summaryrefslogtreecommitdiffstats
path: root/application
AgeCommit message (Collapse)AuthorFilesLines
2020-10-07API: Update API version to 2.2.0Florian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2020-10-07API: Only consider public methods as API endpointsFlorian Pritz1-1/+1
We are not only interested in checking if a method exists here, but really also if it can be called (e.g. if it is public). Private methods should not be considered as potential API endpoints. Before this, private methods could be called, leading to a 500 error due to a call to the private method. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2020-10-07API: Add `minimum-id-length` post parameterSimon Schuster3-2/+82
This parameter controls the generated id for files (file/upload) and multipastes (file/create_multipaste). The post parameter has to be a positive integer value >= 2. Changes by Florian Pritz: - minor style and typo fixes - NEWS entry - check expected error reply content in tests Signed-off-by: Florian Pritz <bluewind@xinu.at>
2020-04-19Reclassify various exceptions as InsufficientPermissionsExceptionFlorian Pritz2-2/+2
That way they get the correct HTTP status code and they also get ignored by the logging code. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2020-04-19Reclassify various exceptions as UserInputExceptionFlorian Pritz4-15/+15
These are errors that a user can correct themselves so we should classify them accordingly. That way they get the correct HTTP status code and they also get ignored by the logging code. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2020-02-09Fix error when repasting non-existent IDFlorian Pritz1-4/+5
We shouldn't treat a possibly boolean value as an array (`$filedata["data_id"]`). Signed-off-by: Florian Pritz <bluewind@xinu.at>
2020-01-15Link to OpenSUSE client repository by Moritz WilhelmyFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-12-07ExceptionHandler: Fix null object array access errorFlorian Pritz1-1/+1
Not sure why, but this only started to happen with php 7.4. Should be fixed anyways so I didn't investigate further. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-12-06Fix deprecated array access syntax with {}Florian Pritz1-1/+1
This leads to a deprecation warning as of php 7.4. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-09-27upload_history_thumbnails: Remove broken PDF thumbnailsFlorian Pritz1-1/+0
PDF thumbnail support has been removed by 98f7c65dddf0667f1a0462e08be9e6273ce658fb, but this has been left. The thumbnails are not generated so the images show up empty. Fix it by simply not listing them in the first place. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-09-27Merge tag '3.1.11' of git://github.com/bcit-ci/CodeIgniter into devFlorian Pritz3-7/+19
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-08-13[ci skip] Merge pull request #5815 from kamaslau/patch-2Andrey Andreev1-1/+1
Fix .aac file mime type
2019-08-13[ci skip] Merge pull request #5808 from harrysrevis/developAndrey Andreev1-6/+17
Correct / Added characters
2019-06-14Update Gentoo overlay info linkFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-05-21Allow data URLs in CSP headerFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-05-15Pygments: Skip lexers that do not have namesFlorian Pritz1-0/+3
With pygments 2.4.0 at least VBScript doesn't have a name and thus causes an exception when the first name should be used. We use the name to tell pygmentize which lexer to use so listing a lexer that doesn't have a name doesn't work and thus there is no point in showing it in the list. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-04-01[ci skip] Merge pull request #5725 from Lablnet/patch-1Andrey Andreev1-0/+1
Added Meizu agent in Manufacturers
2019-01-28Disable CSRF token regeneration for multipaste AJAXFlorian Pritz1-0/+5
If regeneration is on, the token is recreated after the first AJAX submit and subsequent ajax submits or normal form submits break. By disabling it here, we limit potential security issues to only this page, but it also only works if the user does not submit any other forms while they are on the AJAX page. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-28Merge tag '3.1.10' of git://github.com/bcit-ci/CodeIgniter into devFlorian Pritz2-1/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2019-01-15Merge pull request #5676 from albertleao/albertleao-patch-1Andrey Andreev1-0/+1
Added mobile google bot to user agents
2018-12-31Stop making PDF thumbnails with imagemagickFlorian Pritz2-8/+17
Arch Linux disables PDF support in imagemagick due to security concerns. This results in broken thumbnails for PDF files. By disabling it we just get the normal file list which should be fine too. If necessary this could be extended to be configurable, but I don't think doing that is necessary. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-24Move JSON code to API classFlorian Pritz2-31/+30
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-24Move etag handling to Main classFlorian Pritz2-26/+26
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-24Remove unnecessary set of MB encodingFlorian Pritz1-1/+0
There are no more MB related functions used in the application code base so this can go away. It was used by the plain text API which has been removed in v2.0.0. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-24Remove unused length field when passing upload history to viewFlorian Pritz1-4/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-24Remove unused mb_str_pad functionFlorian Pritz2-55/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-24Remove unused even_odd functionFlorian Pritz2-23/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-24Remove unused get_max_size endpointFlorian Pritz1-7/+0
This should be have been removed in v2.0.0 with the removal of the plain text API. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-09-19Fix procrunner test_forbid_stderr3.3.0Florian Pritz1-3/+3
Apparently python 3.7 now prints '(null)' instead of 'python', so let's use bash for this test. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-22[ci skip] Close #5513Andrey Andreev1-1/+1
2018-08-12Disable slash escaping when reformating jsonFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-08-12Make reformat_json more readableFlorian Pritz1-16/+22
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-07-23Merge branch 'raphaelm-patch-1' into devFlorian Pritz2-4/+21
2018-07-23LDAP: Allow optional filtering of allowed usersRaphael Michel2-3/+13
2018-07-23LDAP: Allow optional binding/authenticationRaphael Michel2-1/+8
2018-07-18Use transaction when adding fileFlorian Pritz1-0/+2
This helps when the upload_path is not writable. Without the transaction we get stale records in the db that then cause errors because the file can't be found. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-28Fix order of c and cast extensionsFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-28Add .go extension for goFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-14Merge tag '3.1.9' of git://github.com/bcit-ci/CodeIgniter into devFlorian Pritz2-2/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-14Add cli user deletionFlorian Pritz2-0/+19
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-14Document cli user/add_userFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-14Refactor user deletion to work without passwordFlorian Pritz1-23/+36
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-04[ci skip] Merge pull request #5512 from gxgpet/developAndrey Andreev1-1/+2
mimes.php: 7z file types changes
2018-06-01Fix overflow of text in upload_formFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-01Mention .cast extension on upload_formFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-01service/files: Add missing namespace for Recursive*IteratorFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-06-01file/cron: Fix call to undefined method clean_multipaste_tarballsFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-05-19Test result of delete_invitation_keyFlorian Pritz1-6/+10
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-05-19Document invitation key creation/deletion methodsFlorian Pritz1-0/+11
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-05-18Add invitation key deletionFlorian Pritz4-0/+90
Signed-off-by: Florian Pritz <bluewind@xinu.at>