upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-15 18:11:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 51
87383 commits 968 branches 1208 tags 8.1 GiB
Commit graph

1235 commits

Author SHA1 Message Date
Josh
768b22a31f
chore(base.php): fixup for lint/cs 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-14 12:45:06 -04:00
Josh
96614f95a3
chore(base.php): ensure bypass gets correct apps + routing gets all apps 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-14 11:18:22 -04:00
Josh
5e3a042c9e
docs(base): document real handleLogin contract/behavior 
The real contract is mostly side effects and possibly exceptions, which is important to have documented.

Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-14 09:47:37 -04:00
Josh
e86a3212c4
chore(base): lint fixup + add note about auth app loading 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-11 10:36:07 -04:00
Josh
3edb729926
chore: fixup typos and further streamline upgrade path 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-11 09:34:40 -04:00
Josh
17dea660a8
chore: handle login bypass same as maintenance bypass 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-11 09:00:35 -04:00
Josh
a5282c47e6
chore: fixup base typo 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-11 02:27:42 -04:00
Josh
1423b8ce47
chore: fixup typo 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-11 02:15:22 -04:00
Josh
4a57e07a60
refactor(base): modernize and tidy handleRequest() 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2026-05-11 02:03:43 -04:00
Git'Fellow
3bbe0ee570
refactor: use strict operator 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2026-04-30 00:51:29 +02:00
Carl Schwan
bb4c55c125
refactor: Move copy skeleton step to a file listener 
Instead of having all user providers call OC_Util::copySkeleton

Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-04-27 15:37:02 +02:00
Carl Schwan
39c14c383b
refactor: remove long deprecated IServerContainer methods 
Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-03-10 10:36:35 +01:00
Côme Chilliet
f885d7292f
fix(occ): Do not attempt to send headers on CLI 
This avoids errors like 'Cannot modify header information - headers already sent',
 when using --debug-log with occ.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-02-24 10:22:13 +01:00
Salvatore Martire
2eecf81833 fix: add user id header when redirecting to default app 
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
 2026-02-06 20:25:20 +01:00
Simon L.
b08fca0abe fix: fall-back to hardcoded values if debug mode is enabled 
Signed-off-by: Simon L. <szaimen@e.mail.de>
 2026-01-29 08:52:04 +01:00
Simon L.
cdc951ea45 fix: log memory usage for requests based on configured memory limit 
Signed-off-by: Simon L. <szaimen@e.mail.de>
 2026-01-29 08:52:04 +01:00
Ferdinand Thiessen
f7dad729e4
refactor(core): migrate web updater to Vue 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2026-01-16 00:29:19 +01:00
Côme Chilliet
3c80b7f2b3
fix: Use strict array comparisons in lib/ 
To avoid surprises with corner cases.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-01-13 11:48:04 +01:00
Carl Schwan
6eabaaf104
refactor: Deprecated user config from IConfig correctly 
Mark the methods in the interface deprecated instead of just the one in
the implementation.

Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2025-12-11 13:27:47 +01:00
Côme Chilliet
eb54143c2d
fix: Delete legacy OC_Response 
Moved the last used method in base.php where it’s called. Ideally we
 would remove it but it’s not clear whether that would be possible any
 time soon or even at all.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-09-29 09:35:32 +02:00
Ferdinand Thiessen
660f3f6fd1
refactor: use logical && || instead of weak and or operators 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-09-27 23:02:18 +02:00
Andy Scherzinger
03f22074d9
Merge pull request #54713 from nextcloud/fix/fix-status.php-cookies 
fix(status.php): Fix samesite cookies
 2025-09-01 11:48:27 +02:00
Côme Chilliet
22160b9d2b
chore: Add comment to make it clear the bail out for status.php should 
not be moved above ini_set calls.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-09-01 10:52:31 +02:00
Joas Schilling
3df6d90a4c
Revert "perf(base): Stop setting up the FS for every basic auth request" 2025-08-28 17:11:31 +02:00
Côme Chilliet
34aaa0cf83
fix(status.php): Fix samesite cookies 
This skips less calls for status.php so that ini vars are correctly set
 and the code to set samesite cookies has the correct information when
 Nextcloud is installed in a subpath.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-08-28 16:02:13 +02:00
provokateurin
778c6c0d46 perf(base): Stop setting up the FS for every basic auth request 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-08-28 09:28:11 +00:00
Robin Appelman
21c7ae62e0
Merge pull request #53528 from nextcloud/jtr-maint-refresh-part-1 
fix(maintenance): refresh page when turned off (sometimes)
 2025-08-11 11:44:35 +02:00
Ferdinand Thiessen
7fe272fd74
fix(Coordinator): ensure the core app is loaded first 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-07-17 16:59:45 +02:00
John Molakvoæ
2b50d9b2c5
Revert "perf(base): Stop setting up the FS for every basic auth request" 2025-07-11 17:07:44 +02:00
John Molakvoæ
6f0255d82a
Merge pull request #53141 from nextcloud/perf/files/setup-fs-basic-auth-request 2025-07-11 15:25:10 +02:00
Daniel Calviño Sánchez
01766b18f8 fix: Fix theming for disabled accounts 
The Theming app injects the stylesheets for the different themes in the
"<header>" element of the page, and those stylesheets are then loaded by
the browser from a "Controller" (a plain "Controller", not an
"OCSController"). The stylesheets, in turn, may also get some images
(like the background) also from the "Controller".

When handling a request to "index.php" it is checked whether the user is
logged in and, if not, a login is tried. A disabled user is explicitly
seen as not logged in, so a login is always tried in that case, but
disabled users are also explicitly prevented to log in, so the login
also fails. Due to that trying to get any of the themed stylesheets or
images with a disabled account (to be able to show the "Account
disabled" error page) fails with an HTTP status 401.

To solve that, and to avoid touching this basic logic as much as
possible, the login exception is now ignored (if the user is disabled)
for some specific requests to the Theming app.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2025-07-10 15:19:01 +02:00
provokateurin
0eae0e3c06
perf(base): Stop setting up the FS for every basic auth request 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-07-08 11:38:59 +02:00
Côme Chilliet
e8bc35ec0a
fix(ocs): Return a proper error on JSON decoding failures 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-01 10:45:31 +02:00
Josh
54142b2b20
fix(maintenanceMode): Refresh web page when turned off (part 1) 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2025-06-16 15:41:59 -04:00
Samuel Bizien Filippi
a14cade3ac feat(core): add cookie_domain config option 
Signed-off-by: Samuel Bizien Filippi <samuel.bizien-filippi@finances.gouv.fr>
 2025-06-16 15:33:48 +02:00
Côme Chilliet
78ff8e233f
fix: Switch lazy object to enabled by default on PHP 8.4 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-06-05 20:51:24 +02:00
Côme Chilliet
2eed6d3a89
feat: Add a configuration toggle for lazy objects in DI 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-06-05 20:51:24 +02:00
Ferdinand Thiessen
4cd026ad43
Merge pull request #53157 from nextcloud/chore/refactor-core 
refactor(core): migrate core application to `IBootstrap`
 2025-06-02 16:51:49 +02:00
Ferdinand Thiessen
c21e189850
fix: make core application bootstrapable by coordinator 
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-06-02 15:58:54 +02:00
Côme Chilliet
7c251e4f96
fix: Remove useless legacy autoloader 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-05-27 18:06:28 +02:00
Côme Chilliet
9560e00cf3 chore: Remove useless legacy autoloader for tests 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-05-27 16:15:58 +02:00
Louis
a48bc55e2a
Merge pull request #52810 from nextcloud/artonge/feat/do_not_require_samesite_strict_cookie_on_public.php 2025-05-22 10:30:16 +02:00
Louis Chemineau
009d0c550c
fix: Move CSRF check from base to PublicAuth for public.php 
This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment.

Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF.  So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin.

We also add a redirect to be helpful to the user.

**Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view.

Fix #52482

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-05-21 16:01:36 +02:00
Ferdinand Thiessen
22889d4f1d
chore: deprecate OC_Helper::isReadOnlyConfigEnabled 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-05-17 13:18:49 +02:00
Côme Chilliet
baae99eaad
Merge pull request #52667 from nextcloud/fix/improve-init-profiling 
Improve init profiling
 2025-05-14 22:57:55 +02:00
Côme Chilliet
536ccf144c feat(encryption): Migrate from hooks to events 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-05-13 23:37:52 +02:00
Côme Chilliet
20c6d1a7e9
feat: Improve init a bit, and add more profiling steps 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-05-13 16:08:49 +02:00
Julius Knorr
3fc9a99521 perf: Add config options to trigger individual and sample profiling using excimer 
Signed-off-by: Julius Knorr <jus@bitgrid.net>
 2025-04-22 08:57:02 +02:00
Côme Chilliet
0cf4f3cc71
fix: Replace all usages of OC_User backend method calls by IUserManager 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-04-10 11:29:21 +02:00
Côme Chilliet
b2100484c0 fix: Remove some call and references to deprecated OC_Util class 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-04-07 17:05:54 +02:00