nextcloud-server

Commit Graph

Author	SHA1	Message	Date
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Christoph Wurst	9ce3ea3368	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
J0WI	331f30f085	Fix IPv6 localhost regex Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
Daniel Kesselberg	8ebd31d686	Make $vars and $secureRandom required. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	5 years ago
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
J0WI	68ce17e59b	Unify links to php.net Update all links to https://www.php.net/ Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
Christoph Wurst	2a054e6c04	Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Georg Ehrke	3bdfb380fc	Fix PHPDoc of IRequest::getHeader Signed-off-by: Georg Ehrke <developer@georgehrke.com>	6 years ago
Joas Schilling	74a9cadc50	Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating Signed-off-by: Joas Schilling <coding@schilljs.com>	6 years ago
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	734c62bee0	Format code according to PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	14c996d982	Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	3a415e4139	Remove space between switch case and colon Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	85e369cddb	Fix multiline comments Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Daniel Kesselberg	8331d8296b	Make getServerHost more robust to faulty user input Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Daniel Kesselberg	d393b1612b	Modify regex to match some other chromium browsers Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Julius Härtl	a055d8ddf9	Always return overwritehost if configured Signed-off-by: Julius Härtl <jus@bitgrid.net>	6 years ago
Daniel Kesselberg	fdf4e1ebb2	Remove duplicate code Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
b108@volgograd	bf167ad3ac	Remove duplicate functionality This functionality implemented in the next line: $requestUri = preg_replace('%/{2,}%', '/', $requestUri);	7 years ago
Roeland Jago Douma	514426e27d	Only trust the X-FORWARDED-HOST header for trusted proxies Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Oliver Wegner	401ca28f07	Adding handling of CIDR notation to trusted_proxies for IPv4 Signed-off-by: Oliver Wegner <void1976@gmail.com>	7 years ago
Daniel Kesselberg	986f4df2a5	Add REMOTE_ADDR to getHeader Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Robin Appelman	c0a283fefb	ensure we always return an array from `Request::getParams` Signed-off-by: Robin Appelman <robin@icewind.nl>	7 years ago
Roeland Jago Douma	043a824e6a	Fix comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	0ee45d3d20	Fix proper types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	a229095af1	Make Request strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	4ef302c0be	Request->getHeader() should always return a string PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant. Found while enabling the strict_typing for lib/private for the PHP7+ migration. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Roeland Jago Douma	ca70694502	Also check for empty content lenth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Roeland Jago Douma	c257cd57d4	Handle SameSiteCookie check for index.php in AppFramework Middleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	9717cdfb9e	If there is no content don't error Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	ede15f0988	Fix L10N::t Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
coderkun	bdc7bb1f26	Add IPv6 to “localhost” regex (#440 ) Signed-off-by: Oliver Hanraths <olli@coderkun.de>	9 years ago
Joas Schilling	695696a4a6	Use constants Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Juan Pablo Villafáñez	38e5135cb9	Reorder the entries of the log for easier reading	9 years ago
Roeland Jago Douma	2a9192334e	Don't try to parse empty body if there is no body Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	8626ccab1c	dont require strict same site cookies for ocs requests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Joas Schilling	33fb86f68b	Fix detection of the new iOS app Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Lukas Reschke	a05b8b7953	Harden cookies more appropriate This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening. See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications. Fixes https://github.com/nextcloud/server/issues/1412 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Joas Schilling	c20ab0049f	Identify Chromium as Chrome Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Lukas Reschke	d50e7ee36c	Remove reading PATH_INFO from server variable Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used. Fixes https://github.com/nextcloud/server/issues/983	10 years ago
Roeland Jago Douma	8f3dc0ba43	Remove IE_8 user agent string	10 years ago
Lukas Reschke	b53ea18ea5	Match only for actual session cookie OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.	10 years ago
Joas Schilling	0215b004da	Update with robin	10 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago

1 2

59 Commits (5cd1880daa048a685da689c7f41a2e50486494de)