Signed-off-by: Patrik Kernstock <info@pkern.at>

Remove random_compat

Allow "same-origin" as "Referrer-Policy"

Signed-off-by: Joas Schilling <coding@schilljs.com>

Fixes #11531

Although "same-origin" is more strict than e.g. strict-origin it showed up a warning in setupcheck
Based on https://scotthelme.co.uk/a-new-security-header-referrer-policy/



Signed-off-by: Moritz Beck <git@birkenstab.de>

Make php7.3 compatible

Remove duplicate call to decodeURIComponent

Merge pull request #11756 from nextcloud/ignore-session-lifetime-if-it-can-not-be-converted-to-a-number

Ignore "session_lifetime" if it can not be converted to a number

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

When "session_lifetime" can not be converted to a number the interval
becomes a NaN due to dividing it by 2. This NaN was "dragged" over all
the other mathematical operations and caused the csrftoken to be got
again and again due to an infinite loop with no pauses in "setInterval".
Now, the interval is set to the default value instead if the
"session_lifetime" can not be converted to a number.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

[3rdparty] Symfony-3.4.17

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Add syntax ci job for php7.2

Signed-off-by: Bernd Stellwag <burned@zerties.org>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Pin Bower versions

Add admin interface to enforce 2FA

Allow to inject/mock `new \DateTime()` similar to time()

Move normalizePath to regexes instead of looping

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

This is IMO a bit more readable and it seems to make the code faster.
Tested it on the company instance where there are over 3k calls to this
function. It shaves off around 10ms.

The advantage here is that the pattern gets optimized by php itsel and
cached.
Also looking for all patterns at the same time and especially no longer
looping for /./ patterns should save time.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Fix a misleading setup check for .well-known/caldav & carddav

The problem is that the version without the slash is the correct one.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Add function to generate urls for OCS routes

Use numeric placeholders if there are multiple, so that RTL languages…

fixes #11617

The OCS routes are only absolute for now as they are often exposed to
the outside anyway and are on a different endpoint than index.php in
anyway.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Revert "in 14 the click action gets lost in the Backbone view."

Fix depracted jQuery.bind call

Fix usage of deprecated OC.webroot

Move GitHub files to .github directory

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Update CRL due to changed cert for linkshareex