| Age | Commit message (Collapse) | Author |
|---|
|
When two booleans conflict when merging CSP policies, true will win.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
|
|
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
|
|
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
|
|
The subnet for an IPv4 address inside of IPv6 is now returned in its
IPv4 form.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
|
|
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
anything useful
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
Add database ratelimiting backend
|
|
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
- to make it reusable
- needed for local email verification
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
|
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
|
Make Security module strict
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
|
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
|
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
* removes the ability for users to import their own certificates (for external storage)
* reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions)
The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|
Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
\PHPUnit\Framework\MockObject\MockObject
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.
Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
these are actually expected to FAIL, because NULL as a userid is not
allowed in the schema, but documented to be used on the source
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
For PSR2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Remove unused imports
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
When available we should use argon2id for hashing.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Johannes Koenig <mail@jokoenig.de>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
* unneeded arguments to constructor
* added return types
* let automatic DI do its work
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.
Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
