mirror of https://github.com/nextcloud/server.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
backport/45538/stable29
feature/request-803
stable28
backport/45483/stable28
master
fix/unsupported-redirect
fix/open-file
dependabot/npm_and_yarn/nextcloud/l10n-3.1.0
dependabot/npm_and_yarn/nextcloud/logger-3.0.2
fix-44318-remote-share-not-listed
backport/44794/stable28
backport/44752/stable27
bugfix/error-on-reshare-after-transfer-ownership
backport/44670/stable27
issue_45523_actionmenu_in_multiple_actions_menu_bar
backport/45026/stable28
backport/45480/stable29
fix/sharedialog-28-new-files
fix-openapi-notes-share-api
backport/45222/stable27
backport/45222/stable28
backport/44130/stable27
backport/44130/stable28
fix/strict-email-verification
stable29
backport/44670/stable29
backport/45026/stable29
dependabot/npm_and_yarn/nextcloud/axios-2.5.0
fix/remove-old-scheduling-objects
backport/45594/stable29
fix/side-bar-share-removed
automated/noid/stable27-update-psalm-baseline
jtr/fix-40666-fallback-copy
backport/45413/stable29
chore/files-consolitate-route-logic
backport/36942/stable27
backport/36942/stable28
backport/36942/stable29
fix/files-default-action
feat/add-support-for-webhooks
fix/psalm/navigation-entries
fix/43612/avoid-pwd-confirm-sso
stable27
joblist-cleanup-by-id
backport/45355/stable28
fix/grid-view-contextmenu-pos
fix/44933/avoid-duplicate-inserts-in-systemtag-object-mapping
dept-remove-csrf-dependency-from-request
fix/files-middle-click
artonge/fix/opening_a_secondly_created_file
backport/45222/stable29
stable26
backport/45026/stable27
backport/44670/stable26
backport/43252/stable28
feature/recurrence-invitations2
fix-setupcheck-filelocking
feature/recurrence-invitations
feature/add-ability-to-sort-by-last-login
backport/44664/stable26
backport/44664/stable27
backport/44664/stable29
backport/44664/stable28
backport/45014/stable28
backport/45014/stable27
feat/publish-resources-room-update
jtr/fix-tests/mysql-phpunit-health
backport/44923/stable27
jtr/fix-cron-memory-usage-levels
feature/settings-design-improvements
bug/noid/fix-check-for-dark-avatar
automated/noid/stable29-fix-npm-audit
automated/noid/stable28-fix-npm-audit
backport/45058/stable27
backport/45390/stable27
feat/sort-users
enh/noid/allow-configure-config.owner
Jerome-Herbinet-education-bundle
fix/reset-notification-email
Jerome-Herbinet-better-wordings-in-new-user-modal
backport/45459/stable29
stable25
fix/issue-26668
automated/noid/stable27-fix-npm-audit
stable24
enh/noid/avatar-chinese
fix/subadmin-user-groups
backport/stable28/44905
backport/stable29/44905
qb-escape-like
filecache-chunking
def-share-provider-filecache-joins
usermountcache-filecache-joins
jtr/dns-noisy-dns-get-record
cache-move-select-children
backport/44457/stable27
fix/allow-strict-email
feat/dav/upcoming-events-api
fix/files-proper-loading-icon
feature/noid/wrapped-appconfig
feat/richobjectstrings/missing-talk-file-metadata
fix/dav/image-export-plugin-fallback
feat/excalidraw-file-support
dependabot/npm_and_yarn/simplewebauthn/types-10.0.0
storage-cache-not-exists
fix/blur-chromium
feat/taskprocessingapi/next-task-endpoint
feat/45085/validate-config-values
techdebt/noid/log-condition-v2
backport/45374/stable29
backport/44763/stable27
man/backport/45237/stable27
enhanc/audit-tag-creator
fix/ldap-avoid-false-positive-mapping
fix/noid/prevent-duplicate-click-event-on-login
backport/44464/master
backport/44464/stable29
backport/45026/stable26
backport/44464/stable28
fix/ldap-list-remnant-as-disabled
remove-locking-config-sample
fix/import-axios
fix/webdav-aja
perf/systemtags-object-mapping-objectid-index
chore/migrate-vite
backport/44218/stable29
dependabot/npm_and_yarn/nextcloud/browserslist-config-3.0.1
jr/meta/issue-template-bugs-closed-link
backport/44791/stable28
perf/sharing-events
check-phpoutdated
dependabot/npm_and_yarn/nextcloud/browser-storage-0.4.0
dependabot/npm_and_yarn/nextcloud/stylelint-config-3.0.1
feat/bom-js
backport/44496/stable28
backport/45196/stable28
fix/files-source-no-fileid
feat/auth/authtoken-clean-up
fix/allow-enforcing-windows-support
fix/ensure-blacklist-is-honored
fix/auth-token-uniq-constraint-violation-handling
artonge/fix/listen_to_group_removal_for_share
man/backport/44839/stable28
feat/workflow-auto-update-node.yml
fix/appframework/csrf-request-checks
feat/restore-to-original-dir
test-scanner-no-transactions-26
test-scanner-no-transactions
reshare-permission-logic-27
debug/noid/log-reason-token-mismatch
fix/forbidden-files-insensitive
no-issue-use-correct-exceptions-in-share-class
noissue-refactor-share-class
fix/catch-redis-exception
backport/44838/stable28
backport/44956/stable28
bugfix/noid/sensitive-dav-forbidden-logging
rakekniven-patch-1
backport/45105/stable28
backport/44533/stable29
feat/upload-folders
backport/44938/stable28
fix/user-provider-search-shown
backport/44972/stable28
backport/44805/stable28
dependabot/npm_and_yarn/nextcloud/cypress-1.0.0-beta.8
feat/26668/notifications-for-shared-calendars-2
stable23
forbid-moving-subfolder-24
fix/issue-43115
stable21
stable22
backport/44923/stable28
backport/44973/stable29
backport/44745/stable29
backport/44745/stable28
backport/44745/stable27
44319-fix-fed-share-user-avatars
fix/lock-session-during-cookie-renew
backport/44884/stable28
backport/44884/stable27
backport/44805/stable29
backport/43252/stable27
fix/43260
pull_request-trigger
backport/44039/stable29
backport/44039/stable28
backport/44838/stable27
backport/44868/stable28
fix/retry-delete-if-locked
query-req-id-26
backport/44644/stable29
artonge/feat/add_retry_support_to_query_builder
artonge/chore/user_retry_trait
fix/deps-min-pear
fix/noid/federation-really-surely-init-token
feat/log-large-assets
db-error-logging-27
db-error-logging
db-error-logging-28
fix/noid/ldap-n-counted-mapped-users
Fix/duplicate-reminders
feat/assetlinks-json
deps/symfony-polyfill-intl-grapheme
fix/deps/php-seclin
debug-file-exists-backtrace
path-available
backport/44306/stable29
oci-ci-faststart
fix/core-session-logout-logging
fix/auth/authtoken-activity-update-in-transaction
fix-federated-group-shares-when-no-longer-found-in-remote-server
fix/encryption/web-ui-bogus
backport/44555/stable27
fix/handle-errors-in-migrate-key-format
dependabot/npm_and_yarn/davclient.js-de93b73
bugfix/noid/consistent-handling-of-SensitiveParameter
backport/44017/stable26
remove-filecache-joins
chore/use-nextcloud-cypress-docker-node
occ-as-root
backport/44075/stable28
backport/44075/stable27
backport/44075/stable26
feat/dav/calendar-object-admin-audit-log
27-shared-null-storage-merged
wrapper-instanceof-resiliant-squash
fix/noid/return-verified-email
backport/44236/stable28
backport/44132/stable28
fix/44288/catch-filesmetadatanotfound-exception
jr/enh/updates/options-buttons-web-ui
enh/users-configured-quota-value
storage-id-cache-memcache
enh/noid/returns-formated-app-values-2
fix/session/transactional-remember-me-renewal
backport/44130/stable26
release/29.0.0beta2
enh/noid/fix-personal-settings-layout
fix/dav/abort-incomplete-caldav-changes-sync
fix/noid/null-safe-metadata
login-less-custom-bundle
fieat/profile-pronounces
backport/43252/stable26
smb-notify-test
share-mount-check-no-in
backport/41327/stable26
Jerome-Herbinet-better-devices-wipe-action-wording
fixstable26/sharing/locking-orphan-share-delete
enh/displayname-group-search
enh/identityproof/key_storage
enh/favorite-search
remove-non-accessible-shares
stream-assembly-stream-size
seekable-http-size-24
fix/noid/ldap-displayname-cached
invalidateTokensOnlySeenUsers
remove-unset-parameters
fix/profile/set-config-cache-after-write
fix/download-limit-streaming
merge-token-updates
feat/database/primary-replica-split-stable28
backport/39607/stable26
feature/minSupportDesktopVerMsg
enh/test-mtime-after-move
fix/updatenotification-legacy-toast
ignore-write-test-unlink-err
enh/add-details-to-code-integrity-check
HolgerHees-fix-csp-nonce-handling
fix/do-not-throw-from-countusers
perf/noid/split-getSharedWith-query-into-more-performance-sets
container-optimizations
certificate-manager-fallback
contctsinteraction-usersetting
dav-fix-birthday-sync
enhancement/passwordless-login-token
backport/42930/stable26
fix/session/log-session-id
chore/ncselect-label-warning
metaGenMemLimit
backport/42971/stable25
backport/42172/stable26
instance-quota
file-info-key-location-27
storage-debug-info
backport/40939/stable28
fix/session/log-session-start-error
refactor/app/remove-register-routes
bugfix/cleanup-s3-multipart
fix/log-login-flow-state-token-errors
fix/adjust-default-color-background-plain-to-new-background
debugging/noid/listener-measuring
add-caldav-repair-middleware
fix/carddav/create-sab-concurrently
revert/41453
optionally-hide-hidden-files-in-public-share-access
enh/noid/gs.federation.auto_accept_shares
obj-delete-not-found-20
obj-delete-not-found
enh/in-app-search
getMountsForFileId-non-sparse
fix/noid/deleted-circles-share
enh/noid/disable-user-unmount
bugfix/noid/improve-installation-speed-of-oracle
location-provider
Jerome-Herbinet-share-with-fix
normlize-less
followup/39574/ocm-provider-without-beautiful-urls
kerberos-saved-ticket-27
feat/expose-nc-groups-to-system-addressbook-contacts
stable20
kerberos-saved-ticket
fix/dashboard--performance-and-refactoring
feat/settings/too-much-caching-setup-check
fix/session/log-likely-lost-session-conditions
oc-wnd-migrate-25
fix/wrong-file-size-unit-used
feat/database/query-result-fetch-associative-fetch-num
oc-wnd-migrate
artonge/debt/core_main.js
feat/cors-on-webdav
fix/noid/refresh-filesize-on-conflict-24
profile-request
dav-push-sync
updater-change-mimetype-objectstore
fix/refactor-user-access-to-file-list
sftp-known-mtime
exceptionsTranslateShare
sftp-fopen-write-stat-cache
revoke-admin-overwrite-8
fix/debounce-account-properties
feat/noid/ratelimit-header
feat/node-dist
stable18
feat/account/add-birthday-prop
fix-remove-auto-guessing-for-preview-semaphore
stable19
log-event-recursion
enh/repair-mimetype-job
repair-tree-invalid-parent
fix-dav-properties-column-type
fix/caldav/event-organizer-interaction
background-job-list-reserved
fix/session-cron
run-test-mime-type-icon-again
fox/noid/extended-auth-on-webdav
files-external-setup-path
share-list-set-owner
enh/a11y-util
7935-download-files-via-post
bugfix/avoid-extra-stream-copy
bug/files-scroll
enh/filepicker-permissions
user-files-debug-info
bugfix/38171/revert-status-when-overwritten
email-template-html-fragment
admin_audit/enh/move-to-event-listeners
chore/security/log-password-confirmation-user-backend
feat-add-iavaialble-in-maintenance-mode
bugfix/noid/unavailable-shares
enh/noid/add-avif
locate-key-fix
external-list-for
JonathanTreffler-stop-spamming-deprecations
storage-cache-init-in-transaction
enh/trashbin-scan-command
enh/extend-allowed-cloud-id-characters
trashbin-skip-logging
fix-migration-closures
direct-access-shared-calendar
add-vtimezone-data-when-creating-personal-calendar
artonge/feat/download_providers
hidden-folder
add-setting-to-hide-birthday-deceased-contacts
file-cache-insertion-atomic
extract-caldav-sharing-plugin
enh/noid/add-imagick-destroy
remove_depreated_files
chore/catch-missing-non-optional-controller-parameter
enhancement/typed-db-entity
multi-object-store
feat/mail-admin-vue
enhancement/caldav-resources-sync-command
enh/noid/getcachebuster-in-webmanifest
home-storage-lazy-datadir
fix/noid/identity-proof-key-checksum
use_HSTS
share-null-source
upload-chunk-locking
setupmanager-lazy-user
introduce/orm
mountcache-lazy-user
share-lazy-user
add-integration-tests-for-getting-folder-sizes
enh/noid/iconfig
add-clear-add-to-user-status-public-api
cache-mimtype-mapping
stable17
stable16
work/sharing_trash
fix/wrong-image-type
dont-allow-reusing-usernames
stable15
stable14
stable13
stable12
stable-swift-v3
stable11
stable10
stable9
v27.1.10
v29.0.2rc2
v29.0.2rc1
v27.1.10rc2
v28.0.6
v29.0.1
v29.0.1rc1
v27.1.10rc1
v28.0.6rc1
v28.0.5
v27.1.9
v29.0.0
v27.1.9rc1
v28.0.5rc1
v29.0.0rc5
v29.0.0rc4
v29.0.0rc3
v29.0.0rc2
v29.0.0rc1
v26.0.13
v27.1.8
v28.0.4
v29.0.0beta6
v29.0.0beta5
v28.0.4rc1
v27.1.8rc1
v26.0.13rc1
v29.0.0beta4
v29.0.0beta3
v29.0.0beta2
v29.0.0beta1
v26.0.12
v27.1.7
v28.0.3
v27.1.7rc2
v26.0.12rc2
v28.0.3rc2
v28.0.3rc1
v27.1.7rc1
v26.0.12rc1
v28.0.2
v28.0.2rc5
v28.0.2rc4
v26.0.11
v27.1.6
v28.0.2rc3
v28.0.2rc2
v27.1.6rc2
v26.0.11rc2
v28.0.2rc1
v27.1.6rc1
v26.0.11rc1
v28.0.1
v28.0.1rc1
v26.0.10
v27.1.5
v28.0.0
v28.0.0rc4
v28.0.0rc3
v27.1.5rc1
v26.0.10rc1
v28.0.0rc2
v28.0.0rc1
v27.1.4
v26.0.9
v28.0.0beta4
v27.1.4rc1
v26.0.9rc1
v28.0.0beta3
v28.0.0beta2
v28.0.0beta1
v25.0.13
v26.0.8
v27.1.3
v27.1.3rc2
v26.0.8rc2
v25.0.13rc2
v25.0.13rc1
v26.0.8rc1
v27.1.3rc1
v27.1.2
v27.1.2rc1
v27.1.1
v26.0.7
v25.0.12
v27.1.0
v27.1.0rc4
v26.0.6
v25.0.11
v27.1.0rc3
v27.1.0rc2
v25.0.11rc1
v26.0.6rc1
v27.1.0rc1
v27.1.0beta3
v27.1.0beta2
v26.0.5
v25.0.10
v27.0.2
v27.0.2rc1
v26.0.5rc1
v25.0.10rc1
v25.0.9
v26.0.4
v27.0.1
v25.0.9rc2
v26.0.4rc2
v27.0.1rc2
v27.0.1rc1
v26.0.4rc1
v25.0.9rc1
v25.0.8
v26.0.3
v26.0.3rc2
v25.0.8rc2
v26.0.3rc1
v25.0.8rc1
v27.0.0
v27.0.0rc4
v27.0.0rc3
v27.0.0rc2
v26.0.2
v25.0.7
v26.0.2rc1
v25.0.7rc1
v27.0.0rc1
v27.0.0beta2
v27.0.0beta1
v24.0.12
v25.0.6
v26.0.1
v26.0.1rc1
v24.0.12rc1
v25.0.6rc1
v25.0.5
v24.0.11
v26.0.0
v25.0.5rc1
v24.0.11rc1
v26.0.0rc3
v26.0.0rc2
v26.0.0rc1
v26.0.0beta5
v24.0.10
v25.0.4
v26.0.0beta4
v25.0.4rc1
v24.0.10rc1
v26.0.0beta3
v26.0.0beta2
v26.0.0beta1
v24.0.9
v25.0.3
v24.0.9rc2
v25.0.3rc2
v25.0.3rc1
v24.0.9rc1
v23.0.12
v24.0.8
v25.0.2
v25.0.2rc3
v23.0.12rc2
v24.0.8rc2
v25.0.2rc2
v25.0.2rc1
v23.0.12rc1
v24.0.8rc1
v25.0.1
v24.0.7
v23.0.11
v24.0.7rc1
v25.0.1rc1
v23.0.11rc1
v25.0.0
v25.0.0rc5
v25.0.0rc4
v25.0.0rc3
v24.0.6
v23.0.10
v25.0.0rc2
v24.0.6rc1
v23.0.10rc1
v25.0.0rc1
v25.0.0beta7
v25.0.0beta6
v25.0.0beta5
v24.0.5
v23.0.9
v25.0.0beta4
v24.0.5rc1
v23.0.9rc1
v25.0.0beta3
v25.0.0beta2
v25.0.0beta1
v24.0.4
v23.0.8
v24.0.4rc1
v23.0.8rc1
v22.2.10
v23.0.7
v24.0.3
v23.0.7rc2
v22.2.10rc2
v24.0.3rc2
v22.2.10rc1
v23.0.7rc1
v24.0.3rc1
v24.0.2
v23.0.6
v22.2.9
v22.2.9rc1
v23.0.6rc1
v24.0.2rc1
v24.0.1
v23.0.5
v22.2.8
v22.2.8rc1
v23.0.5rc1
v24.0.1rc1
v24.0.0
v24.0.0rc3
v24.0.0rc2
v23.0.4
v22.2.7
v23.0.4rc1
v22.2.7rc1
v24.0.0rc1
v24.0.0beta3
v24.0.0beta2
v24.0.0beta1
v23.0.3
v22.2.6
v23.0.3rc2
v22.2.6rc2
v22.2.6rc1
v23.0.3rc1
v21.0.9
v22.2.5
v23.0.2
v21.0.9rc1
v22.2.5rc1
v23.0.2rc1
v21.0.8
v22.2.4
v23.0.1
v22.2.4rc3
v21.0.8rc3
v23.0.1rc3
v23.0.1rc2
v22.2.4rc2
v21.0.8rc2
v21.0.8rc1
v22.2.4rc1
v23.0.1rc1
v23.0.0
v23.0.0rc3
v21.0.7
v22.2.3
v22.2.2
v23.0.0rc2
v23.0.0rc1
v20.0.14
v21.0.6
v22.2.1
v23.0.0beta3
v20.0.14rc1
v21.0.6rc1
v22.2.1rc1
v23.0.0beta2
v23.0.0beta1
v21.0.5
v22.2.0
v20.0.13
v20.0.13rc1
v22.2.0rc2
v21.0.5rc1
v22.1.1
v22.1.1rc2
v22.1.1rc1
v22.1.0
v21.0.4
v20.0.12
22.1.0
20.0.12rc1
v21.0.4rc1
v22.1.0rc1
v22.0.0
v19.0.13
v20.0.11
v21.0.3
v22.0.0rc2
v21.0.3rc1
v20.0.11rc1
v19.0.13rc1
v22.0.0rc1
v22.0.0beta5
v22.0.0beta4
v22.0.0beta3
v22.0.0beta2
v22.0.0beta1
v19.0.12
v19.0.11
v20.0.10
v21.0.2
v19.0.11RC1
v20.0.10RC1
v21.0.2RC1
v19.0.10
v20.0.9
v21.0.1
v21.0.1RC1
v20.0.9RC1
v19.0.10RC1
v20.0.8
v19.0.9
v21.0.0
v19.0.9RC1
v20.0.8RC1
v21.0.0RC2
v21.0.0RC1
v20.0.7
v20.0.7RC1
v21.0.0beta8
v20.0.6
v19.0.8
v18.0.14
v21.0.0beta7
v18.0.14RC1
v19.0.8RC1
v20.0.6RC1
v21.0.0beta6
v20.0.5
v19.0.7
v18.0.13
v20.0.5RC2
v21.0.0beta5
v20.0.5RC1
v19.0.7RC1
v18.0.13RC1
v21.0.0beta4
v21.0.0beta3
v21.0.0beta2
v20.0.4
v21.0.0beta1
v18.0.12
v19.0.6
v20.0.3
v20.0.3RC2
v19.0.6RC2
v18.0.12RC2
v20.0.2
v19.0.5
v18.0.11
v20.0.2RC2
v19.0.5RC2
v18.0.11RC2
v20.0.2RC1
v18.0.11RC1
v19.0.5RC1
v20.0.1
v20.0.1RC1
v19.0.4
v18.0.10
v17.0.10
v18.0.10RC2
v19.0.4RC2
v20.0.0
v19.0.40RC1
v18.0.10RC1
v17.0.10RC1
v20.0.0RC2
v20.0.0RC1
v20.0.0beta4
v18.0.9
v19.0.3
v18.0.9RC1
v19.0.3RC1
v20.0.0beta3
v20.0.0beta2
v19.0.2
v18.0.8
v17.0.9
v17.0.9RC2
v18.0.8RC2
v19.0.2RC2
v20.0.0beta1
v19.0.2RC1
v18.0.8RC1
v17.0.9RC1
v19.0.1
v18.0.7
v17.0.8
v19.0.1RC1
v18.0.7RC1
v17.0.8RC1
v18.0.6
v16.0.11
v17.0.7
v18.0.5
v17.0.5RC1
v17.0.7RC1
v16.0.11RC1
v19.0.0
v19.0.0RC3
v19.0.0RC2
v19.0.0RC1
v19.0.0beta7
v19.0.0beta6
v19.0.0beta5
v16.0.10
v17.0.6
v18.0.4
v17.0.6RC2
v16.0.10RC2
v18.0.4RC2
v19.0.0beta4
v19.0.0beta3
v16.0.10RC1
v17.0.6RC1
v18.0.4RC1
v19.0.0beta2
v19.0.0beta1
v18.0.2
v17.0.4
v16.0.9
v18.0.2RC2
v17.0.4RC2
v16.0.9RC2
v16.0.9RC1
v17.0.4RC1
v18.0.2RC1
v18.0.1
v18.0.1RC3
v18.0.1RC2
v18.0.1RC1
v17.0.3
v16.0.8
v16.0.8RC1
v17.0.3RC1
v18.0.0
v18.0.0RC2
v18.0.0RC1
v18.0.0beta4
v18.0.0beta3
v17.0.2
v16.0.7
v15.0.14
v15.0.14RC1
v16.0.7RC1
v17.0.2RC1
v18.0.0beta2
v18.0.0beta1
v16.0.6
v15.0.13
v17.0.1
v16.0.6rc1
v15.0.13rc1
v17.0.1rc1
v17.0.0
v16.0.5
v15.0.12
v15.0.12RC1
v16.0.5RC1
v17.0.0rc2
v17.0.0rc1
v17.0.0beta4
v17.0.0beta3
v17.0.0beta2
v17.0.0beta1
v16.0.4
v15.0.11
v14.0.14
15.0.11
16.0.4
v16.0.4RC1
v15.0.11RC1
v14.0.14RC1
v16.0.3
v15.0.10
v14.0.13
v15.0.9
v16.0.2
v14.0.13RC1
v15.0.9RC1
v14.0.12
v16.0.1
v15.0.8
v14.0.11
v14.0.11RC1
v15.0.8RC1
v16.0.1RC1
v16.0.0
16.0.0RC2
v16.0.0RC1
v14.0.10
v15.0.7
v16.0.0beta3
v14.0.9
v15.0.6
v15.0.6RC1
v14.0.9RC1
v16.0.0beta2
v16.0.0beta1
v16.0.0alpha1
v15.0.5
v14.0.8
v13.0.12
v14.0.8RC2
v15.0.5RC2
v15.0.5RC1
v14.0.8RC1
v13.0.12RC1
v15.0.4
v15.0.3
v14.0.7
v13.0.11
v15.0.3RC1
v14.0.7RC1
v13.0.11RC1
v15.0.2
v14.0.6
v13.0.10
v15.0.1
v14.0.5
v13.0.9
v13.0.9RC2
v14.0.5RC2
v15.0.1RC2
v13.0.9RC1
v14.0.5RC1
v15.0.1RC1
v15.0.0
v15.0.0RC3
v15.0.0RC2
v15.0.0RC1
v14.0.4
v13.0.8
v12.0.13
v14.0.4RC2
v13.0.8RC2
v12.0.13RC2
v15.0.0beta2
v14.0.4RC1
v13.0.8RC1
v12.0.13RC1
v15.0.0beta1
v14.0.3
v14.0.2
v13.0.7
v12.0.12
v14.0.2RC2
v13.0.7RC2
v12.0.12RC2
v12.0.12RC1
v13.0.7RC1
v14.0.2RC1
14.0.2RC1
12.0.12RC1
13.0.7RC1
v14.0.1
v14.0.1RC1
v14.0.0
v14.0.0RC2
v12.0.11
v13.0.6
v14.0.0RC1
v12.0.11RC1
v13.0.6RC1
v14.0.0beta4
v14.0.0beta3
v14.0.0beta2
v14.0.0beta1
v12.0.10
v13.0.5
v13.0.5RC2
v12.0.10RC1
v13.0.5RC1
v12.0.9
v13.0.4
v12.0.8
v13.0.3
v13.0.3RC2
v13.0.3RC1
v12.0.8RC1
v12.0.7
v13.0.2
v12.0.7RC1
v13.0.2RC1
v11.0.8
v12.0.6
v13.0.1
v13.0.1RC1
v12.0.6RC1
v11.0.8RC1
v13.0.0
v13.0.0RC4
v13.0.0RC3
v11.0.7
v12.0.5
v12.0.5RC3
v11.0.7RC3
v13.0.0RC2
v12.0.5RC2
v11.0.7RC2
v13.0.0RC1
v11.0.7RC1
v12.0.5RC1
v13.0.0beta4
v13.0.0beta3
v13.0.0beta2
v11.0.6
v12.0.4
v12.0.4RC3
v11.0.6RC1
v12.0.4RC2
v12.0.4RC1
v13.0.0beta1
v12.0.3
v11.0.5
v12.0.3RC2
v11.0.5RC1
v12.0.3RC1
v12.0.2
v10.0.6
v11.0.4
v12.0.1
v12.0.1RC5
v12.0.1RC4
v12.0.1RC3
v12.0.1RC2
v10.0.6RC1
v11.0.4RC1
v12.0.1RC1
v12.0.0
v12.0.0RC3
v12.0.0RC2
v12.0.0RC1
v12.0.0beta4
v12.0.0beta3
v12.0.0beta2
v12.0.0beta1
v9.0.58
v10.0.5
v11.0.3
v10.0.5RC2
v11.0.3RC2
v11.0.3RC1
v10.0.5RC1
v9.0.58RC1
v9.0.57
v10.0.4
v11.0.2
v9.0.57RC1
v10.0.4RC1
v11.0.2RC1
v11.0.1
v10.0.3
v9.0.56
v9.0.56RC1
v10.0.3RC1
v11.0.1RC1
v11.0.0
v9.0.7
v9.1.3
v11.0RC2
v9.0.55
v10.0.2
v9.1.3RC1
v9.0.7RC1
v9.1.2
v9.0.6
v8.2.9
v8.1.11
v8.0.16
v9.1.2RC2
v9.0.6RC2
v8.2.9RC2
v8.1.11RC2
v8.0.16RC2
v9.1.2RC1
v9.0.6RC1
v8.2.9RC1
v8.1.11RC1
v8.0.16RC1
v9.1.1
v9.0.5
v8.2.8
v8.1.10
v8.0.15
v9.0.54RC1
v9.1.1RC3
v9.1.1RC2
v9.0.5RC2
v8.2.8RC2
v10.0.0
v10.0RC1
v9.1.1RC1
v9.0.5RC1
v8.2.8RC1
v8.1.10RC1
v8.0.15RC1
v9.0.53
v9.1.0RC4
v9.0.4
v8.2.7
v8.1.9
v8.0.14
v9.1.0RC3
v9.1.0RC2
v9.0.4RC1
v8.2.7RC1
v8.1.9RC2
v8.0.14RC2
v9.0.52
v9.0.52RC1
v8.1.9RC1
v9.1.0RC1
v9.0.51
v9.0.3RC1
v9.0.50
v9.0.1beta2
v9.1.0beta2
v9.1.0beta1
v7.0.15
v8.0.13
v8.1.8
v8.2.5
v7.0.15RC2
v8.0.13RC2
v8.1.8RC2
v8.2.5RC2
v7.0.15RC1
v8.0.13RC1
v8.1.8RC1
v8.2.5RC1
v7.0.14
v8.0.12
v8.1.7
v8.2.4
v9.0.2
v7.0.14RC2
v8.0.12RC2
v8.1.7RC2
v8.2.4RC2
v9.0.2RC2
v7.0.14RC1
v8.0.12RC1
v8.1.7RC1
v8.2.4RC1
v9.0.2RC1
v9.0.1
v9.0.1RC2
v9.0.1RC1
v9.0.1beta
v7.0.13
v8.0.11
v8.1.6
v8.2.3
v9.0.0
v9.0.0RC3
v7.0.13RC2
v8.0.11RC2
v8.1.6RC2
v8.2.3RC2
v9.0.0RC2
v7.0.13RC1
v8.0.11RC1
v8.1.6RC1
v8.2.3RC1
v9.0.0RC1
v9.0.0beta2
v9.0beta1
v7.0.12
v8.0.10
v8.1.5
v8.2.2
v7.0.12RC1
v8.0.10RC1
v8.1.5RC1
v8.2.2RC1
v8.2.1
v8.2.1RC4
v8.2.1RC3
v8.2.1RC2
v8.2.1RC1
v7.0.11
v8.0.9
v8.1.4
v7.0.11RC2
v8.0.9RC2
v8.1.4RC2
v7.0.11RC1
v8.0.9RC1
v8.1.4RC1
v8.2.0
v8.2RC3
v8.2RC2
v8.2RC1
v8.2beta1
v7.0.10
v8.1.2
v8.0.7
v7.0.9
v8.1.2RC1
v8.0.7RC1
v7.0.9RC1
v8.1.1
v8.0.6
v7.0.8
v7.0.8RC1
v8.0.6RC1
v8.1.1RC1
v6.0.10beta1
v7.0.8beta1
v8.0.6beta1
v8.1.1beta1
v8.1.1beta
v6.0.9
v7.0.7
v8.0.5
v8.1.0
v8.1RC2
v6.0.9RC1
v7.0.7RC1
v8.0.5RC1
v6.0.9beta
v7.0.7beta
v8.0.5beta
v6.0.8
v7.0.6
v8.0.4
v6.0.8RC2
v7.0.6RC2
v8.0.4RC2
v8.0.4RC1
v6.0.8RC1
v7.0.6RC1
v8.1.0beta2
v8.1.0beta1
v8.0.3
v8.0.3RC4
v8.1.0alpha2
v8.0.3RC3
v8.1.0alpha1
v8.0.3RC2
v8.0.3RC1
v8.0.2
v8.0.1
v8.0.1RC1
v5.0.19
v6.0.7
v7.0.5
v8.0.0
v8.0.0RC2
v8.0.0RC1
v8.0.0beta2
v8.0.0beta1
v8.0.0alpha2
v8.0.0alpha1
v7.0.4
v7.0.4RC2
v7.0.4RC1
v6.0.6
v7.0.3
v7.0.3RC3
v7.0.3RC2
v6.0.6RC1
v7.0.3RC1
v7.0.3alpha1
v6.0.5
v7.0.2
v3.0alpha1
v3.0RC1
v2.0beta3
v1.0RC1
v1.1
v1.0.0beta1
v6.0.5RC1
v7.0.2RC1
v7.0.1
v7.0.1RC1
v7.0.0
v7.0.0RC3
v7.0.0RC2
v7.0.0RC1
v7.0.0beta1
v5.0.17
v6.0.4
v7.0.0alpha2
v6.0.4beta1
v5.0.17beta1
v5.0.16
v6.0.3
v6.0.3RC1
v5.0.16RC1
v5.0.15
v6.0.2
v5.0.15RC1
v6.0.2RC1
v6.0.1
v6.0.1RC1
v5.0.14a
v5.0.14
v6.0.0a
v6.0.0
v6.0.0RC4
v6.0.0RC3
v6.0.0RC2
v6.0.0RC1
v6.0.0beta5
v6.0.0beta4
v6.0.0beta3
v5.0.13
v6.0.0beta2
v6.0.0alpha2
v5.0.12
v5.0.11
v5.0.10
v5.0.9
v5.0.8
v4.5.13
v5.0.7
v4.0.16
v4.5.12
v5.0.6
v4.5.11
v4.0.15
v4.5.10
v5.0.5
v5.0.5RC1
v4.5.10RC1
v4.0.14
v4.5.9
v5.0.4
v5.0.4RC1
v5.0.3
v5.0.2
v5.0.1
v4.0.13
v4.5.8
v5.0.0
v5.0.0RC3
v5.0.0RC2
v5.0.0RC1
v5.0.0beta2
v5.0.0beta1
v4.0.12
v4.5.7
v5.0.0alpha1
v4.0.11
v4.5.6
v4.5.5
v4.0.10
v4.5.4
v4.5.3
v4.0.9
v4.5.2
v4.5.1a
v4.5.1
v4.0.8
v4.5.0
v4.5.0RC3
v4.5.0RC2
v4.5.0RC1
v4.5.0beta4
v4.5.0beta3
v4.5.0beta2
v4.5.0beta1
v4.0.7
v4.0.6
v4.0.5
v4.0.4
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v4.0.0RC2
v4.0.0RC
v4.0.0beta
v3.0.1
v3.0
list
theming-1.4.5
v10.0.1
v10.0.1RC1
v16.0.2RC1
v8.0.8
v8.1.3
v8.2.6
v8.2.6RC1
v9.0.3
v9.0.54
v9.1.0
${ noResults }
92 lines
2.2 KiB
PHP
92 lines
2.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
/**
|
|
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
namespace OC\Security;
|
|
|
|
use OC\AppFramework\Http\Request;
|
|
use OCP\IConfig;
|
|
use OCP\Security\ITrustedDomainHelper;
|
|
|
|
class TrustedDomainHelper implements ITrustedDomainHelper {
|
|
public function __construct(
|
|
private IConfig $config,
|
|
) {
|
|
}
|
|
|
|
/**
|
|
* Strips a potential port from a domain (in format domain:port)
|
|
* @return string $host without appended port
|
|
*/
|
|
private function getDomainWithoutPort(string $host): string {
|
|
$pos = strrpos($host, ':');
|
|
if ($pos !== false) {
|
|
$port = substr($host, $pos + 1);
|
|
if (is_numeric($port)) {
|
|
$host = substr($host, 0, $pos);
|
|
}
|
|
}
|
|
return $host;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public function isTrustedUrl(string $url): bool {
|
|
$parsedUrl = parse_url($url);
|
|
if (empty($parsedUrl['host'])) {
|
|
return false;
|
|
}
|
|
|
|
if (isset($parsedUrl['port']) && $parsedUrl['port']) {
|
|
return $this->isTrustedDomain($parsedUrl['host'] . ':' . $parsedUrl['port']);
|
|
}
|
|
|
|
return $this->isTrustedDomain($parsedUrl['host']);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public function isTrustedDomain(string $domainWithPort): bool {
|
|
// overwritehost is always trusted
|
|
if ($this->config->getSystemValue('overwritehost') !== '') {
|
|
return true;
|
|
}
|
|
|
|
$domain = $this->getDomainWithoutPort($domainWithPort);
|
|
|
|
// Read trusted domains from config
|
|
$trustedList = $this->config->getSystemValue('trusted_domains', []);
|
|
if (!is_array($trustedList)) {
|
|
return false;
|
|
}
|
|
|
|
// Always allow access from localhost
|
|
if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) {
|
|
return true;
|
|
}
|
|
// Reject malformed domains in any case
|
|
if (str_starts_with($domain, '-') || str_contains($domain, '..')) {
|
|
return false;
|
|
}
|
|
// Match, allowing for * wildcards
|
|
foreach ($trustedList as $trusted) {
|
|
if (gettype($trusted) !== 'string') {
|
|
break;
|
|
}
|
|
$regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) {
|
|
return preg_quote($v, '/');
|
|
}, explode('*', $trusted))) . '$/i';
|
|
if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
}
|