ef2e38 Makes untrusted domain error a warning. 
It sends a 400 to the client, so I could even argue that it should be an error.

But currently as an admin, I'm quiet surprised that I get a 400 in the UI, and nothing in the log with the default level.

I saw this commit that explains the reason why info. But I disagree.

Feel free to close the PR if you don't agree with it.

Signed-off-by: Pierre Ozoux <pierre@ozoux.net>
 2022-01-25 10:33:31 +01:00
Louis Chemineau b46ff973e0 Use less deprecated methods in base.php 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2022-01-19 11:07:12 +01:00
Joas Schilling c8bfd8a559 Load core before the update script 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-01-18 14:55:13 +01:00
John Molakvoæ (skjnldsv) b664aad7ab Move bundles to /dist 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2022-01-08 10:11:58 +01:00
Valdnet 03889d1297 l10n: Separate words 
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
 2021-12-15 17:27:26 +01:00