A recent change had broken authentication with an older
FastCGI Apache2 module, because the IRequest object got
initialised before the fix from self::handleAuthHeaders()
copied the authentication headers into the correct $_SERVER
variables.
Since this part is completely independent from any Nextcloud
code it is now done as a first thing within the init() call.
Additionally similar issues could happen when another class
would boot too early and read other global PHP settings like
ini values and default timezone, so those are now also moved
to the beginning.
Signed-off-by: Joas Schilling <coding@schilljs.com>
We basically mock the way `URLGenerator::getAbsoluteURL` works,
so we must make sure that the URL might already contain the webroot.
Because `baseURL` and `cliURL` also contain the webroot we need to remove
the webroot from the URL first.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Daniel <mail@danielkesselberg.de>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
If an incompatible app is enabled manually, it is added to the "app_install_overwrite" array in config.php. Nextcloud upgrades won't disable any app in this array, but they were still shown on the upgrade page and logs as being disabled.
This commit assures that only apps which are really disabled, i.e. which are not in the "app_install_overwrite" array, are shown and logged as disabled during upgrades.
Signed-off-by: MichaIng <micha@dietpi.com>
apcu lead to side effects especially with app management and (soft)
inter-dependencies, and lead also to 500 server errors. While we could
add management to clear apcu cache in many cases (may stil leave edge
cases) the performance benefit is marginally as also class maps are
already cached in opcache. Hence, the simple and effective way to go is
to not use apcu for autoloading.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- in most cases it would read again in \OC_Util::loadVersion anyway
- remove some unused use statements
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
fixes collissions when more than one instance is running on the same
system
For the memcaches we use a more complex prefix, where version and
instance ID are incorporated. We do not have this data at hand at this
point of time. But we can get the mtime of the version.php file
relatively cheap.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
If basic auth is used on WebDAV endpoints, we will not setup a session
by default but instead set a test cookie. Clients which handle session
cookies properly will send back the cookie then on the second request
and a session will be initialized which can be resued for
authentication.
Signed-off-by: Julius Härtl <jus@bitgrid.net>
