Merge f6e4641b6c into 316acc3cc3

Merge pull request #44996 from nextcloud/fix/unify-access-to-forbidden-chars
fix(files): Use OCP\Util::getForbiddenFileNameChars instead of directaccess to system config
2024-04-29 18:43:41 +02:00 · 2024-04-29 18:14:06 +02:00 · 2024-04-29 15:37:59 +00:00 · 2024-04-29 17:15:00 +02:00 · 2024-04-29 17:01:32 +02:00 · 2024-04-29 15:31:04 +02:00
15 changed files with 69 additions and 111 deletions
--- a/apps/files/lib/Controller/ViewController.php
+++ b/apps/files/lib/Controller/ViewController.php
@ -52,7 +52,6 @@ use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\Collaboration\Resources\LoadAdditionalScriptsEvent as ResourcesLoadAdditionalScriptsEvent;
-use OCP\Constants;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Folder;
 use OCP\Files\IRootFolder;
@ -253,9 +252,8 @@ class ViewController extends Controller {
 		$this->initialState->provideInitialState('filesSortingConfig', $filesSortingConfig);

 		// Forbidden file characters
-		/** @var string[] */
-		$forbiddenCharacters = $this->config->getSystemValue('forbidden_chars', []);
-		$this->initialState->provideInitialState('forbiddenCharacters', Constants::FILENAME_INVALID_CHARS . implode('', $forbiddenCharacters));
+		$forbiddenCharacters = \OCP\Util::getForbiddenFileNameChars();
+		$this->initialState->provideInitialState('forbiddenCharacters', $forbiddenCharacters);

 		$event = new LoadAdditionalScriptsEvent();
 		$this->eventDispatcher->dispatchTyped($event);
--- a/apps/files/src/components/FileEntry/FileEntryName.vue
+++ b/apps/files/src/components/FileEntry/FileEntryName.vue
@ -70,7 +70,7 @@ import NcTextField from '@nextcloud/vue/dist/Components/NcTextField.js'
 import { useRenamingStore } from '../../store/renaming.ts'
 import logger from '../../logger.js'

-const forbiddenCharacters = loadState('files', 'forbiddenCharacters', '') as string
+const forbiddenCharacters = loadState<string[]>('files', 'forbiddenCharacters', [])

 export default Vue.extend({
 	name: 'FileEntryName',
@ -230,12 +230,10 @@ export default Vue.extend({
 				throw new Error(t('files', '{newName} already exists.', { newName: name }))
 			}

-			const toCheck = trimmedName.split('')
-			toCheck.forEach(char => {
-				if (forbiddenCharacters.indexOf(char) !== -1) {
-					throw new Error(this.t('files', '"{char}" is not allowed inside a file name.', { char }))
-				}
-			})
+			const char = forbiddenCharacters.find((char) => trimmedName.includes(char))
+			if (char) {
+				throw new Error(t('files', '"{char}" is not allowed inside a file name.', { char }))
+			}

 			return true
 		},
--- a/apps/files/tests/Controller/ViewControllerTest.php
+++ b/apps/files/tests/Controller/ViewControllerTest.php
@ -152,11 +152,6 @@ class ViewControllerTest extends TestCase {
 				'ownerDisplayName' => 'MyDisplayName',
 			]);

-		$this->config
-		->expects($this->any())
-			->method('getSystemValue')
-			->with('forbidden_chars', [])
-			->willReturn([]);
 		$this->config
 			->method('getUserValue')
 			->willReturnMap([
--- a/contribute/HowToApplyALicense.md
+++ b/contribute/HowToApplyALicense.md
@ -11,29 +11,15 @@ contributors.

 ## Apply a license to a new file

-If you create a new file please use a license header
+If you create a new file please use a SPDX license header.
+The year should then be the creation time and the email address is optional.

 #### Frontend source (`.js`, `.ts`, `.css` and etc)

 ```js
 /**
- * @copyright Copyright (c) <year>, <your name> (<your email address>)
- *
- * @license AGPL-3.0-or-later
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: [year] [your name] [<your email address>]
+ * SPDX-License-Identifier: AGPL-3.0-or-later
 */
 ````

@ -41,22 +27,8 @@ or `.vue` files

 ```html
 <!--
-  - @copyright Copyright (c) <year>, <your name> (<your email address>)
-  -
-  - @license AGPL-3.0-or-later
-  -
-  - This program is free software: you can redistribute it and/or modify
-  - it under the terms of the GNU Affero General Public License as
-  - published by the Free Software Foundation, either version 3 of the
-  - License, or (at your option) any later version.
-  -
-  - This program is distributed in the hope that it will be useful,
-  - but WITHOUT ANY WARRANTY; without even the implied warranty of
-  - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-  - GNU Affero General Public License for more details.
-  -
-  - You should have received a copy of the GNU Affero General Public License
-  - along with this program. If not, see <http://www.gnu.org/licenses/>.
+  - SPDX-FileCopyrightText: [year] [your name] [<your email address>]
+  - SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 ```

@ -64,55 +36,45 @@ or `.vue` files

 ```php
 /**
- * @copyright Copyright (c) <year>, <your name> (<your email address>)
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: [year] [your name] [<your email address>]
+ * SPDX-License-Identifier: AGPL-3.0-or-later
 */
 ```

 ## Apply a licence to an existing file

 If you modify an existing file, please keep the existing license header as
-it is and just add your copyright notice, for example:
+it is and just add your copyright notice.
+In order to do so there are two options:
+
+* If a generic header is already present, please just add yourself to the AUTHORS.md file
+* If no generic header is present, you can add yourself with a copyright line as described below

 ````diff
 /**
- * @copyright Copyright (c) 2022, Alice (alice@nextcloud.local)
- * @copyright Copyright (c) 2023, Bob (bob@nextcloud.local)
-+* @copyright Copyright (c) <year>, <your name> (<your email address>) 
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2022 Alice <alice@nextcloud.local>
+ * SPDX-FileCopyrightText: 2023 Bob <bob@nextcloud.local>
+* SPDX-FileCopyrightText: [year] [your name] [<your email address>]
+ * SPDX-License-Identifier: AGPL-3.0-or-later
 */
 ````

+An example of a generic license header where adding yourself to the AUTHORS.md
+file is prefered please see the example below
+
+```
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+```
+
+For more information on SPDX headers, please see 
+
+* https://reuse.software/ 
+* https://spdx.dev/
+
 ## DCO

 Additionally we require a Developer Certificate of Origin (DCO), look
--- a/core/src/components/UnifiedSearch/SearchableList.vue
+++ b/core/src/components/UnifiedSearch/SearchableList.vue
@ -46,7 +46,11 @@
 						:wide="true"
 						@click="itemSelected(element)">
 						<template #icon>
-							<NcAvatar :user="element.user" :show-user-status="false" :hide-favorite="false" />
+							<NcAvatar v-if="element.isUser" :user="element.user" :show-user-status="false" />
+							<NcAvatar v-else
+								:is-no-user="true"
+								:display-name="element.displayName"
+								:show-user-status="false" />
 						</template>
 						{{ element.displayName }}
 					</NcButton>
--- a/core/src/views/UnifiedSearchModal.vue
+++ b/core/src/views/UnifiedSearchModal.vue
@ -391,6 +391,7 @@ export default {
 					subname: contact.emailAddresses[0] ? contact.emailAddresses[0] : '',
 					icon: '',
 					user: contact.id,
+					isUser: contact.isUser,
 				}
 			})
 		},
--- a/dist/core-unified-search.js
+++ b/dist/core-unified-search.js
--- a/dist/core-unified-search.js.map
+++ b/dist/core-unified-search.js.map
--- a/dist/files-main.js
+++ b/dist/files-main.js
--- a/dist/files-main.js.map
+++ b/dist/files-main.js.map
--- a/lib/private/App/InfoParser.php
+++ b/lib/private/App/InfoParser.php
@ -30,7 +30,6 @@
 namespace OC\App;

 use OCP\ICache;
-use function libxml_disable_entity_loader;
 use function simplexml_load_string;

 class InfoParser {
@ -59,13 +58,7 @@ class InfoParser {
 		}

 		libxml_use_internal_errors(true);
-		if ((PHP_VERSION_ID < 80000)) {
-			$loadEntities = libxml_disable_entity_loader(false);
-			$xml = simplexml_load_string(file_get_contents($file));
-			libxml_disable_entity_loader($loadEntities);
-		} else {
-			$xml = simplexml_load_string(file_get_contents($file));
-		}
+		$xml = simplexml_load_string(file_get_contents($file));

 		if ($xml === false) {
 			libxml_clear_errors();
--- a/lib/private/Installer.php
+++ b/lib/private/Installer.php
@ -281,10 +281,6 @@ class Installer {
 				// Check if the signature actually matches the downloaded content
 				$certificate = openssl_get_publickey($app['certificate']);
 				$verified = (bool)openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512);
-				// PHP 8+ deprecates openssl_free_key and automatically destroys the key instance when it goes out of scope
-				if ((PHP_VERSION_ID < 80000)) {
-					openssl_free_key($certificate);
-				}

 				if ($verified === true) {
 					// Seems to match, let's proceed
@ -305,6 +301,15 @@ class Installer {
 					$folders = array_diff($allFiles, ['.', '..']);
 					$folders = array_values($folders);

+					if (count($folders) < 1) {
+						throw new \Exception(
+							sprintf(
+								'Extracted app %s has no folders',
+								$appId
+							)
+						);
+					}
+
 					if (count($folders) > 1) {
 						throw new \Exception(
 							sprintf(
@ -315,13 +320,17 @@ class Installer {
 					}

 					// Check if appinfo/info.xml has the same app ID as well
-					if ((PHP_VERSION_ID < 80000)) {
-						$loadEntities = libxml_disable_entity_loader(false);
-						$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml'));
-						libxml_disable_entity_loader($loadEntities);
-					} else {
-						$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml'));
+					$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml'));
+
+					if ($xml === false) {
+						throw new \Exception(
+							sprintf(
+								'Failed to load info.xml for app id %s',
+								$appId,
+							)
+						);
 					}
+
 					if ((string)$xml->id !== $appId) {
 						throw new \Exception(
 							sprintf(
--- a/lib/private/legacy/OC_Image.php
+++ b/lib/private/legacy/OC_Image.php
@ -294,8 +294,7 @@ class OC_Image implements \OCP\IImage {
 				$retVal = imagegif($this->resource, $filePath);
 				break;
 			case IMAGETYPE_JPEG:
-				/** @psalm-suppress InvalidScalarArgument */
-				imageinterlace($this->resource, (PHP_VERSION_ID >= 80000 ? true : 1));
+				imageinterlace($this->resource, true);
 				$retVal = imagejpeg($this->resource, $filePath, $this->getJpegQuality());
 				break;
 			case IMAGETYPE_PNG:
--- a/lib/public/AppFramework/App.php
+++ b/lib/public/AppFramework/App.php
@ -73,7 +73,7 @@ class App {
 	 */
 	public function __construct(string $appName, array $urlParams = []) {
 		$runIsSetupDirectly = \OC::$server->getConfig()->getSystemValueBool('debug')
-			&& (PHP_VERSION_ID < 70400 || (PHP_VERSION_ID >= 70400 && !ini_get('zend.exception_ignore_args')));
+			&& !ini_get('zend.exception_ignore_args');

 		if ($runIsSetupDirectly) {
 			$applicationClassName = get_class($this);
--- a/tests/lib/ImageTest.php
+++ b/tests/lib/ImageTest.php
@ -149,8 +149,7 @@ class ImageTest extends \Test\TestCase {
 		$img = new \OC_Image(null, null, $config);
 		$img->loadFromFile(OC::$SERVERROOT.'/tests/data/testimage.jpg');
 		$raw = imagecreatefromstring(file_get_contents(OC::$SERVERROOT.'/tests/data/testimage.jpg'));
-		/** @psalm-suppress InvalidScalarArgument */
-		imageinterlace($raw, (PHP_VERSION_ID >= 80000 ? true : 1));
+		imageinterlace($raw, true);
 		ob_start();
 		imagejpeg($raw, null, 80);
 		$expected = ob_get_clean();
Author	SHA1	Message	Date
Andy Scherzinger	82fb1a7513	Merge `f6e4641b6c` into `316acc3cc3`	2024-04-29 18:43:41 +02:00
Ferdinand Thiessen	316acc3cc3	Merge pull request #44996 from nextcloud/fix/unify-access-to-forbidden-chars fix(files): Use OCP\Util::getForbiddenFileNameChars instead of directaccess to system config	2024-04-29 18:14:06 +02:00
nextcloud-command	da04b8b5f6	chore(assets): Recompile assets Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>	2024-04-29 15:37:59 +00:00
Ferdinand Thiessen	c6f3aecef1	fix(files): Use string array instead of string for forbidden characters Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-04-29 17:15:00 +02:00
Ferdinand Thiessen	6a281f019c	fix(files): Use OCP\Util::getForbiddenFileNameChars instead of direct access to system config Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-04-29 17:01:32 +02:00
Côme Chilliet	147426c3ca	Merge pull request #44968 from nextcloud/fix/drop-workaround-for-obsolete-php fix: Drop workarounds for unsupported obsolete PHP versions	2024-04-29 15:31:04 +02:00
Ferdinand Thiessen	7bd35e0ee7	Merge pull request #45029 from nextcloud/backport/44972/master fix(unifiedSearch): Prevent broken avatars for federated users	2024-04-29 14:26:52 +02:00
nextcloud-command	ff49d1939d	chore(assets): Recompile assets Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>	2024-04-28 23:17:53 +00:00
fenn-cs	a51ab473da	fix(unifiedSearch): Prevent broken avatars for federated users Signed-off-by: fenn-cs <fenn25.fn@gmail.com>	2024-04-29 01:12:30 +02:00
Andy Scherzinger	f6e4641b6c	docs: Update license header how-to for use of SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-04-26 20:13:14 +02:00
Côme Chilliet	5d1ca7e25a	fix: Drop workarounds for unsupported obsolete PHP versions Also improved error handling in Installer.php to be type safe. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-04-22 16:55:42 +02:00