nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Julius Härtl	a055d8ddf9	Always return overwritehost if configured Signed-off-by: Julius Härtl <jus@bitgrid.net>	6 years ago
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Daniel Kesselberg	fdf4e1ebb2	Remove duplicate code Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Julius Härtl	299759b836	Handle throwables in the http dispatcher Co-authored-by: Arthur Schiwon <blizzz@arthur-schiwon.de> Signed-off-by: Julius Härtl <jus@bitgrid.net>	6 years ago
b108@volgograd	bf167ad3ac	Remove duplicate functionality This functionality implemented in the next line: $requestUri = preg_replace('%/{2,}%', '/', $requestUri);	7 years ago
Roeland Jago Douma	514426e27d	Only trust the X-FORWARDED-HOST header for trusted proxies Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Oliver Wegner	401ca28f07	Adding handling of CIDR notation to trusted_proxies for IPv4 Signed-off-by: Oliver Wegner <void1976@gmail.com>	7 years ago
Daniel Kesselberg	986f4df2a5	Add REMOTE_ADDR to getHeader Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Robin Appelman	c0a283fefb	ensure we always return an array from `Request::getParams` Signed-off-by: Robin Appelman <robin@icewind.nl>	7 years ago
Roeland Jago Douma	043a824e6a	Fix comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	0ee45d3d20	Fix proper types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	a229095af1	Make Request strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	ca9f364fd4	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	bb0c7b2943	Make AppFramework/Http/Dispatcher strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	4ef302c0be	Request->getHeader() should always return a string PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant. Found while enabling the strict_typing for lib/private for the PHP7+ migration. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Roeland Jago Douma	ca70694502	Also check for empty content lenth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	31c5c2a592	Change @georgehrke's email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Roeland Jago Douma	c257cd57d4	Handle SameSiteCookie check for index.php in AppFramework Middleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	9717cdfb9e	If there is no content don't error Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	ede15f0988	Fix L10N::t Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
coderkun	bdc7bb1f26	Add IPv6 to “localhost” regex (#440 ) Signed-off-by: Oliver Hanraths <olli@coderkun.de>	9 years ago
Joas Schilling	695696a4a6	Use constants Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Juan Pablo Villafáñez	38e5135cb9	Reorder the entries of the log for easier reading	9 years ago
Roeland Jago Douma	2a9192334e	Don't try to parse empty body if there is no body Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	8626ccab1c	dont require strict same site cookies for ocs requests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Joas Schilling	33fb86f68b	Fix detection of the new iOS app Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Lukas Reschke	a05b8b7953	Harden cookies more appropriate This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening. See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications. Fixes https://github.com/nextcloud/server/issues/1412 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Robin Appelman	4235b18a88	allow passing a stream to StreamResponse Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Joas Schilling	c20ab0049f	Identify Chromium as Chrome Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Lukas Reschke	d50e7ee36c	Remove reading PATH_INFO from server variable Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used. Fixes https://github.com/nextcloud/server/issues/983	10 years ago
Roeland Jago Douma	8f3dc0ba43	Remove IE_8 user agent string	10 years ago
Lukas Reschke	b53ea18ea5	Match only for actual session cookie OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.	10 years ago
Joas Schilling	0215b004da	Update with robin	10 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Roeland Jago Douma	e42f2f2650	AppFramework do not get default response The OCSResponse differs from other responses in that it defaults to XML. However we fell back to json by default. This makes sure that if nothing is set we don't pass anything. Which defaults then to the controllers default (which is often 'json') but in the case of the OCSResponse 'xml'.	10 years ago
Lukas Reschke	a299fa38a9	[master] Port Same-Site Cookies to master Fixes https://github.com/nextcloud/server/issues/50	10 years ago
Joas Schilling	b1d652e8b0	Copy the regexes to the public interface	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Roeland Jago Douma	eb11ed1851	Make ownCloud work again in php 7.0.6 See https://bugs.php.net/bug.php?id=72117	10 years ago
Roeland Jago Douma	1d33a5ef13	Move \OC\AppFramework to PSR-4 * Also moved the autoloader setup a bit up since we need it in initpaths	10 years ago

46 Commits (3e720942e58f99b038616d95e00a01ac9dd2f490)