nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Samuel Bizien Filippi	a14cade3ac	feat(core): add cookie_domain config option Signed-off-by: Samuel Bizien Filippi <samuel.bizien-filippi@finances.gouv.fr>	6 months ago
Côme Chilliet	e757b649b7	fix: Fix psalm taint false-positives by small refactorings Mostly make it clear that we trust admin input or that we correctly escape strings. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	10 months ago
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Christoph Wurst	7e2c3a820e	Remove the cookie paths for php<7.3 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	2016e57eab	Only send samesite cookies This makes the last remaining two cookies lax. The session cookie itself. And the session password as well (on php 7.3 that is). Samesite cookies are the best cookies! Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Lukas Reschke	4166d61ce6	Fix MigrationSchemaChecker and CryptoWrapper Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Roeland Jago Douma	e2c36c2903	Move \OC\Session to PSR-4	10 years ago
Thomas Müller	682821c71e	Happy new year!	10 years ago
Roeland Jago Douma	876fb83ddc	getMediumStrengthGenerator is deprecated and does not do anything anymore	10 years ago
Scrutinizer Auto-Fixer	453e1bf66e	Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com	10 years ago
Morris Jobke	b945d71384	update licence headers via script	10 years ago
Phil Davis	7940a3fb65	Session closed exception wording and a small comment typo	10 years ago
Lukas Reschke	3adbfbfd69	Use / instead of an empty string as cookie path When an empty string is used as cookie path PHP will assign the current directory as cookie path. This means when an user had installed an ownCloud under "/", which is mapped to an empty string in \OC::$WEBROOT, and accessed it the cookie was set to values such as "/index.php/apps/files" since the web browser assumed this to be a directory. This means that multiple encryption cookies were set for the same domain resulting in potential havoc. With this patch the path will be set to "/" in case an empty web root is installed which makes the cookie accessible to the whole domain. To test this setup multiple ownCloud instances on the same domain under different ports and have both installed under "/", then try to login in both of it and previously this can in some cases lead to a lockout of the user. Note that this affects the cookies that the browsers do sent and thus to test this you need to clear all cookies from your browser previously. I consider this an acceptable behaviour for now since this code is only in master. Fixes https://github.com/owncloud/core/issues/18919	10 years ago
Lukas Reschke	6a3fb0d3b3	Handle failures gracefully, remove switch	11 years ago
Joas Schilling	36eef2ddab	Add a session wrapper to encrypt the data before storing it on disk	11 years ago

15 Commits (master)