upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-25 03:43:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 39
76341 commits 783 branches 1189 tags 6.5 GiB
Commit graph

14774 commits

Author SHA1 Message Date
Ferdinand Thiessen
1e49c83556 fix: FilenameValidator::isForbidden should only check forbidden files 
And not forbidden basenames as this is used for different purposes.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-22 08:51:58 +02:00
Andy Scherzinger
e87b559939
Merge pull request #47283 from nextcloud/backport/47038/stable30 
[stable30] fix: check for correct storage class when checking for link parent
 2024-08-21 21:59:22 +02:00
John Molakvoæ
28af5012a2
Merge pull request #47391 from nextcloud/backport/47371/stable30 2024-08-21 16:29:51 +02:00
Ferdinand Thiessen
655b318b23 fix: Support Safari mobile 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-21 12:33:53 +00:00
Ferdinand Thiessen
a67d98c31e fix: Disable auto-zoom on iOS 
When using iOS and focussing an input element the view should not be zoomed.
So if we set a maximum scale iOS will not auto-zoom but still allow users to zoom.
But we can not do this by default as this will disable user zoom on Chrome.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-21 12:33:53 +00:00
Joas Schilling
71c0b0053c fix(theming): Make getImage() call save against missing non-SVG version 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-08-21 13:19:29 +02:00
Robin Appelman
fff198657f fix: use mountpoint from storage to find the encryption keys 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-20 14:24:43 +00:00
Robin Appelman
ece54cf956 feat: store the mountpoint of storages in the mount options 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-20 14:24:43 +00:00
Robin Appelman
9791fa278f fix: check for correct storage class when checking for link parent 
fixes #39123

Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-16 15:17:07 +00:00
S1m
b7bf8ec3c5
feat(webauthn): Add user verification to webauthn challenges 
Require user verification if all tokens are registered

with UV flag, else discourage it

Signed-off-by: S1m <git@sgougeon.fr>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2024-08-15 11:52:40 +02:00
Christoph Wurst
7641e768b3
Merge pull request #45435 from nextcloud/feat/dav/upcoming-events-api 
feat(dav): Add an API for upcoming events
 2024-08-14 06:54:43 +02:00
Christoph Wurst
370a9d77ea
feat(dav): Add an API for upcoming events 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-08-13 20:03:31 +02:00
Ferdinand Thiessen
3e409fd342
Merge pull request #43573 from nextcloud/HolgerHees-fix-csp-nonce-handling 
Fix for ignored `CSP_NONCE` in ContentSecurity Header
 2024-08-13 17:53:30 +02:00
Christoph Wurst
5100e3152d
feat(auth): Clean-up unused auth tokens and wipe tokens 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-08-13 12:39:11 +02:00
Côme Chilliet
142b6e313f
Merge pull request #47180 from nextcloud/fix/apply-group-limit-on-remove-from-group 
Apply group limit on remove from group
 2024-08-13 12:20:48 +02:00
Ferdinand Thiessen
2916e5df7e
feat: Provide CSP nonce as <meta> element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:32:44 +02:00
Ferdinand Thiessen
86f01a3358
fix: Make sure CSP nonce is not double base64 encoded 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 09:52:33 +02:00
Holger Hees
73397cd759
fix: Use CSP_NONCE env variable in ContentSecurity Header 
We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available.

Signed-off-by: Holger Hees <holger.hees@gmail.com>
 2024-08-13 09:52:08 +02:00
Côme Chilliet
e23325f047
fix: Remove shares only if there are no more common groups between users 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-08-12 15:20:21 +02:00
Louis Chemineau
5559beb28c
fix(files_sharing): Delete user shares if needed when user is removed from a group 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-08-12 14:41:19 +02:00
Julien Veyssier
dbab2a825d
fix(taskprocessing): select preferred provider when running sync task, fix task type values according to preferred provider 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-08-12 13:11:41 +02:00
Ferdinand Thiessen
0563757ea4 fix(SetupCheck): Properly check public access to data directory 
When checking for public (web) access to the data directory the status is not enough
as you might have a webserver that forwards to e.g. a login page.
So instead check that the content of the file matches.

For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content
to allow checking.

¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-08 22:08:42 +02:00
Andy Scherzinger
609fa7d5db
Merge pull request #47044 from nextcloud/fix/accept-several-mounts-in-encryption 
fix(encryption): Fix mountpoint check to accept if several are found
 2024-08-07 20:58:19 +02:00
Robin Appelman
495f454b6f
Merge pull request #46395 from nextcloud/apcu-default-ttl 
fix: set default TTL for APCu cache as per docs
 2024-08-07 20:16:02 +02:00
Robin Appelman
cae0a8218d
chore: remove Redis::DEFAULT_TTL constant now that it's defined in the interface 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-07 19:41:44 +02:00
Robin Appelman
b19652a2ad
chore: cleanup acpu inc and dec 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-07 19:41:43 +02:00
Robin Appelman
cd9cc01b77
fix: set default TTL for APCu cache as per docs 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-07 19:41:41 +02:00
Maxence Lange
3ffcfb1dab
Merge pull request #47069 from nextcloud/fix/noid/display-message-on-no-migration-attributes 
fix(migration-preview): display a message if no attributes set
 2024-08-07 11:48:20 -01:00
Christoph Wurst
2b38d6ae7e
fix(session): Log when session_* calls are slow 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-08-07 09:02:10 +02:00
Maxence Lange
6ad6fa6425 fix(migration-preview): display a message if no attributes set 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-08-06 22:23:12 -01:00
John Molakvoæ
8a5bc4778b
Merge pull request #38364 from joshtrichards/jr-preview-libgd-webp-animation-bypass 2024-08-06 17:56:14 +02:00
John Molakvoæ
2d8676fa5d
Merge pull request #47065 from nextcloud/fix/group-oc 2024-08-06 17:52:01 +02:00
John Molakvoæ
42650f6773
Merge pull request #46967 from nextcloud/fix/share-not-found 2024-08-06 17:45:44 +02:00
John Molakvoæ
e6457aa9c4
Merge pull request #46985 from nextcloud/feat/email-share-format 2024-08-06 17:40:47 +02:00
skjnldsv
db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +02:00
Ferdinand Thiessen
4776b6600a
fix: Ensure database connection is setup when getting group details 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-06 13:41:04 +02:00
Jérôme Herbinet
c221090c86 fix: unify bundle naming 
Signed-off-by: Jérôme Herbinet <33763786+Jerome-Herbinet@users.noreply.github.com>
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-08-06 11:14:07 +02:00
Stephan Orbaugh
eecc9f328b
Merge pull request #46953 from nextcloud/cleanup-old-mount-repair 
chore: delete repair step for 8y old oc_mounts issue
 2024-08-06 09:42:20 +02:00
skjnldsv
28a34e7351 fix(emails): adjust mail button to new design 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 09:42:19 +02:00
Ferdinand Thiessen
9ef2e142c4
Merge pull request #46931 from nextcloud/connection-builder-additional-params 
fix: fix passing additional db connection parameters in factory
 2024-08-05 17:41:04 +02:00
Côme Chilliet
277c2cf5d1
fix(encryption): Fix mountpoint check to accept if several are found 
There is no strong requirement to have only one mount for a given
 storage id. Also the error in this case would be misleading.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-08-05 17:34:25 +02:00
Robin Appelman
eb4fb994cf
fix: ensure array returned from getMountsForFileId is continious 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-02 17:22:33 +02:00
Robin Appelman
9af6184af6 chore: delete repair step for 8y old oc_mounts issue 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-02 17:21:54 +02:00
Christopher Ng
572361f498 fix(files): Fix incorrect keys by reindexing 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2024-08-01 09:14:44 -07:00
Richard Steinmetz
abd7514c5e
Merge pull request #46864 from nextcloud/fix/dont-persist-blurhash-preview-2 
fix: don't persist previews used during blurhash generation - take 2
 2024-08-01 16:17:10 +02:00
Andy Scherzinger
014fcb0131
Merge pull request #45950 from nextcloud/chore/remove-depreacted-search 
chore: Remove deprecated legacy search backend
 2024-08-01 13:56:09 +02:00
Julius Härtl
a6d421e767
chore: Remove deprecated legacy search backend 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-08-01 12:33:18 +02:00
skjnldsv
80231e60aa fix(activity): regroup Files and spltit sharing activity 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-01 11:03:24 +02:00
Marcel Klehr
c4227ef448
Merge pull request #46912 from nextcloud/fix/taskprocessing-speech-to-text-legacy 
More fixes for task processing
 2024-08-01 09:04:15 +02:00
Marcel Klehr
5d98b647d6
Merge pull request #46872 from nextcloud/fix/taskprocessing/dont-break-with-provider-errors 
fix(TaskProcessing): Don't break if provider methods throw
 2024-08-01 09:02:26 +02:00