Álvaro Brey
9433e2968e
Drone: update FindBugs results to reflect reduced error/warning count [skip ci]
...
Signed-off-by: Álvaro Brey <drone@nextcloud.com>
2021-12-22 08:51:21 +00:00
Álvaro Brey
98465ab3fb
Merge pull request from GHSA-vjp2-f63v-w479
...
Harden FileContentProvider's public Uri paths
2021-12-22 09:43:11 +01:00
Álvaro Brey
0d2fd93ea2
Merge pull request #9597 from nextcloud/fix/too-many-thumbnails
...
Fix for too many thumbnails in autoupload settings
2021-12-22 09:37:51 +01:00
Álvaro Brey Vilas
9c7d212d52
Fix for too many thumbnails in autoupload settings
...
This patch is twofold:
- Keep using SQL limit until android 11 (which is where it becomes mandatory to not use it)
- Force MediaProvider to stop querying images after limit has been reached, even if cursor contains more.
This handles the edge case of Android versions over 11 which don't properly implement the limit argument
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-21 17:22:10 +01:00
Álvaro Brey Vilas
bc90eb3db1
Remove obsolete TODO
...
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-21 16:02:50 +01:00
Álvaro Brey Vilas
724b75d5d3
FileContentProvider: Use SQLiteTokenizer for sortOrder verification too
...
More reliable than just splitting by spaces.
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-21 15:06:05 +01:00
Álvaro Brey Vilas
b3aeab9004
FileContentProvider: prevent injection through selection parameters (where)
...
For this, I've backported the SQLiteTokenizer class from AOSP, use it to get tokens from the query,
and filter out invalid tokens.
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-21 14:15:34 +01:00
Nextcloud bot
c479f2fdf6
[tx-robot] updated from transifex
...
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-21 03:54:15 +00:00
Álvaro Brey Vilas
6aae8feeac
FileContentProvider: prevent injection in sortOrder argument for query()
...
For this, allow strictly only valid grammar and column names
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 18:38:50 +01:00
Álvaro Brey Vilas
830ada4617
FileContentProvider: remove unused method
...
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 18:03:56 +01:00
Álvaro Brey Vilas
43adc856a4
FileContentProvider: don't verify projectionArray in query()
...
query() is already using a projection map and strict mode for those cases, so we're just duplicating work here.
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 17:58:54 +01:00
Álvaro Brey Vilas
05371be6d7
FileContentProvider: prevent injection through Uri arguments
...
For this, ensure query arguments are used instead of segment concatenation
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 17:53:55 +01:00
tobiasKaminsky
72937cf341
FileContentProvider: prevent injection via ContentValues arguments
...
For this, verify all column names for ContentValues keys. Values are safe by default.
Co-authored-by: Tobias Kaminsky <tobias.kaminsky@nextcloud.com>
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 17:40:11 +01:00
Tobias Kaminsky
7fba2042dc
Merge pull request #9589 from nextcloud/setupLibInfo
...
Adjust instruction how to link library in app
2021-12-20 10:51:35 +01:00
tobiasKaminsky
0680c105b5
Adjust instruction how to link library in app
...
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
2021-12-20 10:47:09 +01:00
Nextcloud bot
4183ee59f8
[tx-robot] updated from transifex
...
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-20 03:56:38 +00:00
Nextcloud bot
14a6324c05
[tx-robot] updated from transifex
...
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-19 03:59:20 +00:00
Nextcloud bot
26f80ddcbf
[tx-robot] updated from transifex
...
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-18 03:53:54 +00:00
Andy Scherzinger
b4ecf2c9cc
Merge pull request #9546 from nextcloud/update-AGP
...
Bump Android Gradle Plugin to 7.0.4
2021-12-16 17:02:16 +01:00
Álvaro Brey
3de9432651
Merge pull request #9534 from gabmert/naming-conflicts
...
Change naming in conflicts to location instead of date
2021-12-16 09:35:43 +01:00
Álvaro Brey
51d632b0ad
Merge pull request #9568 from nextcloud/dependabot/gradle/byteBuddyVersion-1.12.4
...
Bump byteBuddyVersion from 1.12.3 to 1.12.4
2021-12-16 08:54:24 +01:00
Nextcloud bot
d3db0af0f5
[tx-robot] updated from transifex
...
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-16 03:53:43 +00:00
dependabot[bot]
38a2449f5c
Bump byteBuddyVersion from 1.12.3 to 1.12.4
...
Bumps `byteBuddyVersion` from 1.12.3 to 1.12.4.
Updates `byte-buddy` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/raphw/byte-buddy/releases )
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md )
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.3...byte-buddy-1.12.4 )
Updates `byte-buddy-android` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/raphw/byte-buddy/releases )
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md )
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.3...byte-buddy-1.12.4 )
---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: net.bytebuddy:byte-buddy-android
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-16 02:07:04 +00:00
gabriel
5500585c1a
naming in conflicts by location instead of date
...
Signed-off-by: gabriel <74419649+gabmert@users.noreply.github.com>
2021-12-15 23:13:42 +01:00
Álvaro Brey
b6a2e6d8f1
Merge pull request #9567 from nextcloud/dependabot/gradle/org.greenrobot-eventbus-3.3.1
...
Bump eventbus from 3.2.0 to 3.3.1
2021-12-15 20:09:31 +01:00
Álvaro Brey
10a7570cc2
Merge pull request #9565 from nextcloud/dependabot/gradle/org.json-json-20211205
...
Bump json from 20210307 to 20211205
2021-12-15 20:09:06 +01:00
Álvaro Brey
e939a6f015
Merge pull request #9564 from nextcloud/dependabot/gradle/kotlin_version-1.6.10
...
Bump kotlin_version from 1.6.0 to 1.6.10
2021-12-15 20:08:26 +01:00
Álvaro Brey
6fc583b4cd
Merge pull request #9362 from nextcloud/dependabot/gradle/workRuntime-2.7.1
...
Bump workRuntime from 2.5.0 to 2.7.1
2021-12-15 19:49:17 +01:00
Álvaro Brey
369f62fc92
Merge pull request #9162 from nextcloud/dependabot/gradle/androidx.lifecycle-lifecycle-viewmodel-ktx-2.4.0
...
Bump lifecycle-viewmodel-ktx from 2.3.1 to 2.4.0
2021-12-15 19:23:03 +01:00
dependabot[bot]
b70ebdb68f
Bump kotlin_version from 1.6.0 to 1.6.10
...
Bumps `kotlin_version` from 1.6.0 to 1.6.10.
Updates `kotlin-gradle-plugin` from 1.6.0 to 1.6.10
- [Release notes](https://github.com/JetBrains/kotlin/releases )
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.6.10/ChangeLog.md )
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.6.0...v1.6.10 )
Updates `kotlin-stdlib` from 1.6.0 to 1.6.10
- [Release notes](https://github.com/JetBrains/kotlin/releases )
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.6.10/ChangeLog.md )
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.6.0...v1.6.10 )
---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.jetbrains.kotlin:kotlin-stdlib
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 18:16:42 +00:00
Álvaro Brey
f517ae1e05
Merge pull request #9563 from nextcloud/dependabot/gradle/com.pinterest-ktlint-0.43.2
...
Bump ktlint from 0.43.1 to 0.43.2
2021-12-15 19:16:15 +01:00
Álvaro Brey
e6208b45c7
Merge pull request #9562 from nextcloud/dependabot/gradle/com.github.spotbugs.snom-spotbugs-gradle-plugin-5.0.3
...
Bump spotbugs-gradle-plugin from 4.8.0 to 5.0.3
2021-12-15 19:15:46 +01:00
Álvaro Brey
d5e84caf2b
Merge pull request #9357 from nextcloud/dependabot/gradle/mockitoVersion-4.1.0
...
Bump mockitoVersion from 3.12.4 to 4.1.0
2021-12-15 19:04:49 +01:00
dependabot[bot]
e06f15f887
Bump eventbus from 3.2.0 to 3.3.1
...
Bumps [eventbus](https://github.com/greenrobot/EventBus ) from 3.2.0 to 3.3.1.
- [Release notes](https://github.com/greenrobot/EventBus/releases )
- [Commits](https://github.com/greenrobot/EventBus/compare/V3.2.0...V3.3.1 )
---
updated-dependencies:
- dependency-name: org.greenrobot:eventbus
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 18:04:25 +00:00
dependabot[bot]
b59195ca8d
Bump spotbugs-gradle-plugin from 4.8.0 to 5.0.3
...
Bumps [spotbugs-gradle-plugin](https://github.com/spotbugs/spotbugs-gradle-plugin ) from 4.8.0 to 5.0.3.
- [Release notes](https://github.com/spotbugs/spotbugs-gradle-plugin/releases )
- [Commits](https://github.com/spotbugs/spotbugs-gradle-plugin/compare/4.8.0...5.0.3 )
---
updated-dependencies:
- dependency-name: com.github.spotbugs.snom:spotbugs-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 18:03:59 +00:00
Álvaro Brey
d394743aee
Merge pull request #9561 from nextcloud/dependabot/gradle/daggerVersion-2.40.5
...
Bump daggerVersion from 2.40.4 to 2.40.5
2021-12-15 19:03:33 +01:00
Álvaro Brey
cfe72adae0
Merge pull request #9299 from nextcloud/dependabot/gradle/androidx.appcompat-appcompat-1.4.0
...
Bump appcompat from 1.3.1 to 1.4.0
2021-12-15 19:03:16 +01:00
Álvaro Brey Vilas
8a445be869
Manifest: update code to disable WorkManagerInitializer
...
See: https://developer.android.com/jetpack/androidx/releases/work#version_260_3
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-15 19:01:36 +01:00
dependabot[bot]
8a2c1bf253
Bump json from 20210307 to 20211205
...
Bumps [json](https://github.com/douglascrockford/JSON-java ) from 20210307 to 20211205.
- [Release notes](https://github.com/douglascrockford/JSON-java/releases )
- [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md )
- [Commits](https://github.com/douglascrockford/JSON-java/commits )
---
updated-dependencies:
- dependency-name: org.json:json
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 17:52:15 +00:00
dependabot[bot]
15d42369cb
Bump workRuntime from 2.5.0 to 2.7.1
...
Bumps `workRuntime` from 2.5.0 to 2.7.1.
Updates `work-runtime` from 2.5.0 to 2.7.1
Updates `work-runtime-ktx` from 2.5.0 to 2.7.1
---
updated-dependencies:
- dependency-name: androidx.work:work-runtime
dependency-type: direct:production
update-type: version-update:semver-minor
- dependency-name: androidx.work:work-runtime-ktx
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 17:51:54 +00:00
Álvaro Brey
b1ea6c9bc6
Merge pull request #9361 from nextcloud/dependabot/gradle/androidx.fragment-fragment-ktx-1.4.0
...
Bump fragment-ktx from 1.3.6 to 1.4.0
2021-12-15 18:51:22 +01:00
Álvaro Brey Vilas
3775e13b5c
Increase lint due to dependencies
...
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-15 18:50:46 +01:00
dependabot[bot]
1b7516c203
Bump ktlint from 0.43.1 to 0.43.2
...
Bumps [ktlint](https://github.com/pinterest/ktlint ) from 0.43.1 to 0.43.2.
- [Release notes](https://github.com/pinterest/ktlint/releases )
- [Changelog](https://github.com/pinterest/ktlint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/pinterest/ktlint/commits/0.43.2 )
---
updated-dependencies:
- dependency-name: com.pinterest:ktlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 17:46:31 +00:00
Álvaro Brey
93bf180a35
Merge pull request #8442 from nextcloud/dependabot/gradle/com.github.tobiaskaminsky-qrcodescanner-0.1.2.4
...
Bump qrcodescanner from 0.1.2.2 to 0.1.2.4
2021-12-15 18:46:05 +01:00
Álvaro Brey Vilas
14fbc2ab78
ViewModelFactory: fix compile errors for viewmodel-ktx changes
...
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-15 18:45:06 +01:00
Álvaro Brey Vilas
f5132af345
Fix mockito imports
...
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-15 16:08:36 +01:00
dependabot[bot]
aa6ff667cb
Bump mockitoVersion from 3.12.4 to 4.1.0
...
Bumps `mockitoVersion` from 3.12.4 to 4.1.0.
Updates `mockito-core` from 3.12.4 to 4.1.0
- [Release notes](https://github.com/mockito/mockito/releases )
- [Commits](https://github.com/mockito/mockito/compare/v3.12.4...v4.1.0 )
Updates `mockito-android` from 3.12.4 to 4.1.0
- [Release notes](https://github.com/mockito/mockito/releases )
- [Commits](https://github.com/mockito/mockito/compare/v3.12.4...v4.1.0 )
---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
dependency-type: direct:production
update-type: version-update:semver-major
- dependency-name: org.mockito:mockito-android
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 16:02:17 +01:00
dependabot[bot]
2cf0d5dd76
Bump daggerVersion from 2.40.4 to 2.40.5
...
Bumps `daggerVersion` from 2.40.4 to 2.40.5.
Updates `dagger` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases )
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5 )
Updates `dagger-android` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases )
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5 )
Updates `dagger-android-support` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases )
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5 )
Updates `dagger-compiler` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases )
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5 )
Updates `dagger-android-processor` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases )
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5 )
---
updated-dependencies:
- dependency-name: com.google.dagger:dagger
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: com.google.dagger:dagger-android
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: com.google.dagger:dagger-android-support
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: com.google.dagger:dagger-compiler
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: com.google.dagger:dagger-android-processor
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 15:01:48 +00:00
Álvaro Brey
0a977fbc5e
Merge pull request #9429 from nextcloud/dependabot/gradle/org.bouncycastle-bcpkix-jdk15to18-1.70
...
Bump bcpkix-jdk15to18 from 1.69 to 1.70
2021-12-15 16:00:53 +01:00
Álvaro Brey
a256c210ce
Merge pull request #9438 from nextcloud/dependabot/gradle/byteBuddyVersion-1.12.3
...
Bump byteBuddyVersion from 1.12.2 to 1.12.3
2021-12-15 15:59:54 +01:00