Implement a proper topological sorting algorithm. Based on the
implementation by https://github.com/marcj/topsort.php
Logs an error in case a circular dependency is detected.
Fixes: #30278
Signed-off-by: Jonas Meurer <jonas@freesources.org>
Instead of checking for a predefined order of the scripts, test the
logic: core first, dependencies before their children, no duplicates and
all scripts still listed.
Signed-off-by: Jonas Meurer <jonas@freesources.org>
Using escapeshellcmd to get current locale causes error
if the function is disabled.
Add fallbacks to prevent the error.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
When php version = 8, basename('§') does not bug even if LC_ALL is non-UTF-8 locale.
This cause OC_Util::isSetLocaleWorking() to skip setlocale("C.UTF-8").
Fix it by using escapeshellcmd instead of basename.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Added the system config which sets all conditions to true that query the
FrontControllerActive mod_env variable.
Signed-off-by: Felix A. Epp <work@felixepp.de>
This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly.
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.
Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.
Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjPhttp://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/
Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
reduce calls of \OCP\Util::needUpgrade()
where \OCP\Util::needUpgrade() is called we can call as well
self::checkUpgrade and use the cached result
In line 877 the call way unnecessary anyway because of the first part of
the if statement
move caching to \OCP\Util::needUpgrade
renaming variable
fixing testNeedUpgradeCore()
cache result of checkUpgrade() in self::$needUpgrade
reduce calls of \OCP\Util::needUpgrade()
where \OCP\Util::needUpgrade() is called we can call as well
self::checkUpgrade and use the cached result
In line 877 the call way unnecessary anyway because of the first part of
the if statement
move caching to \OCP\Util::needUpgrade
renaming variable
fixing testNeedUpgradeCore()
fix typo in variable name
deleting tabs
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:
1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data
Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.
To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
Louis Chemineau
Jonas Meurer
John Molakvoæ (skjnldsv)
Arthur Schiwon
Naoto Kobayashi
Daniel Rudolf
Robin Appelman
Christoph Wurst
Roeland Jago Douma
Morris Jobke
Vincent Petry
Felix Epp
Joas Schilling
Joas Schilling
Roeland Jago Douma
Lukas Reschke
Thomas Müller
Individual IT Services