Commit graph

17833 commits

Author SHA1 Message Date
Álvaro Brey
9433e2968e Drone: update FindBugs results to reflect reduced error/warning count [skip ci]
Signed-off-by: Álvaro Brey <drone@nextcloud.com>
2021-12-22 08:51:21 +00:00
Álvaro Brey
98465ab3fb
Merge pull request from GHSA-vjp2-f63v-w479
Harden FileContentProvider's public Uri paths
2021-12-22 09:43:11 +01:00
Álvaro Brey
0d2fd93ea2
Merge pull request #9597 from nextcloud/fix/too-many-thumbnails
Fix for too many thumbnails in autoupload settings
2021-12-22 09:37:51 +01:00
Álvaro Brey Vilas
9c7d212d52
Fix for too many thumbnails in autoupload settings
This patch is twofold:
- Keep using SQL limit until android 11 (which is where it becomes mandatory to not use it)
- Force MediaProvider to stop querying images after limit has been reached, even if cursor contains more.
This handles the edge case of Android versions over 11 which don't properly implement the limit argument

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-21 17:22:10 +01:00
Álvaro Brey Vilas
bc90eb3db1
Remove obsolete TODO
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-21 16:02:50 +01:00
Álvaro Brey Vilas
724b75d5d3
FileContentProvider: Use SQLiteTokenizer for sortOrder verification too
More reliable than just splitting by spaces.

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-21 15:06:05 +01:00
Álvaro Brey Vilas
b3aeab9004
FileContentProvider: prevent injection through selection parameters (where)
For this, I've backported the SQLiteTokenizer class from AOSP, use it to get tokens from the query,
and filter out invalid tokens.

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-21 14:15:34 +01:00
Nextcloud bot
c479f2fdf6
[tx-robot] updated from transifex
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-21 03:54:15 +00:00
Álvaro Brey Vilas
6aae8feeac
FileContentProvider: prevent injection in sortOrder argument for query()
For this, allow strictly only valid grammar and column names

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 18:38:50 +01:00
Álvaro Brey Vilas
830ada4617
FileContentProvider: remove unused method
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 18:03:56 +01:00
Álvaro Brey Vilas
43adc856a4
FileContentProvider: don't verify projectionArray in query()
query() is already using a projection map and strict mode for those cases, so we're just duplicating work here.

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 17:58:54 +01:00
Álvaro Brey Vilas
05371be6d7
FileContentProvider: prevent injection through Uri arguments
For this, ensure query arguments are used instead of segment concatenation

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 17:53:55 +01:00
tobiasKaminsky
72937cf341
FileContentProvider: prevent injection via ContentValues arguments
For this, verify all column names for ContentValues keys. Values are safe by default.

Co-authored-by: Tobias Kaminsky <tobias.kaminsky@nextcloud.com>
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-20 17:40:11 +01:00
Tobias Kaminsky
7fba2042dc
Merge pull request #9589 from nextcloud/setupLibInfo
Adjust instruction how to link library in app
2021-12-20 10:51:35 +01:00
tobiasKaminsky
0680c105b5
Adjust instruction how to link library in app
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
2021-12-20 10:47:09 +01:00
Nextcloud bot
4183ee59f8
[tx-robot] updated from transifex
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-20 03:56:38 +00:00
Nextcloud bot
14a6324c05
[tx-robot] updated from transifex
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-19 03:59:20 +00:00
Nextcloud bot
26f80ddcbf
[tx-robot] updated from transifex
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-18 03:53:54 +00:00
Andy Scherzinger
b4ecf2c9cc
Merge pull request #9546 from nextcloud/update-AGP
Bump Android Gradle Plugin to 7.0.4
2021-12-16 17:02:16 +01:00
Álvaro Brey
3de9432651
Merge pull request #9534 from gabmert/naming-conflicts
Change naming in conflicts to location instead of date
2021-12-16 09:35:43 +01:00
Álvaro Brey
51d632b0ad
Merge pull request #9568 from nextcloud/dependabot/gradle/byteBuddyVersion-1.12.4
Bump byteBuddyVersion from 1.12.3 to 1.12.4
2021-12-16 08:54:24 +01:00
Nextcloud bot
d3db0af0f5
[tx-robot] updated from transifex
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2021-12-16 03:53:43 +00:00
dependabot[bot]
38a2449f5c
Bump byteBuddyVersion from 1.12.3 to 1.12.4
Bumps `byteBuddyVersion` from 1.12.3 to 1.12.4.

Updates `byte-buddy` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.3...byte-buddy-1.12.4)

Updates `byte-buddy-android` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.3...byte-buddy-1.12.4)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: net.bytebuddy:byte-buddy-android
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-16 02:07:04 +00:00
gabriel
5500585c1a naming in conflicts by location instead of date
Signed-off-by: gabriel <74419649+gabmert@users.noreply.github.com>
2021-12-15 23:13:42 +01:00
Álvaro Brey
b6a2e6d8f1
Merge pull request #9567 from nextcloud/dependabot/gradle/org.greenrobot-eventbus-3.3.1
Bump eventbus from 3.2.0 to 3.3.1
2021-12-15 20:09:31 +01:00
Álvaro Brey
10a7570cc2
Merge pull request #9565 from nextcloud/dependabot/gradle/org.json-json-20211205
Bump json from 20210307 to 20211205
2021-12-15 20:09:06 +01:00
Álvaro Brey
e939a6f015
Merge pull request #9564 from nextcloud/dependabot/gradle/kotlin_version-1.6.10
Bump kotlin_version from 1.6.0 to 1.6.10
2021-12-15 20:08:26 +01:00
Álvaro Brey
6fc583b4cd
Merge pull request #9362 from nextcloud/dependabot/gradle/workRuntime-2.7.1
Bump workRuntime from 2.5.0 to 2.7.1
2021-12-15 19:49:17 +01:00
Álvaro Brey
369f62fc92
Merge pull request #9162 from nextcloud/dependabot/gradle/androidx.lifecycle-lifecycle-viewmodel-ktx-2.4.0
Bump lifecycle-viewmodel-ktx from 2.3.1 to 2.4.0
2021-12-15 19:23:03 +01:00
dependabot[bot]
b70ebdb68f
Bump kotlin_version from 1.6.0 to 1.6.10
Bumps `kotlin_version` from 1.6.0 to 1.6.10.

Updates `kotlin-gradle-plugin` from 1.6.0 to 1.6.10
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.6.10/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.6.0...v1.6.10)

Updates `kotlin-stdlib` from 1.6.0 to 1.6.10
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.6.10/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.6.0...v1.6.10)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.jetbrains.kotlin:kotlin-stdlib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 18:16:42 +00:00
Álvaro Brey
f517ae1e05
Merge pull request #9563 from nextcloud/dependabot/gradle/com.pinterest-ktlint-0.43.2
Bump ktlint from 0.43.1 to 0.43.2
2021-12-15 19:16:15 +01:00
Álvaro Brey
e6208b45c7
Merge pull request #9562 from nextcloud/dependabot/gradle/com.github.spotbugs.snom-spotbugs-gradle-plugin-5.0.3
Bump spotbugs-gradle-plugin from 4.8.0 to 5.0.3
2021-12-15 19:15:46 +01:00
Álvaro Brey
d5e84caf2b
Merge pull request #9357 from nextcloud/dependabot/gradle/mockitoVersion-4.1.0
Bump mockitoVersion from 3.12.4 to 4.1.0
2021-12-15 19:04:49 +01:00
dependabot[bot]
e06f15f887
Bump eventbus from 3.2.0 to 3.3.1
Bumps [eventbus](https://github.com/greenrobot/EventBus) from 3.2.0 to 3.3.1.
- [Release notes](https://github.com/greenrobot/EventBus/releases)
- [Commits](https://github.com/greenrobot/EventBus/compare/V3.2.0...V3.3.1)

---
updated-dependencies:
- dependency-name: org.greenrobot:eventbus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 18:04:25 +00:00
dependabot[bot]
b59195ca8d
Bump spotbugs-gradle-plugin from 4.8.0 to 5.0.3
Bumps [spotbugs-gradle-plugin](https://github.com/spotbugs/spotbugs-gradle-plugin) from 4.8.0 to 5.0.3.
- [Release notes](https://github.com/spotbugs/spotbugs-gradle-plugin/releases)
- [Commits](https://github.com/spotbugs/spotbugs-gradle-plugin/compare/4.8.0...5.0.3)

---
updated-dependencies:
- dependency-name: com.github.spotbugs.snom:spotbugs-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 18:03:59 +00:00
Álvaro Brey
d394743aee
Merge pull request #9561 from nextcloud/dependabot/gradle/daggerVersion-2.40.5
Bump daggerVersion from 2.40.4 to 2.40.5
2021-12-15 19:03:33 +01:00
Álvaro Brey
cfe72adae0
Merge pull request #9299 from nextcloud/dependabot/gradle/androidx.appcompat-appcompat-1.4.0
Bump appcompat from 1.3.1 to 1.4.0
2021-12-15 19:03:16 +01:00
Álvaro Brey Vilas
8a445be869
Manifest: update code to disable WorkManagerInitializer
See: https://developer.android.com/jetpack/androidx/releases/work#version_260_3

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-15 19:01:36 +01:00
dependabot[bot]
8a2c1bf253
Bump json from 20210307 to 20211205
Bumps [json](https://github.com/douglascrockford/JSON-java) from 20210307 to 20211205.
- [Release notes](https://github.com/douglascrockford/JSON-java/releases)
- [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md)
- [Commits](https://github.com/douglascrockford/JSON-java/commits)

---
updated-dependencies:
- dependency-name: org.json:json
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 17:52:15 +00:00
dependabot[bot]
15d42369cb
Bump workRuntime from 2.5.0 to 2.7.1
Bumps `workRuntime` from 2.5.0 to 2.7.1.

Updates `work-runtime` from 2.5.0 to 2.7.1

Updates `work-runtime-ktx` from 2.5.0 to 2.7.1

---
updated-dependencies:
- dependency-name: androidx.work:work-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: androidx.work:work-runtime-ktx
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 17:51:54 +00:00
Álvaro Brey
b1ea6c9bc6
Merge pull request #9361 from nextcloud/dependabot/gradle/androidx.fragment-fragment-ktx-1.4.0
Bump fragment-ktx from 1.3.6 to 1.4.0
2021-12-15 18:51:22 +01:00
Álvaro Brey Vilas
3775e13b5c
Increase lint due to dependencies
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-15 18:50:46 +01:00
dependabot[bot]
1b7516c203
Bump ktlint from 0.43.1 to 0.43.2
Bumps [ktlint](https://github.com/pinterest/ktlint) from 0.43.1 to 0.43.2.
- [Release notes](https://github.com/pinterest/ktlint/releases)
- [Changelog](https://github.com/pinterest/ktlint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pinterest/ktlint/commits/0.43.2)

---
updated-dependencies:
- dependency-name: com.pinterest:ktlint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 17:46:31 +00:00
Álvaro Brey
93bf180a35
Merge pull request #8442 from nextcloud/dependabot/gradle/com.github.tobiaskaminsky-qrcodescanner-0.1.2.4
Bump qrcodescanner from 0.1.2.2 to 0.1.2.4
2021-12-15 18:46:05 +01:00
Álvaro Brey Vilas
14fbc2ab78
ViewModelFactory: fix compile errors for viewmodel-ktx changes
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-15 18:45:06 +01:00
Álvaro Brey Vilas
f5132af345
Fix mockito imports
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2021-12-15 16:08:36 +01:00
dependabot[bot]
aa6ff667cb
Bump mockitoVersion from 3.12.4 to 4.1.0
Bumps `mockitoVersion` from 3.12.4 to 4.1.0.

Updates `mockito-core` from 3.12.4 to 4.1.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v3.12.4...v4.1.0)

Updates `mockito-android` from 3.12.4 to 4.1.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v3.12.4...v4.1.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: org.mockito:mockito-android
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 16:02:17 +01:00
dependabot[bot]
2cf0d5dd76
Bump daggerVersion from 2.40.4 to 2.40.5
Bumps `daggerVersion` from 2.40.4 to 2.40.5.

Updates `dagger` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5)

Updates `dagger-android` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5)

Updates `dagger-android-support` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5)

Updates `dagger-compiler` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5)

Updates `dagger-android-processor` from 2.40.4 to 2.40.5
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.40.4...dagger-2.40.5)

---
updated-dependencies:
- dependency-name: com.google.dagger:dagger
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.google.dagger:dagger-android
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.google.dagger:dagger-android-support
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.google.dagger:dagger-compiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.google.dagger:dagger-android-processor
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-15 15:01:48 +00:00
Álvaro Brey
0a977fbc5e
Merge pull request #9429 from nextcloud/dependabot/gradle/org.bouncycastle-bcpkix-jdk15to18-1.70
Bump bcpkix-jdk15to18 from 1.69 to 1.70
2021-12-15 16:00:53 +01:00
Álvaro Brey
a256c210ce
Merge pull request #9438 from nextcloud/dependabot/gradle/byteBuddyVersion-1.12.3
Bump byteBuddyVersion from 1.12.2 to 1.12.3
2021-12-15 15:59:54 +01:00